From 37ebcdf780a5ab92d6de89e04819411b0c3c1b02 Mon Sep 17 00:00:00 2001
From: Scott Koranda <skoranda@gmail.com>
Date: Thu, 28 May 2020 08:18:59 -0500
Subject: [PATCH] Add note in OpenLDAP slapd documentation about exposing ports

Per a suggestion from Duncan Brown add a note to the documentation
"Adding OpenLDAP for COmanage Registry" about exposing the
slapd ports.
---
 docs/adding-openldap.md | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/docs/adding-openldap.md b/docs/adding-openldap.md
index ea75393..948a48b 100644
--- a/docs/adding-openldap.md
+++ b/docs/adding-openldap.md
@@ -113,6 +113,17 @@ comanage-registry-ldap:
         replicas: 1
 ```
 
+COmanage Registry and OpenLDAP slapd can communicate directly using the default
+network created by Docker Swarm when the service stack is instantiated. So it 
+is not necessary to expose the slapd port unless required for other services
+that are not part of the stack to contact slapd. If you need to expose the slapd
+port also add to the above
+
+```
+    ports:
+      - "389:389"
+```
+
 * Be sure to also edit the services stack description file and add
 the `olc_root_pw` secret to the list of secrets.
 
@@ -141,3 +152,12 @@ and then change the `command` above to be
 ```
 command: ["slapd", "-d", "256", "-h", "ldapi:/// ldap:/// ldaps:///", "-u", "openldap", "-g", "openldap"]
 ```
+
+If you need to expose the TLS endpoint in addition to port 389 also edit
+the configuration of the ports in the services stack description (compose) file to be
+
+```
+    ports:
+      - "389:389"
+      - "636:636"
+```