Hi Mark,
Thanks for your replies.
> How did you configure the instance exactly?
The host is a Fedora 30 VM, I installed 389ds using the package
manager (dnf) and the setup-ds-admin.pl script.
I enabled LDAPS over TLS on the standard port (636).
The VM has a single network interface with both ipv4 and ipv6 address on it.
There is no DNS service on the network so I'm using /etc/hosts to
associate the hostname with IPs.
The hostname is annuaire.telerys.infra
> What do you have for nsslapd-localhost in the cn=config entry(dse.ldif)?
nsslapd-localhost: annuaire.telerys.infra
> nsslapd-listenhost, so it would be interesting to see if this has any
> impact on your situation:
I've tried several things with this parameter and had strange results
with netstat -tunlp (snippet below only show lines relative to slapd):
nsslapd-listenhost: annuaire.telerys.infra
tcp6 0 0 [IPV6 address]:389 :::* LISTEN
1208/ns-slapd
tcp6 0 0 ::1:389 :::*
LISTEN 1208/ns-slapd
tcp6 0 0 :::636 :::*
LISTEN 1208/ns-slapd
nsslapd-listenhost: [IPV4 address]
tcp 0 0 [IPV4 address]:389 0.0.0.0:*
LISTEN 1136/ns-slapd
tcp6 0 0 :::636 :::*
LISTEN 1136/ns-slapd
nsslapd-listenhost: [IPV6 address]
tcp6 0 0 [IPV6 address]:389 :::* LISTEN
1285/ns-slapd
tcp6 0 0 :::636 :::*
LISTEN 1285/ns-slapd
Why is the service always listening for IPV6 on port 636 whatever the
parameter is set to?
Best regards,
Nick rand
2020-02-27 14:10 UTC+01:00, Mark Reynolds <mreynolds@redhat.com>:
>
> On 2/27/20 8:03 AM, Mark Reynolds wrote:
>>
>> On 2/27/20 5:30 AM, N R wrote:
>>> Hello all,
>>>
>>> It's my first message on this list thanks in advance for your answers.
>>>
>>> I've configured a 389ds instance with ipv6 address and it's working
>>> great with it.
>
> How did you configure the instance exactly?
>
> What do you have for nsslapd-localhost in the cn=config entry(dse.ldif)?
>
> It should be a hostname, not an IP. And the hostname must correctly
> resolve to this system. DS is very sensitive to the hostame/dns - it
> very important for things like TLS and replication.
>
> Mark
>
>>> I need for this instance to be reachable via ipv4 also but despite
>>> hours of research on the web and the archive of the list, I couldn't
>>> find any good help or how-to to setup 389ds to listen on both ipv4 and
>>> ipv6 addresses.
>>
>> The server listens on all interfaces, there is nothing special you
>> need to do in DS for IPv6 or IPv4. I'm not a network expert, but it
>> would seem to be a system issue, not a DS issue. Now, we do have
>> nsslapd-listenhost, so it would be interesting to see if this has any
>> impact on your situation:
>>
>> https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/configuration_command_and_file_reference/core_server_configuration_reference#cnconfig-nsslapd_listenhost_Listen_to_IP_Address
>>
>>
>>
>> Maybe someone else on this list has seen this before?
>>
>> HTH,
>> Mark
>>
>>> I can't find a parameter specifying the listening interfaces.
>>>
>>> Has anyone faced this kind of setup and managed to make it work?
>>> Can 389ds work this way?
>>>
>>> Best regards,
>>
> --
>
> 389 Directory Server Development Team
>
>
--
Nicolas Randrianarisoa
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
No comments:
Post a Comment