Kimmo Koivisto wrote:
This is bug https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182556 which has been recently fixed. You need to change your host access filter back to simply "*". See http://directory.fedora.redhat.com/wiki/Howto:AdminServerLDAPMgmt for more information.HelloI have FDS 1.0.1 installed to RHEL4ES and I managed to deny admin console connections from anywhere :)I have domain ton.fi and by default admin server seems to allow connections only from *.ton.fi. I need to connect admin server from anywhere and I thought that I could add * to the allowed host list... I did it with admin console.
After I applied changes, I no longer could log in to the admin console, even from localhost, error log says:Yep. You have to modify the data in LDAP - local.conf is really just a read-only cache. See http://directory.fedora.redhat.com/wiki/Howto:AdminServerLDAPMgmt<error log> [Fri Feb 24 08:41:21 2006] [notice] Access Host filter is: (*.ton.fi|*) [Fri Feb 24 08:41:21 2006] [notice] Access Address filter is: * [Fri Feb 24 08:41:22 2006] [notice] Access Host filter is: (*.ton.fi|*) [Fri Feb 24 08:41:22 2006] [notice] Access Address filter is: * [Fri Feb 24 08:41:22 2006] [notice] Apache/2.0 configured -- resuming normal operations [Fri Feb 24 08:46:51 2006] [notice] [client 127.0.0.1] admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1 [Fri Feb 24 08:46:51 2006] [notice] [client 127.0.0.1] admserv_host_ip_check: host [ldap2.ton.fi] did not match pattern [(*.ton.fi|*)] -will scan aliases [Fri Feb 24 08:46:51 2006] [notice] [client 127.0.0.1] admserv_host_ip_check: host alias [ldap2] did not match pattern [(*.ton.fi|*)] [Fri Feb 24 08:46:51 2006] [notice] [client 127.0.0.1] admserv_host_ip_check: host alias [localhost.localdomain] did not match pattern [(*.ton.fi|*)] [Fri Feb 24 08:46:51 2006] [notice] [client 127.0.0.1] admserv_host_ip_check: host alias [localhost] did not match pattern [(*.ton.fi|*)] [Fri Feb 24 08:46:51 2006] [notice] [client 127.0.0.1] admserv_host_ip_check: host alias [ldapsrv] did not match pattern [(*.ton.fi|*)] [Fri Feb 24 08:46:51 2006] [notice] [client 127.0.0.1] admserv_host_ip_check: host alias [*] did not match pattern [(*.ton.fi|*)] [Fri Feb 24 08:46:51 2006] [notice] [client 127.0.0.1] admserv_host_ip_check: Unauthorized host ip=127.0.0.1, connection </error log>I tried to modify local.conf but it is always overwritten when I restart admin server.
How to remove that * from the settings and what is the proper way to allow connections to admin server from anywhere. Admin connections are restricted with IPsec, FDS can allow it from anywhere, no problems with security.What version of IBM LDAP were you using? Any problems with data or schema during migration? What were the problems with IBM replication?I was able to migrate from IBM LDAP to FDS and I'm really happy. I did not like IBM's multimaster replication, too many problems and did not know where to get support. FDS and mmr just works. Thanks for the great product :)
Best Regards Kimmo Koivisto -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
