Hello all,
It's my first message on this list thanks in advance for your answers.
I've configured a 389ds instance with ipv6 address and it's working great with it. I need for this instance to be reachable via ipv4 also but despite hours of research on the web and the archive of the list, I couldn't find any good help or how-to to setup 389ds to listen on both ipv4 and ipv6 addresses. I can't find a parameter specifying the listening interfaces.
Has anyone faced this kind of setup and managed to make it work? Can 389ds work this way?
Best regards,
On 2/27/20 5:30 AM, N R wrote:
Hello all,
It's my first message on this list thanks in advance for your answers.
I've configured a 389ds instance with ipv6 address and it's working great with it. I need for this instance to be reachable via ipv4 also but despite hours of research on the web and the archive of the list, I couldn't find any good help or how-to to setup 389ds to listen on both ipv4 and ipv6 addresses.
The server listens on all interfaces, there is nothing special you need to do in DS for IPv6 or IPv4. I'm not a network expert, but it would seem to be a system issue, not a DS issue. Now, we do have nsslapd-listenhost, so it would be interesting to see if this has any impact on your situation:
https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/ht...
Maybe someone else on this list has seen this before?
HTH, Mark
I can't find a parameter specifying the listening interfaces.
Has anyone faced this kind of setup and managed to make it work? Can 389ds work this way?
Best regards,
On 2/27/20 8:03 AM, Mark Reynolds wrote:
On 2/27/20 5:30 AM, N R wrote:
Hello all,
It's my first message on this list thanks in advance for your answers.
I've configured a 389ds instance with ipv6 address and it's working great with it.
How did you configure the instance exactly?
What do you have for nsslapd-localhost in the cn=config entry(dse.ldif)?
It should be a hostname, not an IP. And the hostname must correctly resolve to this system. DS is very sensitive to the hostame/dns - it very important for things like TLS and replication.
Mark
I need for this instance to be reachable via ipv4 also but despite hours of research on the web and the archive of the list, I couldn't find any good help or how-to to setup 389ds to listen on both ipv4 and ipv6 addresses.
The server listens on all interfaces, there is nothing special you need to do in DS for IPv6 or IPv4. I'm not a network expert, but it would seem to be a system issue, not a DS issue. Now, we do have nsslapd-listenhost, so it would be interesting to see if this has any impact on your situation:
https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/ht...
Maybe someone else on this list has seen this before?
HTH, Mark
I can't find a parameter specifying the listening interfaces.
Has anyone faced this kind of setup and managed to make it work? Can 389ds work this way?
Best regards,
Hi Mark,
Thanks for your replies.
How did you configure the instance exactly?
The host is a Fedora 30 VM, I installed 389ds using the package manager (dnf) and the setup-ds-admin.pl script. I enabled LDAPS over TLS on the standard port (636). The VM has a single network interface with both ipv4 and ipv6 address on it. There is no DNS service on the network so I'm using /etc/hosts to associate the hostname with IPs. The hostname is annuaire.telerys.infra
What do you have for nsslapd-localhost in the cn=config entry(dse.ldif)?
nsslapd-localhost: annuaire.telerys.infra
nsslapd-listenhost, so it would be interesting to see if this has any impact on your situation:
I've tried several things with this parameter and had strange results with netstat -tunlp (snippet below only show lines relative to slapd):
nsslapd-listenhost: annuaire.telerys.infra tcp6 0 0 [IPV6 address]:389 :::* LISTEN 1208/ns-slapd tcp6 0 0 ::1:389 :::* LISTEN 1208/ns-slapd tcp6 0 0 :::636 :::* LISTEN 1208/ns-slapd
nsslapd-listenhost: [IPV4 address] tcp 0 0 [IPV4 address]:389 0.0.0.0:* LISTEN 1136/ns-slapd tcp6 0 0 :::636 :::* LISTEN 1136/ns-slapd
nsslapd-listenhost: [IPV6 address] tcp6 0 0 [IPV6 address]:389 :::* LISTEN 1285/ns-slapd tcp6 0 0 :::636 :::* LISTEN 1285/ns-slapd
Why is the service always listening for IPV6 on port 636 whatever the parameter is set to?
