Re: Admin Server. How to turn off access control by host/domain name?

Mark Reynolds <mareynol@xxxxxxxxxx> · Tue, 11 Aug 2015 10:48:08 -0400



    On 08/11/2015 10:14 AM, Aleksey Chudov
      wrote:

    
      Hi,

        
          I'm configuring 389 DS on CentOS 7 using some packages from
          epel-testing

          
          # rpm -qa | grep 389 | sort

          389-admin-1.1.42-1.el7.x86_64

          389-admin-console-1.1.10-1.el7.noarch

          389-admin-console-doc-1.1.10-1.el7.noarch

          389-adminutil-1.1.22-1.el7.x86_64

          389-console-1.1.9-1.el7.noarch

          389-ds-1.2.2-1.el7.centos.noarch

          389-ds-base-1.3.3.1-20.el7_1.x86_64

          389-ds-base-libs-1.3.3.1-20.el7_1.x86_64

          389-ds-console-1.2.12-1.el7.noarch

          389-ds-console-doc-1.2.12-1.el7.noarch

          
          There is a lot of warnings in
            /var/log/dirsrv/admin-serv/error

          
            [Tue Aug 11 16:59:43.061536 2015] [:warn] [pid 6814:tid
            140053607032576] [client 10.10.10.22:50957]
            admserv_host_ip_check: failed to get host by ip addr
            [10.10.10.22] - check your host and DNS configuration

            
          According to documentation http://directory.fedoraproject.org/docs/389ds/howto/howto-adminserverldapmgmt.html#how-to-set-the-hostsip-addresses-allowed-to-access-the-admin-server
            nsAdminAccessHosts attribute can be deleted to turn off
            access control by host/domain name.

          
    What if you set:
    nsAdminAccessHosts and nsAdminAccessAddresses to "*"?  instead of deleting those attributes.
    
      
          But deleting "nsAdminAccessHosts" leads to also deleting
            "configuration.nsAdminAccessHosts" from
            /etc/dirsrv/admin-serv/local.conf. After that Admin Server
            doesn't start with error

            
            [Tue Aug 11 17:03:51.704255 2015] [:crit] [pid 7292:tid
            140568690079808] host_ip_init(): PSET failure: Could not
            retrieve access hosts attribute (pset error = )

            
          If i put empty parameter
            "configuration.nsAdminAccessHosts: " in
            /etc/dirsrv/admin-serv/local.conf Admin Server works as
            expected until next configuration change from Management
            Console. After next restart
            "configuration.nsAdminAccessHosts" is again missing from
            config because there is no "nsAdminAccessHosts" in directory
            and Admin Server doesn't start again.

          
          Is it a bug? How to turn off access control by
            host/domain name?
          

          Aleksey
      
      
      --
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
    
    
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users