Thursday, February 27, 2020

[389-users] Re: 389ds and dual stack IPV4/6, also...

I've been able to find what was wrong in my configuration, I had a
typo in the /etc/hosts file.
^_^'

Thank you a lot for your time and your precious advices.

Best regards,
Nick Rand

2020-02-27 16:25 UTC+01:00, Mark Reynolds <mreynolds@redhat.com>:
>
> On 2/27/20 10:13 AM, N R wrote:
>> Hi Mark,
>>
>> Thanks for your replies.
>>
>>> How did you configure the instance exactly?
>> The host is a Fedora 30 VM, I installed 389ds using the package
>> manager (dnf) and the setup-ds-admin.pl script.
>> I enabled LDAPS over TLS on the standard port (636).
>> The VM has a single network interface with both ipv4 and ipv6 address on
>> it.
>> There is no DNS service on the network so I'm using /etc/hosts to
>> associate the hostname with IPs.
>> The hostname is annuaire.telerys.infra
>>
>>> What do you have for nsslapd-localhost in the cn=config entry(dse.ldif)?
>> nsslapd-localhost: annuaire.telerys.infra
>>
>>> nsslapd-listenhost, so it would be interesting to see if this has any
>>> impact on your situation:
>> I've tried several things with this parameter and had strange results
>> with netstat -tunlp (snippet below only show lines relative to slapd):
>>
>> nsslapd-listenhost: annuaire.telerys.infra
>> tcp6 0 0 [IPV6 address]:389 :::* LISTEN
>> 1208/ns-slapd
>> tcp6 0 0 ::1:389 :::*
>> LISTEN 1208/ns-slapd
>> tcp6 0 0 :::636 :::*
>> LISTEN 1208/ns-slapd
>>
>> nsslapd-listenhost: [IPV4 address]
>> tcp 0 0 [IPV4 address]:389 0.0.0.0:*
>> LISTEN 1136/ns-slapd
>> tcp6 0 0 :::636 :::*
>> LISTEN 1136/ns-slapd
>>
>> nsslapd-listenhost: [IPV6 address]
>> tcp6 0 0 [IPV6 address]:389 :::* LISTEN
>> 1285/ns-slapd
>> tcp6 0 0 :::636 :::*
>> LISTEN 1285/ns-slapd
>>
>> Why is the service always listening for IPV6 on port 636 whatever the
>> parameter is set to?
> Then you want to use:  nsslapd-securelistenhost
>>
>> Best regards,
>>
>> Nick rand
>>
>> 2020-02-27 14:10 UTC+01:00, Mark Reynolds <mreynolds@redhat.com>:
>>> On 2/27/20 8:03 AM, Mark Reynolds wrote:
>>>> On 2/27/20 5:30 AM, N R wrote:
>>>>> Hello all,
>>>>>
>>>>> It's my first message on this list thanks in advance for your answers.
>>>>>
>>>>> I've configured a 389ds instance with ipv6 address and it's working
>>>>> great with it.
>>> How did you configure the instance exactly?
>>>
>>> What do you have for nsslapd-localhost in the cn=config entry(dse.ldif)?
>>>
>>> It should be a hostname, not an IP. And the hostname must correctly
>>> resolve to this system. DS is very sensitive to the hostame/dns - it
>>> very important for things like TLS and replication.
>>>
>>> Mark
>>>
>>>>> I need for this instance to be reachable via ipv4 also but despite
>>>>> hours of research on the web and the archive of the list, I couldn't
>>>>> find any good help or how-to to setup 389ds to listen on both ipv4 and
>>>>> ipv6 addresses.
>>>> The server listens on all interfaces, there is nothing special you
>>>> need to do in DS for IPv6 or IPv4. I'm not a network expert, but it
>>>> would seem to be a system issue, not a DS issue. Now, we do have
>>>> nsslapd-listenhost, so it would be interesting to see if this has any
>>>> impact on your situation:
>>>>
>>>> https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/configuration_command_and_file_reference/core_server_configuration_reference#cnconfig-nsslapd_listenhost_Listen_to_IP_Address
>>>>
>>>>
>>>>
>>>> Maybe someone else on this list has seen this before?
>>>>
>>>> HTH,
>>>> Mark
>>>>
>>>>> I can't find a parameter specifying the listening interfaces.
>>>>>
>>>>> Has anyone faced this kind of setup and managed to make it work?
>>>>> Can 389ds work this way?
>>>>>
>>>>> Best regards,
>>> --
>>>
>>> 389 Directory Server Development Team
>>>
>>>
>>
> --
>
> 389 Directory Server Development Team
>
>


--
Nicolas Randrianarisoa
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org

No comments:

Post a Comment