Best regards,
Nick rand
2020-02-27 14:10 UTC+01:00, Mark Reynolds mreynolds@redhat.com:
On 2/27/20 8:03 AM, Mark Reynolds wrote:
On 2/27/20 5:30 AM, N R wrote:
Hello all,
It's my first message on this list thanks in advance for your answers.
I've configured a 389ds instance with ipv6 address and it's working great with it.
How did you configure the instance exactly?
What do you have for nsslapd-localhost in the cn=config entry(dse.ldif)?
It should be a hostname, not an IP. And the hostname must correctly resolve to this system. DS is very sensitive to the hostame/dns - it very important for things like TLS and replication.
Mark
I need for this instance to be reachable via ipv4 also but despite hours of research on the web and the archive of the list, I couldn't find any good help or how-to to setup 389ds to listen on both ipv4 and ipv6 addresses.
The server listens on all interfaces, there is nothing special you need to do in DS for IPv6 or IPv4. I'm not a network expert, but it would seem to be a system issue, not a DS issue. Now, we do have nsslapd-listenhost, so it would be interesting to see if this has any impact on your situation:
https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/ht...
Maybe someone else on this list has seen this before?
HTH, Mark
I can't find a parameter specifying the listening interfaces.
Has anyone faced this kind of setup and managed to make it work? Can 389ds work this way?
Best regards,
--
389 Directory Server Development Team
On 2/27/20 10:13 AM, N R wrote:
Hi Mark,
Thanks for your replies.
How did you configure the instance exactly?
The host is a Fedora 30 VM, I installed 389ds using the package manager (dnf) and the setup-ds-admin.pl script. I enabled LDAPS over TLS on the standard port (636). The VM has a single network interface with both ipv4 and ipv6 address on it. There is no DNS service on the network so I'm using /etc/hosts to associate the hostname with IPs. The hostname is annuaire.telerys.infra
What do you have for nsslapd-localhost in the cn=config entry(dse.ldif)?
nsslapd-localhost: annuaire.telerys.infra
nsslapd-listenhost, so it would be interesting to see if this has any impact on your situation:
I've tried several things with this parameter and had strange results with netstat -tunlp (snippet below only show lines relative to slapd):
nsslapd-listenhost: annuaire.telerys.infra tcp6 0 0 [IPV6 address]:389 :::* LISTEN 1208/ns-slapd tcp6 0 0 ::1:389 :::* LISTEN 1208/ns-slapd tcp6 0 0 :::636 :::* LISTEN 1208/ns-slapd
nsslapd-listenhost: [IPV4 address] tcp 0 0 [IPV4 address]:389 0.0.0.0:* LISTEN 1136/ns-slapd tcp6 0 0 :::636 :::* LISTEN 1136/ns-slapd
nsslapd-listenhost: [IPV6 address] tcp6 0 0 [IPV6 address]:389 :::* LISTEN 1285/ns-slapd tcp6 0 0 :::636 :::* LISTEN 1285/ns-slapd
Why is the service always listening for IPV6 on port 636 whatever the parameter is set to?
Then you want to use: nsslapd-securelistenhost
Best regards,
Nick rand
2020-02-27 14:10 UTC+01:00, Mark Reynolds mreynolds@redhat.com:
On 2/27/20 8:03 AM, Mark Reynolds wrote:
On 2/27/20 5:30 AM, N R wrote:
Hello all,
It's my first message on this list thanks in advance for your answers.
I've configured a 389ds instance with ipv6 address and it's working great with it.
How did you configure the instance exactly?
What do you have for nsslapd-localhost in the cn=config entry(dse.ldif)?
It should be a hostname, not an IP. And the hostname must correctly resolve to this system. DS is very sensitive to the hostame/dns - it very important for things like TLS and replication.
