Kimmo Koivisto wrote: >Hello > >I have FDS 1.0.1 installed to RHEL4ES and I managed to deny admin console >connections from anywhere :) > >I have domain ton.fi and by default admin server seems to allow connections >only from *.ton.fi. I need to connect admin server from anywhere and I >thought that I could add * to the allowed host list... I did it with admin >console. > > This is bug https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182556 which has been recently fixed. You need to change your host access filter back to simply "*". See http://directory.fedora.redhat.com/wiki/Howto:AdminServerLDAPMgmt for more information. >After I applied changes, I no longer could log in to the admin console, even >from localhost, error log says: ><error log> >[Fri Feb 24 08:41:21 2006] [notice] Access Host filter is: (*.ton.fi|*) >[Fri Feb 24 08:41:21 2006] [notice] Access Address filter is: * >[Fri Feb 24 08:41:22 2006] [notice] Access Host filter is: (*.ton.fi|*) >[Fri Feb 24 08:41:22 2006] [notice] Access Address filter is: * >[Fri Feb 24 08:41:22 2006] [notice] Apache/2.0 configured -- resuming >normal operations >[Fri Feb 24 08:46:51 2006] [notice] [client 127.0.0.1] >admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1 >[Fri Feb 24 08:46:51 2006] [notice] [client 127.0.0.1] >admserv_host_ip_check: host [ldap2.ton.fi] did not match pattern >[(*.ton.fi|*)] -will scan aliases >[Fri Feb 24 08:46:51 2006] [notice] [client 127.0.0.1] >admserv_host_ip_check: host alias [ldap2] did not match pattern >[(*.ton.fi|*)] >[Fri Feb 24 08:46:51 2006] [notice] [client 127.0.0.1] >admserv_host_ip_check: host alias [localhost.localdomain] did not match >pattern [(*.ton.fi|*)] >[Fri Feb 24 08:46:51 2006] [notice] [client 127.0.0.1] >admserv_host_ip_check: host alias [localhost] did not match pattern >[(*.ton.fi|*)] >[Fri Feb 24 08:46:51 2006] [notice] [client 127.0.0.1] >admserv_host_ip_check: host alias [ldapsrv] did not match pattern >[(*.ton.fi|*)] >[Fri Feb 24 08:46:51 2006] [notice] [client 127.0.0.1] >admserv_host_ip_check: host alias [*] did not match pattern >[(*.ton.fi|*)] >[Fri Feb 24 08:46:51 2006] [notice] [client 127.0.0.1] >admserv_host_ip_check: Unauthorized host ip=127.0.0.1, connection ></error log> > >I tried to modify local.conf but it is always overwritten when I restart admin >server. > > Yep. You have to modify the data in LDAP - local.conf is really just a read-only cache. See http://directory.fedora.redhat.com/wiki/Howto:AdminServerLDAPMgmt >How to remove that * from the settings and what is the proper way to allow >connections to admin server from anywhere. Admin connections are restricted >with IPsec, FDS can allow it from anywhere, no problems with security. > >I was able to migrate from IBM LDAP to FDS and I'm really happy. I did not >like IBM's multimaster replication, too many problems and did not know where >to get support. FDS and mmr just works. >Thanks for the great product :) > > What version of IBM LDAP were you using? Any problems with data or schema during migration? What were the problems with IBM replication? >Best Regards >Kimmo Koivisto > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20060224/df1444db/attachment.bin
