[Fedora-directory-users] how to set up Fedora Ds on a multinetwork host
Sergey Ivanov
seriv at omniti.com
Wed Oct 25 17:15:37 UTC 2006
I have a little problem with this advice.
I have installed fedora-ds rpm, then configured admin server and first
directory server to listen for local network and populated it with data.
With nsslapd-listenhost and nsslapd-securelistenhost I binded this
directory server to listen at this particular IP only.
Then, using Fedora Management Console, I created new instance of
directory server. When creating, it was listening on 0.0.0.0 at
different port.
When I have added bindning to external IP address by adding
nsslapd-listenhost and nsslapd-securelistenhost to it's config/dse.ldif,
I got into problem with communication between Fedora Management Console
and this new server. I can stop/start it with command line, and see that
it is binding to IP addresses correctly. I can do ldapsearch in this new
server from internet by this IP and port. But Fedora Management Console,
as I'm guessing, is still looking for this server to appear at local
network. So, it can not start/stop/connect it and reporting it as "Stopped".
May be, there is some attribute to add to
NetscapeRoot/{mydomain}/{myhost}/Server Group/Fedora Directory
Server/slapd-{newname} to change expectation of Admin server about this
newly created Directory Server? How to find out, which attribute it can be?
--
Sergey.
George Holbert wrote:
> Sergey,
> Mike's recipe would do the trick. If you try that, also look into the
> nsslapd-listenhost and nsslapd-securelistenhost config variables (in
> directory server docs). These will allow you to arrange for each
> directory server instance to only listen on a single interface. I
> believe the default is to listen on all interfaces.
> -- George
>
> Mike Jackson wrote:
>> Sergey Ivanov wrote:
>>> Hi George,
>>> I want to have the same LDAP directory for both interfaces, but with
>>> different SSL certificates.
>>
>> Probably the fastest and easiest way to do it:
>>
>> 1. Setup directory server to only listen to interface1 (hostname1)
>> 2. Install SSL cert for hostname1
>> 3. Setup directory server to only listen to interface2 (hostname2)
>> 4. Install SSL cert for hostname2
>> 5. Setup multimaster replication between the two directory servers
>> 6. Populate data
>>
>>
>>
>> Mike
More information about the 389-users
mailing list