Mark
I need for this instance to be reachable via ipv4 also but despite hours of research on the web and the archive of the list, I couldn't find any good help or how-to to setup 389ds to listen on both ipv4 and ipv6 addresses.
The server listens on all interfaces, there is nothing special you need to do in DS for IPv6 or IPv4. I'm not a network expert, but it would seem to be a system issue, not a DS issue. Now, we do have nsslapd-listenhost, so it would be interesting to see if this has any impact on your situation:
https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/ht...
Maybe someone else on this list has seen this before?
HTH, Mark
I can't find a parameter specifying the listening interfaces.
Has anyone faced this kind of setup and managed to make it work? Can 389ds work this way?
Best regards,
--
389 Directory Server Development Team
I've been able to find what was wrong in my configuration, I had a typo in the /etc/hosts file. ^_^'
Thank you a lot for your time and your precious advices.
Best regards, Nick Rand
2020-02-27 16:25 UTC+01:00, Mark Reynolds mreynolds@redhat.com:
On 2/27/20 10:13 AM, N R wrote:
Hi Mark,
Thanks for your replies.
How did you configure the instance exactly?
The host is a Fedora 30 VM, I installed 389ds using the package manager (dnf) and the setup-ds-admin.pl script. I enabled LDAPS over TLS on the standard port (636). The VM has a single network interface with both ipv4 and ipv6 address on it. There is no DNS service on the network so I'm using /etc/hosts to associate the hostname with IPs. The hostname is annuaire.telerys.infra
What do you have for nsslapd-localhost in the cn=config entry(dse.ldif)?
nsslapd-localhost: annuaire.telerys.infra
nsslapd-listenhost, so it would be interesting to see if this has any impact on your situation:
I've tried several things with this parameter and had strange results with netstat -tunlp (snippet below only show lines relative to slapd):
nsslapd-listenhost: annuaire.telerys.infra tcp6 0 0 [IPV6 address]:389 :::* LISTEN 1208/ns-slapd tcp6 0 0 ::1:389 :::* LISTEN 1208/ns-slapd tcp6 0 0 :::636 :::* LISTEN 1208/ns-slapd
nsslapd-listenhost: [IPV4 address] tcp 0 0 [IPV4 address]:389 0.0.0.0:* LISTEN 1136/ns-slapd tcp6 0 0 :::636 :::* LISTEN 1136/ns-slapd
nsslapd-listenhost: [IPV6 address] tcp6 0 0 [IPV6 address]:389 :::* LISTEN 1285/ns-slapd tcp6 0 0 :::636 :::* LISTEN 1285/ns-slapd
Why is the service always listening for IPV6 on port 636 whatever the parameter is set to?
Then you want to use: nsslapd-securelistenhost
Best regards,
Nick rand
2020-02-27 14:10 UTC+01:00, Mark Reynolds mreynolds@redhat.com:
On 2/27/20 8:03 AM, Mark Reynolds wrote:
On 2/27/20 5:30 AM, N R wrote:
Hello all,
It's my first message on this list thanks in advance for your answers.
I've configured a 389ds instance with ipv6 address and it's working great with it.
How did you configure the instance exactly?
What do you have for nsslapd-localhost in the cn=config entry(dse.ldif)?
It should be a hostname, not an IP. And the hostname must correctly resolve to this system. DS is very sensitive to the hostame/dns - it very important for things like TLS and replication.
Mark
I need for this instance to be reachable via ipv4 also but despite hours of research on the web and the archive of the list, I couldn't find any good help or how-to to setup 389ds to listen on both ipv4 and ipv6 addresses.
The server listens on all interfaces, there is nothing special you need to do in DS for IPv6 or IPv4. I'm not a network expert, but it would seem to be a system issue, not a DS issue. Now, we do have nsslapd-listenhost, so it would be interesting to see if this has any impact on your situation:
https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/ht...
Maybe someone else on this list has seen this before?
