* Should port 3269 be ldap_port_t?
@ 2016-08-03 12:48 Colin Powers
2016-08-07 18:47 ` Chris PeBenito
0 siblings, 1 reply; 2+ messages in thread
From: Colin Powers @ 2016-08-03 12:48 UTC (permalink / raw)
To: selinux
Hi all,
First of all apologies if something has changed in this area recently, I have checked on a RHEL 7 machine and noticed the omission.
LDAP is associated with the following ports:
- 389 for plain LDAP
- 686 for LDAPS
- 3268 for Global Catalog
- 3269 for Global Catalog over LDAPS
All of these ports are ldap_port_t except 3269 which is not given any special type.
Because of this, my Apache set-up was unable to perform LDAP authorisation while in enforcing. Obviously I can fix the issue with semanage, but should 3269 be ldap_port_t out of the box?
Cheers
Colin Powers
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Should port 3269 be ldap_port_t?
2016-08-03 12:48 Should port 3269 be ldap_port_t? Colin Powers
@ 2016-08-07 18:47 ` Chris PeBenito
0 siblings, 0 replies; 2+ messages in thread
From: Chris PeBenito @ 2016-08-07 18:47 UTC (permalink / raw)
To: Colin Powers, selinux
On 08/03/16 08:48, Colin Powers wrote:
> Hi all,
>
> First of all apologies if something has changed in this area recently, I have checked on a RHEL 7 machine and noticed the omission.
>
> LDAP is associated with the following ports:
> - 389 for plain LDAP
> - 686 for LDAPS
> - 3268 for Global Catalog
> - 3269 for Global Catalog over LDAPS
>
> All of these ports are ldap_port_t except 3269 which is not given any special type.
>
> Because of this, my Apache set-up was unable to perform LDAP authorisation while in enforcing. Obviously I can fix the issue with semanage, but should 3269 be ldap_port_t out of the box?
This type of question is more appropriate for the refpolicy list.
However, I've added the port labeling in refpolicy.
--
Chris PeBenito
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-08-07 18:47 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-08-03 12:48 Should port 3269 be ldap_port_t? Colin Powers
2016-08-07 18:47 ` Chris PeBenito
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.