Re: Shutting down some slapd listeners

15 Feb 2016


      Hallvard Breien Furuseth wrote:
...
Sometimes I want slapd to stop listening for new connections
to ldap:// and ldaps://, but keep listening to ldapi://,
for maintenance before shutdown.
One way would be to extend the 'gentlehup' config option
with a list of which URIs it should affect.  Or we could
add some sort of 'command language' to cn=config/cn=monitor.
Or should I play some temporary tricks with iptables or whatever,
so new connections never reach slapd?  I've never tried that.
Yupp. I'd implement that with temporary local firewall rules suppressing TCP SYN
packets. On Linux: iptables --syn. Local firewall rules are a good idea anyway.
Ciao, Michael.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

Re: Shutting down some slapd listeners