I've been able to find what was wrong in my configuration, I had a typo in the /etc/hosts file. ^_^' Thank you a lot for your time and your precious advices. Best regards, Nick Rand 2020-02-27 16:25 UTC+01:00, Mark Reynolds <mreynolds@xxxxxxxxxx>: > > On 2/27/20 10:13 AM, N R wrote: >> Hi Mark, >> >> Thanks for your replies. >> >>> How did you configure the instance exactly? >> The host is a Fedora 30 VM, I installed 389ds using the package >> manager (dnf) and the setup-ds-admin.pl script. >> I enabled LDAPS over TLS on the standard port (636). >> The VM has a single network interface with both ipv4 and ipv6 address on >> it. >> There is no DNS service on the network so I'm using /etc/hosts to >> associate the hostname with IPs. >> The hostname is annuaire.telerys.infra >> >>> What do you have for nsslapd-localhost in the cn=config entry(dse.ldif)? >> nsslapd-localhost: annuaire.telerys.infra >> >>> nsslapd-listenhost, so it would be interesting to see if this has any >>> impact on your situation: >> I've tried several things with this parameter and had strange results >> with netstat -tunlp (snippet below only show lines relative to slapd): >> >> nsslapd-listenhost: annuaire.telerys.infra >> tcp6 0 0 [IPV6 address]:389 :::* LISTEN >> 1208/ns-slapd >> tcp6 0 0 ::1:389 :::* >> LISTEN 1208/ns-slapd >> tcp6 0 0 :::636 :::* >> LISTEN 1208/ns-slapd >> >> nsslapd-listenhost: [IPV4 address] >> tcp 0 0 [IPV4 address]:389 0.0.0.0:* >> LISTEN 1136/ns-slapd >> tcp6 0 0 :::636 :::* >> LISTEN 1136/ns-slapd >> >> nsslapd-listenhost: [IPV6 address] >> tcp6 0 0 [IPV6 address]:389 :::* LISTEN >> 1285/ns-slapd >> tcp6 0 0 :::636 :::* >> LISTEN 1285/ns-slapd >> >> Why is the service always listening for IPV6 on port 636 whatever the >> parameter is set to? > Then you want to use: nsslapd-securelistenhost >> >> Best regards, >> >> Nick rand >> >> 2020-02-27 14:10 UTC+01:00, Mark Reynolds <mreynolds@xxxxxxxxxx>: >>> On 2/27/20 8:03 AM, Mark Reynolds wrote: >>>> On 2/27/20 5:30 AM, N R wrote: >>>>> Hello all, >>>>> >>>>> It's my first message on this list thanks in advance for your answers. >>>>> >>>>> I've configured a 389ds instance with ipv6 address and it's working >>>>> great with it. >>> How did you configure the instance exactly? >>> >>> What do you have for nsslapd-localhost in the cn=config entry(dse.ldif)? >>> >>> It should be a hostname, not an IP. And the hostname must correctly >>> resolve to this system. DS is very sensitive to the hostame/dns - it >>> very important for things like TLS and replication. >>> >>> Mark >>> >>>>> I need for this instance to be reachable via ipv4 also but despite >>>>> hours of research on the web and the archive of the list, I couldn't >>>>> find any good help or how-to to setup 389ds to listen on both ipv4 and >>>>> ipv6 addresses. >>>> The server listens on all interfaces, there is nothing special you >>>> need to do in DS for IPv6 or IPv4. I'm not a network expert, but it >>>> would seem to be a system issue, not a DS issue. Now, we do have >>>> nsslapd-listenhost, so it would be interesting to see if this has any >>>> impact on your situation: >>>> >>>> https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/configuration_command_and_file_reference/core_server_configuration_reference#cnconfig-nsslapd_listenhost_Listen_to_IP_Address >>>> >>>> >>>> >>>> Maybe someone else on this list has seen this before? >>>> >>>> HTH, >>>> Mark >>>> >>>>> I can't find a parameter specifying the listening interfaces. >>>>> >>>>> Has anyone faced this kind of setup and managed to make it work? >>>>> Can 389ds work this way? >>>>> >>>>> Best regards, >>> -- >>> >>> 389 Directory Server Development Team >>> >>> >> > -- > > 389 Directory Server Development Team > > -- Nicolas Randrianarisoa _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
