[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5295) option to allow slapd bind to any available port

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#5295) option to allow slapd bind to any available port
From: h.b.furuseth@usit.uio.no
Date: Sat, 22 Dec 2007 20:59:22 GMT

If the clients and servers are on the same machine, the servers
could listen to 'ldapi://<URL-escaped unique socket path>'
instead of to 'ldap://host:unique port/'.  E.g. the users could
use 'ldapi://<escape $HOME/ldapi>' or '%2Ftmp%2Fldapi%2F<escape $USER>'.

However you'd need to upgrade OpenLDAP first, due to a security issue in
"ldapi://" implementations before 2.3.35.  (In particular, ensure your
users won't use ldapi: with pre-2.3.35 clients against someone else's
server.)

-- 
Regards,
Hallvard

Prev by Date: Re: (ITS#5295) option to allow slapd bind to any available port
Next by Date: Re: (ITS#5259) SIGSEGV in slap_auxprop_store during SASL/OTP bind
Index(es):
- Chronological
- Thread