search

arthurdejong / nss-pam-ldapd

NSS and PAM modules for lookups using LDAP
https://arthurdejong.org/nss-pam-ldapd/
GNU Lesser General Public License v2.1
54 stars 42 forks source link

Port conflict! #51

Closed thirdparty-core closed 2 years ago

thirdparty-core commented 2 years ago

Hi, The port number used by nslcd conflicts with the port number of a special service, such as HBase 16010 And cause these services to fail at startup. So is there any way to specify the port number that nslcd needs to use.

good luck!

arthurdejong commented 2 years ago

nslcd should not listen on any TCP port for incoming connections. It only listens on the /var/run/nslcd/socket named socket (possible to configure at build time with the --with-nslcd-socket configure option). Other than that it only lists a few more or less random ports in the test suite but even the most extensive test suite runs do not open these ports.

thirdparty-core commented 2 years ago

Hello, my current scenario is that nslcd is used as a client, and a fixed port needs to be specified, just like a netty client to specify a port, although this practice is not very common. Currently we use nslcd as a basic service to synchronize LDAP data, so nslcd is usually started before other services. When nslcd is started, some ports will be randomly used as a client, which may cause some fixed port services to fail to start later. The client is bound to 12345 as shown below.

sockaddr_in clientService;

clientService.sin_family = AF_INET;

clientService.sin_addr.s_addr = inet_addr( "74.125.128.147" );

clientService.sin_port = htons( 80 );

sockaddr_in client;

client.sin_family = AF_INET;

client.sin_addr.s_addr = htonl(INADDR_ANY);

client.sin_port = htons(12345);

if (bind( ConnectSocket, (SOCKADDR*) &client, sizeof(client)) == SOCKET_ERROR) {
printf("bind() failed.\n");

closesocket(ConnectSocket);

return 1;

}

So, in a situation like me, can I only modify the source code? Hope to get your help. good luck.

arthurdejong commented 2 years ago

nslcd does not have an option to exclude certain ports for use as source ports. The easiest way to fix this is to set the net.ipv4.ip_local_port_range sysctl (on my systems the range is 32768-60999 which excludes port 16010).

Since all connections to the LDAP servers are opened through the LDAP client library I don't know if there is support for specifying a custom range for source ports for TCP sockets.

thirdparty-core commented 2 years ago

Understood, thank you for your reply.