- Switch to root user and execute the below commands
This uses iptables to route the request from port 389 to 1389...The ds still runs on non - priv port. This is only a work around though
# iptables --append PREROUTING --table nat --protocol tcp --dport 389 --jump REDIRECT --to-port 1389
# iptables -t nat -A OUTPUT -p tcp --dport 389 -j DNAT --to :1389
We have solved as follows:
agent now runs as root (and can listen on privileged ports).
There are two different properties:
agent-username=root in var/dcc/agent/config/conf.txt; user running agent
agentowner:slapd in registry entry of agent (cn=Agents,cn=dscc); user running directory server
You need an agent whose agentowner matches server's instanceowner (cn=Servers,cn=dscc). Otherwise you cannot restart server or manage certificates via DSCC.