Should port 3269 be ldap_port_t?

Should port 3269 be ldap_port_t?

[Colin Powers]

Hi all,

First of all apologies if something has changed in this area recently, I have checked on a RHEL 7 machine and noticed the omission.

LDAP is associated with the following ports:
- 389 for plain LDAP
- 686 for LDAPS
- 3268 for Global Catalog
- 3269 for Global Catalog over LDAPS

All of these ports are ldap_port_t except 3269 which is not given any special type.

Because of this, my Apache set-up was unable to perform LDAP authorisation while in enforcing. Obviously I can fix the issue with semanage, but should 3269 be ldap_port_t out of the box?

Cheers

Colin Powers

Re: Should port 3269 be ldap_port_t?

[Chris PeBenito]

On 08/03/16 08:48, Colin Powers wrote:
> Hi all,
>
> First of all apologies if something has changed in this area recently, I have checked on a RHEL 7 machine and noticed the omission.
>
> LDAP is associated with the following ports:
> - 389 for plain LDAP
> - 686 for LDAPS
> - 3268 for Global Catalog
> - 3269 for Global Catalog over LDAPS
>
> All of these ports are ldap_port_t except 3269 which is not given any special type.
>
> Because of this, my Apache set-up was unable to perform LDAP authorisation while in enforcing. Obviously I can fix the issue with semanage, but should 3269 be ldap_port_t out of the box?

This type of question is more appropriate for the refpolicy list. 
However, I've added the port labeling in refpolicy.

-- 
Chris PeBenito