[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Shutting down some slapd listeners

To: Hallvard Breien Furuseth <h.b.furuseth@usit.uio.no>, openldap-technical@openldap.org
Subject: Re: Shutting down some slapd listeners
From: Michael Ströder <michael@stroeder.com>
Date: Mon, 15 Feb 2016 16:31:54 +0100
In-reply-to: <56C1DFC7.1070304@usit.uio.no>
References: <56C1DFC7.1070304@usit.uio.no>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0 SeaMonkey/2.40

Hallvard Breien Furuseth wrote:
> Sometimes I want slapd to stop listening for new connections
> to ldap:// and ldaps://, but keep listening to ldapi://,
> for maintenance before shutdown.
> 
> One way would be to extend the 'gentlehup' config option
> with a list of which URIs it should affect.  Or we could
> add some sort of 'command language' to cn=config/cn=monitor.
> 
> Or should I play some temporary tricks with iptables or whatever,
> so new connections never reach slapd?  I've never tried that.

Yupp. I'd implement that with temporary local firewall rules suppressing TCP SYN
packets. On Linux: iptables --syn. Local firewall rules are a good idea anyway.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Follow-Ups:
- RE: Shutting down some slapd listeners
  - From: Chris Jacobs <Chris.Jacobs@apollo.edu>

References:
- Shutting down some slapd listeners
  - From: Hallvard Breien Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: Shutting down some slapd listeners
Next by Date: SSL/TLS passphrase not being prompted for at startup
Index(es):
- Chronological
- Thread