On 2/27/20 5:30 AM, N R wrote: > Hello all, > > It's my first message on this list thanks in advance for your answers. > > I've configured a 389ds instance with ipv6 address and it's working > great with it.

> I need for this instance to be reachable via ipv4 also but despite > hours of research on the web and the archive of the list, I couldn't > find any good help or how-to to setup 389ds to listen on both ipv4 and > ipv6 addresses. The server listens on all interfaces, there is nothing special you need to do in DS for IPv6 or IPv4.  I'm not a network expert, but it would seem to be a system issue, not a DS issue.  Now, we do have nsslapd-listenhost, so it would be interesting to see if this has any impact on your situation: https://access.redhat.com/documentation/en-us/red_hat_directory_server/11... Maybe someone else on this list has seen this before? HTH, Mark > I can't find a parameter specifying the listening interfaces. > > Has anyone faced this kind of setup and managed to make it work? > Can 389ds work this way? > > Best regards,

Hi Mark, Thanks for your replies. > How did you configure the instance exactly? The host is a Fedora 30 VM, I installed 389ds using the package manager (dnf) and the setup-ds-admin.pl script. I enabled LDAPS over TLS on the standard port (636). The VM has a single network interface with both ipv4 and ipv6 address on it. There is no DNS service on the network so I'm using /etc/hosts to associate the hostname with IPs. The hostname is annuaire.telerys.infra > What do you have for nsslapd-localhost in the cn=config entry(dse.ldif)? nsslapd-localhost: annuaire.telerys.infra > nsslapd-listenhost, so it would be interesting to see if this has any > impact on your situation: I've tried several things with this parameter and had strange results with netstat -tunlp (snippet below only show lines relative to slapd): nsslapd-listenhost: annuaire.telerys.infra tcp6 0 0 [IPV6 address]:389 :::* LISTEN 1208/ns-slapd tcp6 0 0 ::1:389 :::* LISTEN 1208/ns-slapd tcp6 0 0 :::636 :::* LISTEN 1208/ns-slapd nsslapd-listenhost: [IPV4 address] tcp 0 0 [IPV4 address]:389 0.0.0.0:* LISTEN 1136/ns-slapd tcp6 0 0 :::636 :::* LISTEN 1136/ns-slapd nsslapd-listenhost: [IPV6 address] tcp6 0 0 [IPV6 address]:389 :::* LISTEN 1285/ns-slapd tcp6 0 0 :::636 :::* LISTEN 1285/ns-slapd Why is the service always listening for IPV6 on port 636 whatever the parameter is set to?

Best regards, Nick rand 2020-02-27 14:10 UTC+01:00, Mark Reynolds <mreynolds(a)redhat.com&gt;: > On 2/27/20 8:03 AM, Mark Reynolds wrote: >> On 2/27/20 5:30 AM, N R wrote: >>> Hello all, >>> >>> It's my first message on this list thanks in advance for your answers. >>> >>> I've configured a 389ds instance with ipv6 address and it's working >>> great with it. > How did you configure the instance exactly? > > What do you have for nsslapd-localhost in the cn=config entry(dse.ldif)? > > It should be a hostname, not an IP. And the hostname must correctly > resolve to this system. DS is very sensitive to the hostame/dns - it > very important for things like TLS and replication. > > Mark > >>> I need for this instance to be reachable via ipv4 also but despite >>> hours of research on the web and the archive of the list, I couldn't >>> find any good help or how-to to setup 389ds to listen on both ipv4 and >>> ipv6 addresses. >> The server listens on all interfaces, there is nothing special you >> need to do in DS for IPv6 or IPv4. I'm not a network expert, but it >> would seem to be a system issue, not a DS issue. Now, we do have >> nsslapd-listenhost, so it would be interesting to see if this has any >> impact on your situation: >> >> https://access.redhat.com/documentation/en-us/red_hat_directory_server/11... >> >> >> >> Maybe someone else on this list has seen this before? >> >> HTH, >> Mark >> >>> I can't find a parameter specifying the listening interfaces. >>> >>> Has anyone faced this kind of setup and managed to make it work? >>> Can 389ds work this way? >>> >>> Best regards, > -- > > 389 Directory Server Development Team > >

I've been able to find what was wrong in my configuration, I had a typo in the /etc/hosts file. ^_^' Thank you a lot for your time and your precious advices.

