Bug 198527

Summary: wiki lists incorrect method for changing allowed hosts/IP addresses
Product: [Retired] 389 Reporter: David Bogen <david.bogen>
Component: wikiAssignee: Rich Megginson <rmeggins>
Status: CLOSED CURRENTRELEASE QA Contact: Viktor Ashirov <vashirov>
Severity: medium Docs Contact:
Priority: medium    
Version: 1.0CC: rcritten
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-12-07 16:38:07 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description David Bogen 2006-07-11 16:44:18 UTC 
Description of problem:

While it is a known bug that the admin server software itself requires host/IP
address matching to fail before a client can be granted access:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=183925

the wiki still lists information that doesn't work on this page:

http://directory.fedora.redhat.com/wiki/Howto:AdminServerLDAPMgmt

I can understand why the wiki lists information that *should* work, but we need
information that *does* work.

Perhaps the wiki should contain a link to the bug listed above, or a note
something like:

>>>>>
Due to a bug in the software that will be fixed in release foo, if you're using
release 1.0_blah, then you'll need to use syntax something like the following to
allow any host, anywhere, to access the admin server:

dn: your relevant dn here
changetype: modify
replace: nsAdminAccessHosts nsAdminAccessAddresses
nsAdminAccessHosts: 
nsAdminAccessAddresses: 224.0.0.0

The matching logic is reversed, so if you want any host to connect, you need to
empty the nsAdminAccessHosts field and use something in nsAdminAccessAddresses
that will most likely never match one of your clients' IP addresses.
<<<<<
Comment 1 Rich Megginson 2006-07-11 17:29:07 UTC 
Thanks.  Please check the wiki page to see if I worded it correctly.

http://directory.fedora.redhat.com/wiki/Howto:AdminServerLDAPMgmt#How_to_set_the_hosts.2FIP_addresses_allowed_to_access_the_Admin_Server
Comment 2 David Bogen 2006-07-11 17:34:23 UTC 
Your wording is better than mine.  Thanks for making the change.