HTH, Mark
I can't find a parameter specifying the listening interfaces.
Has anyone faced this kind of setup and managed to make it work? Can 389ds work this way?
Best regards,
--
389 Directory Server Development Team
--
389 Directory Server Development Team
On 2/27/20 10:54 AM, N R wrote:
I've been able to find what was wrong in my configuration, I had a typo in the /etc/hosts file. ^_^'
Thank you a lot for your time and your precious advices.
Glad you figured it out!
Best regards, Nick Rand
2020-02-27 16:25 UTC+01:00, Mark Reynolds mreynolds@redhat.com:
On 2/27/20 10:13 AM, N R wrote:
Hi Mark,
Thanks for your replies.
How did you configure the instance exactly?
The host is a Fedora 30 VM, I installed 389ds using the package manager (dnf) and the setup-ds-admin.pl script. I enabled LDAPS over TLS on the standard port (636). The VM has a single network interface with both ipv4 and ipv6 address on it. There is no DNS service on the network so I'm using /etc/hosts to associate the hostname with IPs. The hostname is annuaire.telerys.infra
What do you have for nsslapd-localhost in the cn=config entry(dse.ldif)?
nsslapd-localhost: annuaire.telerys.infra
nsslapd-listenhost, so it would be interesting to see if this has any impact on your situation:
I've tried several things with this parameter and had strange results with netstat -tunlp (snippet below only show lines relative to slapd):
nsslapd-listenhost: annuaire.telerys.infra tcp6 0 0 [IPV6 address]:389 :::* LISTEN 1208/ns-slapd tcp6 0 0 ::1:389 :::* LISTEN 1208/ns-slapd tcp6 0 0 :::636 :::* LISTEN 1208/ns-slapd
nsslapd-listenhost: [IPV4 address] tcp 0 0 [IPV4 address]:389 0.0.0.0:* LISTEN 1136/ns-slapd tcp6 0 0 :::636 :::* LISTEN 1136/ns-slapd
nsslapd-listenhost: [IPV6 address] tcp6 0 0 [IPV6 address]:389 :::* LISTEN 1285/ns-slapd tcp6 0 0 :::636 :::* LISTEN 1285/ns-slapd
Why is the service always listening for IPV6 on port 636 whatever the parameter is set to?
Then you want to use: nsslapd-securelistenhost
Best regards,
Nick rand
2020-02-27 14:10 UTC+01:00, Mark Reynolds mreynolds@redhat.com:
On 2/27/20 8:03 AM, Mark Reynolds wrote:
On 2/27/20 5:30 AM, N R wrote:
Hello all,
It's my first message on this list thanks in advance for your answers.
I've configured a 389ds instance with ipv6 address and it's working great with it.
How did you configure the instance exactly?
What do you have for nsslapd-localhost in the cn=config entry(dse.ldif)?
It should be a hostname, not an IP. And the hostname must correctly resolve to this system. DS is very sensitive to the hostame/dns - it very important for things like TLS and replication.
Mark
I need for this instance to be reachable via ipv4 also but despite hours of research on the web and the archive of the list, I couldn't find any good help or how-to to setup 389ds to listen on both ipv4 and ipv6 addresses.
The server listens on all interfaces, there is nothing special you need to do in DS for IPv6 or IPv4. I'm not a network expert, but it would seem to be a system issue, not a DS issue. Now, we do have nsslapd-listenhost, so it would be interesting to see if this has any impact on your situation:
https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/ht...
Maybe someone else on this list has seen this before?
HTH, Mark
I can't find a parameter specifying the listening interfaces.
Has anyone faced this kind of setup and managed to make it work? Can 389ds work this way?
Best regards,
--
389 Directory Server Development Team
--
389 Directory Server Development Team
On 28 Feb 2020, at 01:54, N R randria.nicolas@gmail.com wrote:
I've been able to find what was wrong in my configuration, I had a typo in the /etc/hosts file. ^_^'
Can I ask what the typo was? I'm curious how that caused this to listen on v6 only? What was the setting of your securelisthost value in cn=config?
