Due to a typo I’ve configured the wrong port for the LDAPS connection handler on my OUD instance. But this is actually not a problem and can be corrected easily. First let’s verify the current settings of the LDAPS connection handler.
oracle@urania:~/ [oud_eus] dsconfig -h localhost -p 4444 -D "cn=Directory Manager" \
-j $ORACLE_HOME/OUD/config/pwd.txt --trustAll --no-prompt \
get-connection-handler-prop --handler-name "LDAPS Connection Handler"
Property : Value(s)
-----------------------:-------------------------------------------------------
allow-ldap-v2 : true
allow-start-tls : false
allowed-client : -
denied-client : -
enabled : true
keep-stats : true
key-manager-provider : JKS
listen-address : 0.0.0.0
listen-port : 1689
ssl-cert-nickname : -
ssl-cipher-suite : jvm, SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA,
: SSL_DH_anon_EXPORT_WITH_RC4_40_MD5,
: SSL_DH_anon_WITH_3DES_EDE_CBC_SHA,
: SSL_DH_anon_WITH_DES_CBC_SHA,
: SSL_DH_anon_WITH_RC4_128_MD5
ssl-client-auth-policy : optional
ssl-protocol : -
trust-manager-provider : JKS
use-ssl : true
Set the new listen-port to 1636 using dsconfig for the LDAPS connection handler.
oracle@urania:~/ [oud_eus] dsconfig -h localhost -p 4444 -D "cn=Directory Manager" \ -j $ORACLE_HOME/OUD/config/pwd.txt --trustAll \ set-connection-handler-prop --handler-name "LDAPS Connection Handler" \ --set listen-port:1636 --no-prompt
Unfortunately, a restart of the OUD instance is required to use the new settings. This can be done using stop-ds. For better readability I left out a large part of the output in the following example.
oracle@urania:~/ [oud_eus] stop-ds --restart Stopping Server... [12/Jul/2016:23:15:09 +0200] category=CORE severity=NOTICE msgID=458887 msg=The Directory Server has started successfully [12/Jul/2016:23:15:09 +0200] category=CORE severity=NOTICE msgID=458891 msg=The Directory Server has sent an alert notification generated by class org.opends.server.core.DirectoryServer (alert type org.opends.server.DirectoryServerStarted, alert ID 458887): The Directory Server has started successfully
Use again dsconfig to get the new settings of the LDAPS connection handler. As you can see the listen-port is now set to 1636.
oracle@urania:~/ [oud_eus] dsconfig -h localhost -p 4444 -D "cn=Directory Manager" \
-j $ORACLE_HOME/OUD/config/pwd.txt --trustAll --no-prompt \
get-connection-handler-prop --handler-name "LDAPS Connection Handler"
Property : Value(s)
-----------------------:-------------------------------------------------------
allow-ldap-v2 : true
allow-start-tls : false
allowed-client : -
denied-client : -
enabled : true
keep-stats : true
key-manager-provider : JKS
listen-address : 0.0.0.0
listen-port : 1636
ssl-cert-nickname : -
ssl-cipher-suite : jvm, SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA,
: SSL_DH_anon_EXPORT_WITH_RC4_40_MD5,
: SSL_DH_anon_WITH_3DES_EDE_CBC_SHA,
: SSL_DH_anon_WITH_DES_CBC_SHA,
: SSL_DH_anon_WITH_RC4_128_MD5
ssl-client-auth-policy : optional
ssl-protocol : -
trust-manager-provider : JKS
use-ssl : true
Or just do a ldapsearch against the new LDAPS port.
oracle@urania:~/ [oud_eus] ldapsearch -h localhost -p 1636 -D "cn=Directory Manager" \ --useSSL --trustAll -j $ORACLE_HOME/OUD/config/pwd.txt \ -s base -b 'dc=postgasse,dc=org' 'objectclass=*' dn: dc=postgasse,dc=org orclversion: 90400 dc: postgasse orclsubscriberfullname: postgasse objectclass: top objectclass: orclSubscriber objectclass: domain
Of course it is possible with this method to change other parameter of the different connection handler.
Information on dsconfig can be found in the Oracle® Fusion Middleware Administering Oracle Unified Directory 11g Release 2 (11.1.2) A.2.4 dsconfig. See more OraDBA sticky notes.