On 2/27/20 10:13 AM, N R wrote:
> Hi Mark,
>
> Thanks for your replies.
>
>> How did you configure the instance exactly?
> The host is a Fedora 30 VM, I installed 389ds using the package
> manager (dnf) and the setup-ds-admin.pl script.
> I enabled LDAPS over TLS on the standard port (636).
> The VM has a single network interface with both ipv4 and ipv6 address on it.
> There is no DNS service on the network so I'm using /etc/hosts to
> associate the hostname with IPs.
> The hostname is annuaire.telerys.infra
>
>> What do you have for nsslapd-localhost in the cn=config entry(dse.ldif)?
> nsslapd-localhost: annuaire.telerys.infra
>
>> nsslapd-listenhost, so it would be interesting to see if this has any
>> impact on your situation:
> I've tried several things with this parameter and had strange results
> with netstat -tunlp (snippet below only show lines relative to slapd):
>
> nsslapd-listenhost: annuaire.telerys.infra
> tcp6 0 0 [IPV6 address]:389 :::* LISTEN
> 1208/ns-slapd
> tcp6 0 0 ::1:389 :::*
> LISTEN 1208/ns-slapd
> tcp6 0 0 :::636 :::*
> LISTEN 1208/ns-slapd
>
> nsslapd-listenhost: [IPV4 address]
> tcp 0 0 [IPV4 address]:389 0.0.0.0:*
> LISTEN 1136/ns-slapd
> tcp6 0 0 :::636 :::*
> LISTEN 1136/ns-slapd
>
> nsslapd-listenhost: [IPV6 address]
> tcp6 0 0 [IPV6 address]:389 :::* LISTEN
> 1285/ns-slapd
> tcp6 0 0 :::636 :::*
> LISTEN 1285/ns-slapd
>
> Why is the service always listening for IPV6 on port 636 whatever the
> parameter is set to?
Then you want to use: nsslapd-securelistenhost
>
> Best regards,
>
> Nick rand
>
> 2020-02-27 14:10 UTC+01:00, Mark Reynolds <mreynolds@redhat.com>:
>> On 2/27/20 8:03 AM, Mark Reynolds wrote:
>>> On 2/27/20 5:30 AM, N R wrote:
>>>> Hello all,
>>>>
>>>> It's my first message on this list thanks in advance for your answers.
>>>>
>>>> I've configured a 389ds instance with ipv6 address and it's working
>>>> great with it.
>> How did you configure the instance exactly?
>>
>> What do you have for nsslapd-localhost in the cn=config entry(dse.ldif)?
>>
>> It should be a hostname, not an IP. And the hostname must correctly
>> resolve to this system. DS is very sensitive to the hostame/dns - it
>> very important for things like TLS and replication.
>>
>> Mark
>>
>>>> I need for this instance to be reachable via ipv4 also but despite
>>>> hours of research on the web and the archive of the list, I couldn't
>>>> find any good help or how-to to setup 389ds to listen on both ipv4 and
>>>> ipv6 addresses.
>>> The server listens on all interfaces, there is nothing special you
>>> need to do in DS for IPv6 or IPv4. I'm not a network expert, but it
>>> would seem to be a system issue, not a DS issue. Now, we do have
>>> nsslapd-listenhost, so it would be interesting to see if this has any
>>> impact on your situation:
>>>
>>> https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/configuration_command_and_file_reference/core_server_configuration_reference#cnconfig-nsslapd_listenhost_Listen_to_IP_Address
>>>
>>>
>>>
>>> Maybe someone else on this list has seen this before?
>>>
>>> HTH,
>>> Mark
>>>
>>>> I can't find a parameter specifying the listening interfaces.
>>>>
>>>> Has anyone faced this kind of setup and managed to make it work?
>>>> Can 389ds work this way?
>>>>
>>>> Best regards,
>> --
>>
>> 389 Directory Server Development Team
>>
>>
>
--
389 Directory Server Development Team
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
No comments:
Post a Comment