Best regards, Nick Rand 2020-02-27 16:25 UTC+01:00, Mark Reynolds <mreynolds(a)redhat.com&gt;: > On 2/27/20 10:13 AM, N R wrote: >> Hi Mark, >> >> Thanks for your replies. >> >>> How did you configure the instance exactly? >> The host is a Fedora 30 VM, I installed 389ds using the package >> manager (dnf) and the setup-ds-admin.pl script. >> I enabled LDAPS over TLS on the standard port (636). >> The VM has a single network interface with both ipv4 and ipv6 address on >> it. >> There is no DNS service on the network so I'm using /etc/hosts to >> associate the hostname with IPs. >> The hostname is annuaire.telerys.infra >> >>> What do you have for nsslapd-localhost in the cn=config entry(dse.ldif)? >> nsslapd-localhost: annuaire.telerys.infra >> >>> nsslapd-listenhost, so it would be interesting to see if this has any >>> impact on your situation: >> I've tried several things with this parameter and had strange results >> with netstat -tunlp (snippet below only show lines relative to slapd): >> >> nsslapd-listenhost: annuaire.telerys.infra >> tcp6 0 0 [IPV6 address]:389 :::* LISTEN >> 1208/ns-slapd >> tcp6 0 0 ::1:389 :::* >> LISTEN 1208/ns-slapd >> tcp6 0 0 :::636 :::* >> LISTEN 1208/ns-slapd >> >> nsslapd-listenhost: [IPV4 address] >> tcp 0 0 [IPV4 address]:389 0.0.0.0:* >> LISTEN 1136/ns-slapd >> tcp6 0 0 :::636 :::* >> LISTEN 1136/ns-slapd >> >> nsslapd-listenhost: [IPV6 address] >> tcp6 0 0 [IPV6 address]:389 :::* LISTEN >> 1285/ns-slapd >> tcp6 0 0 :::636 :::* >> LISTEN 1285/ns-slapd >> >> Why is the service always listening for IPV6 on port 636 whatever the >> parameter is set to? > Then you want to use:  nsslapd-securelistenhost >> Best regards, >> >> Nick rand >> >> 2020-02-27 14:10 UTC+01:00, Mark Reynolds <mreynolds(a)redhat.com&gt;: >>> On 2/27/20 8:03 AM, Mark Reynolds wrote: >>>> On 2/27/20 5:30 AM, N R wrote: >>>>> Hello all, >>>>> >>>>> It's my first message on this list thanks in advance for your answers. >>>>> >>>>> I've configured a 389ds instance with ipv6 address and it's working >>>>> great with it. >>> How did you configure the instance exactly? >>> >>> What do you have for nsslapd-localhost in the cn=config entry(dse.ldif)? >>> >>> It should be a hostname, not an IP. And the hostname must correctly >>> resolve to this system. DS is very sensitive to the hostame/dns - it >>> very important for things like TLS and replication. >>> >>> Mark >>> >>>>> I need for this instance to be reachable via ipv4 also but despite >>>>> hours of research on the web and the archive of the list, I couldn't >>>>> find any good help or how-to to setup 389ds to listen on both ipv4 and >>>>> ipv6 addresses. >>>> The server listens on all interfaces, there is nothing special you >>>> need to do in DS for IPv6 or IPv4. I'm not a network expert, but it >>>> would seem to be a system issue, not a DS issue. Now, we do have >>>> nsslapd-listenhost, so it would be interesting to see if this has any >>>> impact on your situation: >>>> >>>> https://access.redhat.com/documentation/en-us/red_hat_directory_server/11... >>>> >>>> >>>> >>>> Maybe someone else on this list has seen this before? >>>> >>>> HTH, >>>> Mark >>>> >>>>> I can't find a parameter specifying the listening interfaces. >>>>> >>>>> Has anyone faced this kind of setup and managed to make it work? >>>>> Can 389ds work this way? >>>>> >>>>> Best regards, >>> -- >>> >>> 389 Directory Server Development Team >>> >>> > -- > > 389 Directory Server Development Team > >

