Oh and forget about Kerberos and changepasswd which at this point can only run on default ports. These will not run at all so I would say this is a very critical issue which must be fixed asap.
Alex On 10/5/07, Alex Karasulu <[EMAIL PROTECTED]> wrote: > > Hi Markus, > > Yes you're right about this being a permission issue. Good catch! I > don't know what it > would take to enable a non-root user to bind to a port below 1024 but we > have to figure > this one out to modify the installer. > > Could you push a JIRA issue about this and we'll make sure we nip this in > the bud on > the next release. > > This is a high priority issue since it prevents using the server on 389 > and probably on 636 > with LDAPS. > > Alex > > On 10/5/07, Markus Pohle <[EMAIL PROTECTED]> wrote: > > > > > > Hi List Member, > > > > I installed ApacheDS in Version 1.5.1 on Linux (CentOS 4.3) with Sun > > JDK in Version 1.5.0_10. I used the rpm package to install ApacheDS. > > > > Right after installation I configured the server.xml for the default > > partition, that can be found under the following path: > > /var/lib/apacheds/default/conf/ > > > > I configured my own partition and switched the ldap port from 10389 to > > 389 and then tried to start ApacheDS with this command: > > [EMAIL PROTECTED] conf]# /etc/init.d/apacheds start default > > Starting Apache Directory Server - default... > > > > What I get is this in the logfiles under /var/log/apacheds/default > > [17:02:23] ERROR > > [org.apache.directory.server.jndi.ServerContextFactory ] - Failed to > > bind an LDAP service (389) to the service registry. > > java.net.SocketException: Permission denied > > at sun.nio.ch.Net.bind(Native Method) > > at > > sun.nio.ch.ServerSocketChannelImpl.bind (ServerSocketChannelImpl.java > > :119) > > at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java > > :59) > > at > > org.apache.mina.transport.socket.nio.SocketAcceptor.registerNew( > > SocketAcceptor.java:365) > > at > > org.apache.mina.transport.socket.nio.SocketAcceptor.access$900( > > SocketAcceptor.java:55) > > at > > org.apache.mina.transport.socket.nio.SocketAcceptor$Worker.run( > > SocketAcceptor.java:224) > > at > > org.apache.mina.util.NamePreservingRunnable.run( > > NamePreservingRunnable.java:39) > > at > > java.util.concurrent.ThreadPoolExecutor$Worker.runTask( > > ThreadPoolExecutor.java:650) > > at > > java.util.concurrent.ThreadPoolExecutor$Worker.run ( > > ThreadPoolExecutor.java:675) > > at java.lang.Thread.run(Thread.java:595) > > [17:02:23] ERROR [org.apache.directory.daemon.Bootstrapper] - Failed > > on null.init(InstallationLayout, String[]) > > org.apache.directory.shared.ldap.exception.LdapConfigurationException : > > Failed to bind an LDAP service (389) to the service registry. [Root > > exception is java.n > > et.SocketException: Permission denied] > > at > > org.apache.directory.server.jndi.ServerContextFactory.startLDAP0( > > ServerContextFactory.java:577) > > at > > org.apache.directory.server.jndi.ServerContextFactory.startLDAP( > > ServerContextFactory.java:511) > > at > > org.apache.directory.server.jndi.ServerContextFactory.afterStartup ( > > ServerContextFactory.java:306) > > at > > org.apache.directory.server.core.DefaultDirectoryService.startup( > > DefaultDirectoryService.java:266) > > at > > > > org.apache.directory.server.core.jndi.AbstractContextFactory.getInitialContext( > > AbstractContextFactory.java:124) > > > > > > I think (or better I am sure) this is because all ports lower than > > 1024 behave to the root user and the script from /etc/init.d/apacheds > > tries to start the default partition als apacheds user - and this user > > is not allowed to bind port 389. > > > > Can anybody please help me with that? > > TIA > > Markus Pohle > > > > > > > > > > >
