Hello,
I'm testing listenhost using IPv6 address now. I put this configuration attribute in cn=config.
nsslapd-listenhost: fe80::208:74ff:fe18:fcd5%eth0
And accessed the server using the IPv6 address as well as its IPv4 address. Here's the result:
$ ./ldapsearch -h [fe80::208:74ff:fe38:fcd5] -p 12345 -b "dc=example,dc=com" "(objectclass=*)" dn dn: dc=example,dc=com
$ ./ldapsearch -h 172.16.15.156 -p 12345 -b "dc=example,dc=com" "(objectclass=*)" dn ldap_simple_bind: Can't connect to the LDAP server - Connection refused
I think this is the expected behavior, but I'd like to have your thoughts.
Please note that if there is no nsslapd-listenhost specified, the both command lines return the same result "dn: dc=example,dc=com".
Also, to someone who is curious, to run the same test, you need a new version of LDAP C SDK, which hasn't been released yet...
Thanks, --noriko
Hello Noriko. This is great news about IPv6! About the binding, it sounds correct but I imagine a sysadmin would find it inconvenient, wanting to be able to listen on a single physical interface in a multihomed system but have both IP and IPv6 available. I guess they could bind LDAP to one and LDAPS to the other in a pinch. :)
To try IPv6, do we need a DS build from the tip or just a new SDK?
Ulf
Noriko Hosoi wrote:
Hello,
I'm testing listenhost using IPv6 address now. I put this configuration attribute in cn=config.
nsslapd-listenhost: fe80::208:74ff:fe18:fcd5%eth0
And accessed the server using the IPv6 address as well as its IPv4 address. Here's the result:
$ ./ldapsearch -h [fe80::208:74ff:fe38:fcd5] -p 12345 -b "dc=example,dc=com" "(objectclass=*)" dn dn: dc=example,dc=com
$ ./ldapsearch -h 172.16.15.156 -p 12345 -b "dc=example,dc=com" "(objectclass=*)" dn ldap_simple_bind: Can't connect to the LDAP server - Connection refused
I think this is the expected behavior, but I'd like to have your thoughts. Please note that if there is no nsslapd-listenhost specified, the both command lines return the same result "dn: dc=example,dc=com". Also, to someone who is curious, to run the same test, you need a new version of LDAP C SDK, which hasn't been released yet...
Thanks, --noriko
-- Fedora-directory-devel mailing list Fedora-directory-devel@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-devel
Hi Ulf! Thanks for your comments.
Fedora DS 1.0.2 should work fine for the basic cases. We need some cleanup, though.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=206724
But even without the change, the server already handles the IPv6 request correctly. On the other hand, new LDAP C SDK is MUST. We updated the prldap_connection code to use the IPv6 friendly functions (e.g., PR_GetAddrInfoByName). If you are interested in, please take a look at this bug. You're going to see my struggles... :) https://bugzilla.mozilla.org/show_bug.cgi?id=328791 --noriko
Ulf Weltman wrote:
Hello Noriko. This is great news about IPv6! About the binding, it sounds correct but I imagine a sysadmin would find it inconvenient, wanting to be able to listen on a single physical interface in a multihomed system but have both IP and IPv6 available. I guess they could bind LDAP to one and LDAPS to the other in a pinch. :)
To try IPv6, do we need a DS build from the tip or just a new SDK?
Ulf
Noriko Hosoi wrote:
Hello,
I'm testing listenhost using IPv6 address now. I put this configuration attribute in cn=config.
nsslapd-listenhost: fe80::208:74ff:fe18:fcd5%eth0
And accessed the server using the IPv6 address as well as its IPv4 address. Here's the result:
$ ./ldapsearch -h [fe80::208:74ff:fe38:fcd5] -p 12345 -b "dc=example,dc=com" "(objectclass=*)" dn dn: dc=example,dc=com
$ ./ldapsearch -h 172.16.15.156 -p 12345 -b "dc=example,dc=com" "(objectclass=*)" dn ldap_simple_bind: Can't connect to the LDAP server - Connection refused
I think this is the expected behavior, but I'd like to have your thoughts. Please note that if there is no nsslapd-listenhost specified, the both command lines return the same result "dn: dc=example,dc=com". Also, to someone who is curious, to run the same test, you need a new version of LDAP C SDK, which hasn't been released yet...
Thanks, --noriko
-- Fedora-directory-devel mailing list Fedora-directory-devel@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-devel
-- Fedora-directory-devel mailing list Fedora-directory-devel@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-devel
389-devel@lists.fedoraproject.org
-
Noriko Hosoi -
Ulf Weltman