Thanks!
Thank you a lot for your time and your precious advices.
All good, happy to help!
Best regards, Nick Rand
2020-02-27 16:25 UTC+01:00, Mark Reynolds mreynolds@redhat.com:
On 2/27/20 10:13 AM, N R wrote:
Hi Mark,
Thanks for your replies.
How did you configure the instance exactly?
The host is a Fedora 30 VM, I installed 389ds using the package manager (dnf) and the setup-ds-admin.pl script. I enabled LDAPS over TLS on the standard port (636). The VM has a single network interface with both ipv4 and ipv6 address on it. There is no DNS service on the network so I'm using /etc/hosts to associate the hostname with IPs. The hostname is annuaire.telerys.infra
What do you have for nsslapd-localhost in the cn=config entry(dse.ldif)?
nsslapd-localhost: annuaire.telerys.infra
nsslapd-listenhost, so it would be interesting to see if this has any impact on your situation:
I've tried several things with this parameter and had strange results with netstat -tunlp (snippet below only show lines relative to slapd):
nsslapd-listenhost: annuaire.telerys.infra tcp6 0 0 [IPV6 address]:389 :::* LISTEN 1208/ns-slapd tcp6 0 0 ::1:389 :::* LISTEN 1208/ns-slapd tcp6 0 0 :::636 :::* LISTEN 1208/ns-slapd
nsslapd-listenhost: [IPV4 address] tcp 0 0 [IPV4 address]:389 0.0.0.0:* LISTEN 1136/ns-slapd tcp6 0 0 :::636 :::* LISTEN 1136/ns-slapd
nsslapd-listenhost: [IPV6 address] tcp6 0 0 [IPV6 address]:389 :::* LISTEN 1285/ns-slapd tcp6 0 0 :::636 :::* LISTEN 1285/ns-slapd
Why is the service always listening for IPV6 on port 636 whatever the parameter is set to?
Then you want to use: nsslapd-securelistenhost
Best regards,
Nick rand
2020-02-27 14:10 UTC+01:00, Mark Reynolds mreynolds@redhat.com:
On 2/27/20 8:03 AM, Mark Reynolds wrote:
On 2/27/20 5:30 AM, N R wrote:
Hello all,
It's my first message on this list thanks in advance for your answers.
I've configured a 389ds instance with ipv6 address and it's working great with it.
How did you configure the instance exactly?
What do you have for nsslapd-localhost in the cn=config entry(dse.ldif)?
It should be a hostname, not an IP. And the hostname must correctly resolve to this system. DS is very sensitive to the hostame/dns - it very important for things like TLS and replication.
Mark
I need for this instance to be reachable via ipv4 also but despite hours of research on the web and the archive of the list, I couldn't find any good help or how-to to setup 389ds to listen on both ipv4 and ipv6 addresses.
The server listens on all interfaces, there is nothing special you need to do in DS for IPv6 or IPv4. I'm not a network expert, but it would seem to be a system issue, not a DS issue. Now, we do have nsslapd-listenhost, so it would be interesting to see if this has any impact on your situation:
https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/ht...
Maybe someone else on this list has seen this before?
HTH, Mark
I can't find a parameter specifying the listening interfaces.
Has anyone faced this kind of setup and managed to make it work? Can 389ds work this way?
Best regards,
--
389 Directory Server Development Team
--
389 Directory Server Development Team
-- Nicolas Randrianarisoa _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs
Hi Williman,
I mistyped the hostname of my computer, the ipv4 was associated with "annuaire.telerys.inTra" instead of "annuaire.telerys.inFra" so really, basic typo. That explains also why only ipv6 was properly handled.
