1.4.1 - Changing the server port for LDAP
This section describes how to change to port for the LDAP protocol. There are two ways to do that : either you use the configuration plugin available in Apache Directory Studio, or you update the LDIF partition that contains the configuration.
The task and how to accomplish it
By default the LDAP server listens on port 10389 (unencrypted or StartTLS) and 10636 (SSL). It is quite common to run LDAP on 389, which is the well-known port for this protocol, but that requires the server to be started with a root user (or with sudo). Of course other options are imaginable as well. Changing the LDAP port is a good example for adjusting the existing Spring configuration as introduced in the last section.
Basically, there are two cases :
- The server is not started
- The server is started
We will see how to change the port in those two cases.
Using Apache Directory Studio
The server is started
The best solution is to connect on the server using Studio, and to open it’s configuration :
When you select this menu, you will get the main configuration screen, containing the port for LDAP and LDAPS :
Now, change the values of port to your needs, then save the configuration. You have to restart the server afterwards in order to take this change into effect.
The server is not started
You can start it and update the configuration, of course. But if you want to configure the server when it’s stopped, you will have to load the configuration file, which is on …/instances/default/conf/config.ldif, when the server has been installed using the default setting.
Opening this file will open the exact same window :
You can update the ports and save the file.
Modifying the configuration LDIF partition
All the ApacheDS configuration is stored as a LDIF file, and can be modified either using a text editor (although we don’t consider this as a safe practice) or using a Modify request on a running server.
The configuration is stored as a set of LDAP entries, so you can update one of them. In order to modify the entry containing the ports, you have first to find it, and second to send a valid modify request.
All the ApacheDS configuration is stored under the ou=config partition. The ports are stored in some entries under DN: ldap,ou=transports,ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config (obviously, dependning on your installation, this DN might change : the ads-directoryServiceId may have a different name, so is the ads-serverId). In any case, the ou=transports branch contains two entries :
for LDAP :
dn: ads-transportid=ldap,ou=transports,ads-serverId=ldapServer,ou=servers,ad
s-directoryServiceId=default,ou=config
ads-systemport: 10389
ads-enabled: TRUE
ads-transportnbthreads: 8
ads-transportaddress: 0.0.0.0
ads-transportid: ldap
objectclass: ads-transport
objectclass: ads-tcpTransport
objectclass: ads-base
objectclass: top
and for LDAPS :
dn: ads-transportid=ldaps,ou=transports,ads-serverId=ldapServer,ou=servers,a
ds-directoryServiceId=default,ou=config
ads-systemport: 10636
ads-transportenablessl: TRUE
ads-enabled: TRUE
ads-transportaddress: 0.0.0.0
ads-transportid: ldaps
objectclass: ads-transport
objectclass: ads-tcpTransport
objectclass: ads-base
objectclass: top
You just have to send a ModifyRequest using such a LDIF :
dn: ads-transportid=ldaps,ou=transports,ads-serverId=ldapServer,ou=servers,ads
-directoryServiceId=default,ou=config
changetype: modify
replace: ads-systemport
ads-systemport: 10637
-
(here, we have modified the LDAPS Port from 10636 to 10637)
Those modification can be done directly on the config.ldif file, but you won’t have any syntax check if you do so.