An Oracle blog about Consulting Security Corner

  • August 23, 2010

How To Map Port 389 and 636 For Oracle Virtual Directory

Guest Author

OVD is a Java-based app and one of the limitations for Java-based servers is that if you want to run the service on a port under 1024 on Unix - you have to run it as root. The reason is that by default Unix requires anything on those ports to be run as root. In C-based applications - there is a switch-user API call that lets you start as root and then switch to another user.

Java never mapped this call and so there is lots of different schemes for dealing with it. For example in app servers - you might run Apache as a proxy running on 80 to Weblogic running on 7001.

I stumbled on another way to do this - at least on Linux. And that is to use iptables.

Here is how you can map 389 to 6501 (OVD 11g default non-SSL port):
/sbin/iptables -t nat -I PREROUTING -p tcp --dport 389 -j REDIRECT --to-port 6501

Here is how can you map 636 to 7501 (OVD 11g default SSL port):
/sbin/iptables -t nat -I PREROUTING -p tcp --dport 636 -j REDIRECT --to-port 7501

Posted via email from Virtual Identity Dialogue

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.