Applies to: Centrify DirectControl version 5.2.2 (Suite 2015) and higher on all platforms.
Problem: Failed to start slapd with ldap TLS support when started via centrify-ldapproxy
Cause:When slapd is started via centrify-ldapproxy script with ldap TLS support (-h ldaps:///), the process starts without the added ldap TLS support parameters.Example:
Good: /usr/share/centrifydc/libexec/slapd -h ldaps:///
Bad: /usr/share/centrifydc/bin/centrify-ldapproxy start -h ldaps:///
Workaround(for versions of DirectControl <5.2.3):There are three options to work around this issue:
1. Provide a script where user (root) can modify the startup method to add the required '-h ldaps:///'
2. Create a trigger file within /etc/centrifydc/openldap which will allow the startup method to interrogate and choose '-h ldap:///' or '-h ldaps:///'
3. Correlation of (2), you may be able to reference a standalone configuration file to pick up all needed startup parameters.
Resolution:
As of Suite 2015.1, there is an added option in the startup script for ldapproxy: "STARTUP_OPTS". The service's startup script will source this option and pass the indicated startup options to slapd.
Example: To add the option for TLS support, the following method can be used: