Thursday, February 27, 2020

[389-users] Re: 389ds and dual stack IPV4/6, also...

On 2/27/20 10:54 AM, N R wrote:
> I've been able to find what was wrong in my configuration, I had a
> typo in the /etc/hosts file.
> ^_^'
>
> Thank you a lot for your time and your precious advices.
Glad you figured it out!
>
> Best regards,
> Nick Rand
>
> 2020-02-27 16:25 UTC+01:00, Mark Reynolds <mreynolds@redhat.com>:
>> On 2/27/20 10:13 AM, N R wrote:
>>> Hi Mark,
>>>
>>> Thanks for your replies.
>>>
>>>> How did you configure the instance exactly?
>>> The host is a Fedora 30 VM, I installed 389ds using the package
>>> manager (dnf) and the setup-ds-admin.pl script.
>>> I enabled LDAPS over TLS on the standard port (636).
>>> The VM has a single network interface with both ipv4 and ipv6 address on
>>> it.
>>> There is no DNS service on the network so I'm using /etc/hosts to
>>> associate the hostname with IPs.
>>> The hostname is annuaire.telerys.infra
>>>
>>>> What do you have for nsslapd-localhost in the cn=config entry(dse.ldif)?
>>> nsslapd-localhost: annuaire.telerys.infra
>>>
>>>> nsslapd-listenhost, so it would be interesting to see if this has any
>>>> impact on your situation:
>>> I've tried several things with this parameter and had strange results
>>> with netstat -tunlp (snippet below only show lines relative to slapd):
>>>
>>> nsslapd-listenhost: annuaire.telerys.infra
>>> tcp6 0 0 [IPV6 address]:389 :::* LISTEN
>>> 1208/ns-slapd
>>> tcp6 0 0 ::1:389 :::*
>>> LISTEN 1208/ns-slapd
>>> tcp6 0 0 :::636 :::*
>>> LISTEN 1208/ns-slapd
>>>
>>> nsslapd-listenhost: [IPV4 address]
>>> tcp 0 0 [IPV4 address]:389 0.0.0.0:*
>>> LISTEN 1136/ns-slapd
>>> tcp6 0 0 :::636 :::*
>>> LISTEN 1136/ns-slapd
>>>
>>> nsslapd-listenhost: [IPV6 address]
>>> tcp6 0 0 [IPV6 address]:389 :::* LISTEN
>>> 1285/ns-slapd
>>> tcp6 0 0 :::636 :::*
>>> LISTEN 1285/ns-slapd
>>>
>>> Why is the service always listening for IPV6 on port 636 whatever the
>>> parameter is set to?
>> Then you want to use:  nsslapd-securelistenhost
>>> Best regards,
>>>
>>> Nick rand
>>>
>>> 2020-02-27 14:10 UTC+01:00, Mark Reynolds <mreynolds@redhat.com>:
>>>> On 2/27/20 8:03 AM, Mark Reynolds wrote:
>>>>> On 2/27/20 5:30 AM, N R wrote:
>>>>>> Hello all,
>>>>>>
>>>>>> It's my first message on this list thanks in advance for your answers.
>>>>>>
>>>>>> I've configured a 389ds instance with ipv6 address and it's working
>>>>>> great with it.
>>>> How did you configure the instance exactly?
>>>>
>>>> What do you have for nsslapd-localhost in the cn=config entry(dse.ldif)?
>>>>
>>>> It should be a hostname, not an IP. And the hostname must correctly
>>>> resolve to this system. DS is very sensitive to the hostame/dns - it
>>>> very important for things like TLS and replication.
>>>>
>>>> Mark
>>>>
>>>>>> I need for this instance to be reachable via ipv4 also but despite
>>>>>> hours of research on the web and the archive of the list, I couldn't
>>>>>> find any good help or how-to to setup 389ds to listen on both ipv4 and
>>>>>> ipv6 addresses.
>>>>> The server listens on all interfaces, there is nothing special you
>>>>> need to do in DS for IPv6 or IPv4. I'm not a network expert, but it
>>>>> would seem to be a system issue, not a DS issue. Now, we do have
>>>>> nsslapd-listenhost, so it would be interesting to see if this has any
>>>>> impact on your situation:
>>>>>
>>>>> https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/configuration_command_and_file_reference/core_server_configuration_reference#cnconfig-nsslapd_listenhost_Listen_to_IP_Address
>>>>>
>>>>>
>>>>>
>>>>> Maybe someone else on this list has seen this before?
>>>>>
>>>>> HTH,
>>>>> Mark
>>>>>
>>>>>> I can't find a parameter specifying the listening interfaces.
>>>>>>
>>>>>> Has anyone faced this kind of setup and managed to make it work?
>>>>>> Can 389ds work this way?
>>>>>>
>>>>>> Best regards,
>>>> --
>>>>
>>>> 389 Directory Server Development Team
>>>>
>>>>
>> --
>>
>> 389 Directory Server Development Team
>>
>>
>
--

389 Directory Server Development Team
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org

No comments:

Post a Comment