Besides that, I've assigned the same hostname "annuaire.telerys.infra" to both "cn=config" parameters mentioned by Mark : nsslapd-listenhost: annuaire.telerys.infra nsslapd-securelistenhost: annuaire.telerys.infra
Beswt regards, Nick Rand
2020-02-28 2:53 UTC+01:00, William Brown wbrown@suse.de:
On 28 Feb 2020, at 01:54, N R randria.nicolas@gmail.com wrote:
I've been able to find what was wrong in my configuration, I had a typo in the /etc/hosts file. ^_^'
Can I ask what the typo was? I'm curious how that caused this to listen on v6 only? What was the setting of your securelisthost value in cn=config?
Thanks!
Thank you a lot for your time and your precious advices.
All good, happy to help!
Best regards, Nick Rand
2020-02-27 16:25 UTC+01:00, Mark Reynolds mreynolds@redhat.com:
On 2/27/20 10:13 AM, N R wrote:
Hi Mark,
Thanks for your replies.
How did you configure the instance exactly?
The host is a Fedora 30 VM, I installed 389ds using the package manager (dnf) and the setup-ds-admin.pl script. I enabled LDAPS over TLS on the standard port (636). The VM has a single network interface with both ipv4 and ipv6 address on it. There is no DNS service on the network so I'm using /etc/hosts to associate the hostname with IPs. The hostname is annuaire.telerys.infra
What do you have for nsslapd-localhost in the cn=config entry(dse.ldif)?
nsslapd-localhost: annuaire.telerys.infra
nsslapd-listenhost, so it would be interesting to see if this has any impact on your situation:
I've tried several things with this parameter and had strange results with netstat -tunlp (snippet below only show lines relative to slapd):
nsslapd-listenhost: annuaire.telerys.infra tcp6 0 0 [IPV6 address]:389 :::* LISTEN 1208/ns-slapd tcp6 0 0 ::1:389 :::* LISTEN 1208/ns-slapd tcp6 0 0 :::636 :::* LISTEN 1208/ns-slapd
nsslapd-listenhost: [IPV4 address] tcp 0 0 [IPV4 address]:389 0.0.0.0:* LISTEN 1136/ns-slapd tcp6 0 0 :::636 :::* LISTEN 1136/ns-slapd
nsslapd-listenhost: [IPV6 address] tcp6 0 0 [IPV6 address]:389 :::* LISTEN 1285/ns-slapd tcp6 0 0 :::636 :::* LISTEN 1285/ns-slapd
Why is the service always listening for IPV6 on port 636 whatever the parameter is set to?
Then you want to use: nsslapd-securelistenhost
Best regards,
Nick rand
2020-02-27 14:10 UTC+01:00, Mark Reynolds mreynolds@redhat.com:
On 2/27/20 8:03 AM, Mark Reynolds wrote:
On 2/27/20 5:30 AM, N R wrote: > Hello all, > > It's my first message on this list thanks in advance for your > answers. > > I've configured a 389ds instance with ipv6 address and it's working > great with it.
How did you configure the instance exactly?
What do you have for nsslapd-localhost in the cn=config entry(dse.ldif)?
It should be a hostname, not an IP. And the hostname must correctly resolve to this system. DS is very sensitive to the hostame/dns - it very important for things like TLS and replication.
Mark
> I need for this instance to be reachable via ipv4 also but despite > hours of research on the web and the archive of the list, I couldn't > find any good help or how-to to setup 389ds to listen on both ipv4 > and > ipv6 addresses. The server listens on all interfaces, there is nothing special you need to do in DS for IPv6 or IPv4. I'm not a network expert, but it would seem to be a system issue, not a DS issue. Now, we do have nsslapd-listenhost, so it would be interesting to see if this has any impact on your situation:
https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/ht...
Maybe someone else on this list has seen this before?
HTH, Mark
> I can't find a parameter specifying the listening interfaces. > > Has anyone faced this kind of setup and managed to make it work? > Can 389ds work this way? > > Best regards,
--
389 Directory Server Development Team
--
389 Directory Server Development Team
-- Nicolas Randrianarisoa _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
389-users@lists.fedoraproject.org