> On 28 Feb 2020, at 01:54, N R <randria.nicolas(a)gmail.com&gt; wrote: > > I've been able to find what was wrong in my configuration, I had a > typo in the /etc/hosts file. > ^_^' Can I ask what the typo was? I'm curious how that caused this to listen on v6 only? What was the setting of your securelisthost value in cn=config? Thanks! > > Thank you a lot for your time and your precious advices. All good, happy to help! > > Best regards, > Nick Rand > > 2020-02-27 16:25 UTC+01:00, Mark Reynolds <mreynolds(a)redhat.com&gt;: >> >> On 2/27/20 10:13 AM, N R wrote: >>> Hi Mark, >>> >>> Thanks for your replies. >>> >>>> How did you configure the instance exactly? >>> The host is a Fedora 30 VM, I installed 389ds using the package >>> manager (dnf) and the setup-ds-admin.pl script. >>> I enabled LDAPS over TLS on the standard port (636). >>> The VM has a single network interface with both ipv4 and ipv6 address >>> on >>> it. >>> There is no DNS service on the network so I'm using /etc/hosts to >>> associate the hostname with IPs. >>> The hostname is annuaire.telerys.infra >>> >>>> What do you have for nsslapd-localhost in the cn=config >>>> entry(dse.ldif)? >>> nsslapd-localhost: annuaire.telerys.infra >>> >>>> nsslapd-listenhost, so it would be interesting to see if this has any >>>> impact on your situation: >>> I've tried several things with this parameter and had strange results >>> with netstat -tunlp (snippet below only show lines relative to slapd): >>> >>> nsslapd-listenhost: annuaire.telerys.infra >>> tcp6 0 0 [IPV6 address]:389 :::* LISTEN >>> 1208/ns-slapd >>> tcp6 0 0 ::1:389 :::* >>> LISTEN 1208/ns-slapd >>> tcp6 0 0 :::636 :::* >>> LISTEN 1208/ns-slapd >>> >>> nsslapd-listenhost: [IPV4 address] >>> tcp 0 0 [IPV4 address]:389 0.0.0.0:* >>> LISTEN 1136/ns-slapd >>> tcp6 0 0 :::636 :::* >>> LISTEN 1136/ns-slapd >>> >>> nsslapd-listenhost: [IPV6 address] >>> tcp6 0 0 [IPV6 address]:389 :::* LISTEN >>> 1285/ns-slapd >>> tcp6 0 0 :::636 :::* >>> LISTEN 1285/ns-slapd >>> >>> Why is the service always listening for IPV6 on port 636 whatever the >>> parameter is set to? >> Then you want to use: nsslapd-securelistenhost >>> >>> Best regards, >>> >>> Nick rand >>> >>> 2020-02-27 14:10 UTC+01:00, Mark Reynolds <mreynolds(a)redhat.com&gt;: >>>> On 2/27/20 8:03 AM, Mark Reynolds wrote: >>>>> On 2/27/20 5:30 AM, N R wrote: >>>>>> Hello all, >>>>>> >>>>>> It's my first message on this list thanks in advance for your >>>>>> answers. >>>>>> >>>>>> I've configured a 389ds instance with ipv6 address and it's working >>>>>> great with it. >>>> How did you configure the instance exactly? >>>> >>>> What do you have for nsslapd-localhost in the cn=config >>>> entry(dse.ldif)? >>>> >>>> It should be a hostname, not an IP. And the hostname must correctly >>>> resolve to this system. DS is very sensitive to the hostame/dns - it >>>> very important for things like TLS and replication. >>>> >>>> Mark >>>> >>>>>> I need for this instance to be reachable via ipv4 also but despite >>>>>> hours of research on the web and the archive of the list, I couldn't >>>>>> find any good help or how-to to setup 389ds to listen on both ipv4 >>>>>> and >>>>>> ipv6 addresses. >>>>> The server listens on all interfaces, there is nothing special you >>>>> need to do in DS for IPv6 or IPv4. I'm not a network expert, but it >>>>> would seem to be a system issue, not a DS issue. Now, we do have >>>>> nsslapd-listenhost, so it would be interesting to see if this has any >>>>> impact on your situation: >>>>> >>>>> https://access.redhat.com/documentation/en-us/red_hat_directory_server/11... >>>>> >>>>> >>>>> >>>>> Maybe someone else on this list has seen this before? >>>>> >>>>> HTH, >>>>> Mark >>>>> >>>>>> I can't find a parameter specifying the listening interfaces. >>>>>> >>>>>> Has anyone faced this kind of setup and managed to make it work? >>>>>> Can 389ds work this way? >>>>>> >>>>>> Best regards, >>>> -- >>>> >>>> 389 Directory Server Development Team >>>> >>>> >>> >> -- >> >> 389 Directory Server Development Team >> >> > > > -- > Nicolas Randrianarisoa > _______________________________________________ > 389-users mailing list -- 389-users(a)lists.fedoraproject.org > To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje... — Sincerely, William Brown Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users(a)lists.fedoraproject.org To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...