> On 28 Feb 2020, at 01:54, N R <randria.nicolas@xxxxxxxxx> wrote: > > I've been able to find what was wrong in my configuration, I had a > typo in the /etc/hosts file. > ^_^' Can I ask what the typo was? I'm curious how that caused this to listen on v6 only? What was the setting of your securelisthost value in cn=config? Thanks! > > Thank you a lot for your time and your precious advices. All good, happy to help! > > Best regards, > Nick Rand > > 2020-02-27 16:25 UTC+01:00, Mark Reynolds <mreynolds@xxxxxxxxxx>: >> >> On 2/27/20 10:13 AM, N R wrote: >>> Hi Mark, >>> >>> Thanks for your replies. >>> >>>> How did you configure the instance exactly? >>> The host is a Fedora 30 VM, I installed 389ds using the package >>> manager (dnf) and the setup-ds-admin.pl script. >>> I enabled LDAPS over TLS on the standard port (636). >>> The VM has a single network interface with both ipv4 and ipv6 address on >>> it. >>> There is no DNS service on the network so I'm using /etc/hosts to >>> associate the hostname with IPs. >>> The hostname is annuaire.telerys.infra >>> >>>> What do you have for nsslapd-localhost in the cn=config entry(dse.ldif)? >>> nsslapd-localhost: annuaire.telerys.infra >>> >>>> nsslapd-listenhost, so it would be interesting to see if this has any >>>> impact on your situation: >>> I've tried several things with this parameter and had strange results >>> with netstat -tunlp (snippet below only show lines relative to slapd): >>> >>> nsslapd-listenhost: annuaire.telerys.infra >>> tcp6 0 0 [IPV6 address]:389 :::* LISTEN >>> 1208/ns-slapd >>> tcp6 0 0 ::1:389 :::* >>> LISTEN 1208/ns-slapd >>> tcp6 0 0 :::636 :::* >>> LISTEN 1208/ns-slapd >>> >>> nsslapd-listenhost: [IPV4 address] >>> tcp 0 0 [IPV4 address]:389 0.0.0.0:* >>> LISTEN 1136/ns-slapd >>> tcp6 0 0 :::636 :::* >>> LISTEN 1136/ns-slapd >>> >>> nsslapd-listenhost: [IPV6 address] >>> tcp6 0 0 [IPV6 address]:389 :::* LISTEN >>> 1285/ns-slapd >>> tcp6 0 0 :::636 :::* >>> LISTEN 1285/ns-slapd >>> >>> Why is the service always listening for IPV6 on port 636 whatever the >>> parameter is set to? >> Then you want to use: nsslapd-securelistenhost >>> >>> Best regards, >>> >>> Nick rand >>> >>> 2020-02-27 14:10 UTC+01:00, Mark Reynolds <mreynolds@xxxxxxxxxx>: >>>> On 2/27/20 8:03 AM, Mark Reynolds wrote: >>>>> On 2/27/20 5:30 AM, N R wrote: >>>>>> Hello all, >>>>>> >>>>>> It's my first message on this list thanks in advance for your answers. >>>>>> >>>>>> I've configured a 389ds instance with ipv6 address and it's working >>>>>> great with it. >>>> How did you configure the instance exactly? >>>> >>>> What do you have for nsslapd-localhost in the cn=config entry(dse.ldif)? >>>> >>>> It should be a hostname, not an IP. And the hostname must correctly >>>> resolve to this system. DS is very sensitive to the hostame/dns - it >>>> very important for things like TLS and replication. >>>> >>>> Mark >>>> >>>>>> I need for this instance to be reachable via ipv4 also but despite >>>>>> hours of research on the web and the archive of the list, I couldn't >>>>>> find any good help or how-to to setup 389ds to listen on both ipv4 and >>>>>> ipv6 addresses. >>>>> The server listens on all interfaces, there is nothing special you >>>>> need to do in DS for IPv6 or IPv4. I'm not a network expert, but it >>>>> would seem to be a system issue, not a DS issue. Now, we do have >>>>> nsslapd-listenhost, so it would be interesting to see if this has any >>>>> impact on your situation: >>>>> >>>>> https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/configuration_command_and_file_reference/core_server_configuration_reference#cnconfig-nsslapd_listenhost_Listen_to_IP_Address >>>>> >>>>> >>>>> >>>>> Maybe someone else on this list has seen this before? >>>>> >>>>> HTH, >>>>> Mark >>>>> >>>>>> I can't find a parameter specifying the listening interfaces. >>>>>> >>>>>> Has anyone faced this kind of setup and managed to make it work? >>>>>> Can 389ds work this way? >>>>>> >>>>>> Best regards, >>>> -- >>>> >>>> 389 Directory Server Development Team >>>> >>>> >>> >> -- >> >> 389 Directory Server Development Team >> >> > > > -- > Nicolas Randrianarisoa > _______________________________________________ > 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx — Sincerely, William Brown Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
