Re: 389ds and dual stack IPV4/6, also...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 2/27/20 10:13 AM, N R wrote:
Hi Mark,

Thanks for your replies.

How did you configure the instance exactly?
The host is a Fedora 30 VM, I installed 389ds using the package
manager (dnf) and the setup-ds-admin.pl script.
I enabled LDAPS over TLS on the standard port (636).
The VM has a single network interface with both ipv4 and ipv6 address on it.
There is no DNS service on the network so I'm using /etc/hosts to
associate the hostname with IPs.
The hostname is annuaire.telerys.infra

What do you have for nsslapd-localhost in the cn=config entry(dse.ldif)?
nsslapd-localhost: annuaire.telerys.infra

nsslapd-listenhost, so it would be interesting to see if this has any
impact on your situation:
I've tried several things with this parameter and had strange results
with netstat -tunlp (snippet below only show lines relative to slapd):

nsslapd-listenhost: annuaire.telerys.infra
tcp6       0      0 [IPV6 address]:389 :::*                    LISTEN
     1208/ns-slapd
tcp6       0      0 ::1:389                 :::*
LISTEN      1208/ns-slapd
tcp6       0      0 :::636                  :::*
LISTEN      1208/ns-slapd

nsslapd-listenhost: [IPV4 address]
tcp        0      0 [IPV4 address]:389       0.0.0.0:*
LISTEN      1136/ns-slapd
tcp6       0      0 :::636                  :::*
LISTEN      1136/ns-slapd

nsslapd-listenhost: [IPV6 address]
tcp6       0      0 [IPV6 address]:389 :::*                    LISTEN
     1285/ns-slapd
tcp6       0      0 :::636                  :::*
LISTEN      1285/ns-slapd

Why is the service always listening for IPV6 on port 636 whatever the
parameter is set to?
Then you want to use:  nsslapd-securelistenhost

Best regards,

Nick rand

2020-02-27 14:10 UTC+01:00, Mark Reynolds <mreynolds@xxxxxxxxxx>:
On 2/27/20 8:03 AM, Mark Reynolds wrote:
On 2/27/20 5:30 AM, N R wrote:
Hello all,

It's my first message on this list thanks in advance for your answers.

I've configured a 389ds instance with ipv6 address and it's working
great with it.
How did you configure the instance exactly?

What do you have for nsslapd-localhost in the cn=config entry(dse.ldif)?

It should be a hostname, not an IP.  And the hostname must correctly
resolve to this system.  DS is very sensitive to the hostame/dns - it
very important for things like TLS and replication.

Mark

I need for this instance to be reachable via ipv4 also but despite
hours of research on the web and the archive of the list, I couldn't
find any good help or how-to to setup 389ds to listen on both ipv4 and
ipv6 addresses.
The server listens on all interfaces, there is nothing special you
need to do in DS for IPv6 or IPv4.  I'm not a network expert, but it
would seem to be a system issue, not a DS issue.  Now, we do have
nsslapd-listenhost, so it would be interesting to see if this has any
impact on your situation:

https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/configuration_command_and_file_reference/core_server_configuration_reference#cnconfig-nsslapd_listenhost_Listen_to_IP_Address



Maybe someone else on this list has seen this before?

HTH,
Mark

I can't find a parameter specifying the listening interfaces.

Has anyone faced this kind of setup and managed to make it work?
Can 389ds work this way?

Best regards,
--

389 Directory Server Development Team



--

389 Directory Server Development Team
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux