On 2/27/20 10:13 AM, N R wrote:
Hi Mark,
Thanks for your replies.
How did you configure the instance exactly?
The host is a Fedora 30 VM, I installed 389ds using the package
manager (dnf) and the setup-ds-admin.pl script.
I enabled LDAPS over TLS on the standard port (636).
The VM has a single network interface with both ipv4 and ipv6 address on it.
There is no DNS service on the network so I'm using /etc/hosts to
associate the hostname with IPs.
The hostname is annuaire.telerys.infra
What do you have for nsslapd-localhost in the cn=config entry(dse.ldif)?
nsslapd-localhost: annuaire.telerys.infra
nsslapd-listenhost, so it would be interesting to see if this has any
impact on your situation:
I've tried several things with this parameter and had strange results
with netstat -tunlp (snippet below only show lines relative to slapd):
nsslapd-listenhost: annuaire.telerys.infra
tcp6 0 0 [IPV6 address]:389 :::* LISTEN
1208/ns-slapd
tcp6 0 0 ::1:389 :::*
LISTEN 1208/ns-slapd
tcp6 0 0 :::636 :::*
LISTEN 1208/ns-slapd
nsslapd-listenhost: [IPV4 address]
tcp 0 0 [IPV4 address]:389 0.0.0.0:*
LISTEN 1136/ns-slapd
tcp6 0 0 :::636 :::*
LISTEN 1136/ns-slapd
nsslapd-listenhost: [IPV6 address]
tcp6 0 0 [IPV6 address]:389 :::* LISTEN
1285/ns-slapd
tcp6 0 0 :::636 :::*
LISTEN 1285/ns-slapd
Why is the service always listening for IPV6 on port 636 whatever the
parameter is set to?
Then you want to use: nsslapd-securelistenhost
Best regards,
Nick rand
2020-02-27 14:10 UTC+01:00, Mark Reynolds <mreynolds@xxxxxxxxxx>:
On 2/27/20 8:03 AM, Mark Reynolds wrote:
On 2/27/20 5:30 AM, N R wrote:
Hello all,
It's my first message on this list thanks in advance for your answers.
I've configured a 389ds instance with ipv6 address and it's working
great with it.
How did you configure the instance exactly?
What do you have for nsslapd-localhost in the cn=config entry(dse.ldif)?
It should be a hostname, not an IP. And the hostname must correctly
resolve to this system. DS is very sensitive to the hostame/dns - it
very important for things like TLS and replication.
Mark
I need for this instance to be reachable via ipv4 also but despite
hours of research on the web and the archive of the list, I couldn't
find any good help or how-to to setup 389ds to listen on both ipv4 and
ipv6 addresses.
The server listens on all interfaces, there is nothing special you
need to do in DS for IPv6 or IPv4. I'm not a network expert, but it
would seem to be a system issue, not a DS issue. Now, we do have
nsslapd-listenhost, so it would be interesting to see if this has any
impact on your situation:
https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/configuration_command_and_file_reference/core_server_configuration_reference#cnconfig-nsslapd_listenhost_Listen_to_IP_Address
Maybe someone else on this list has seen this before?
HTH,
Mark
I can't find a parameter specifying the listening interfaces.
Has anyone faced this kind of setup and managed to make it work?
Can 389ds work this way?
Best regards,
--
389 Directory Server Development Team
--
389 Directory Server Development Team
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
