Bug 213626 - start-slapd fails if nsslapd-listenhost is specified (multihomed, FDS 1.0.3)
start-slapd fails if nsslapd-listenhost is specified (multihomed, FDS 1.0.3)
Product: 389
Classification: Community
Component: Directory Server (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Noriko Hosoi
Viktor Ashirov
: 160624 249789 (view as bug list)
Depends On:
Blocks: 152373 240316 FDS1.1.0
  Show dependency treegraph
Reported: 2006-11-02 06:52 EST by Dirk Husung
Modified: 2015-12-07 11:41 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2015-12-07 11:41:36 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Dirk Husung 2006-11-02 06:52:57 EST
Description of problem:

When trying to updating from FDS 1.0.2 to 1.0.3 start-slapd fails with
"[02/Nov/2006:12:10:57 +0100] createprlistensocket - PR_Bind() on <ip-address>
port 389 failed: Netscape Portable Runtime error -5967 (TCP file descriptor is
already bound.)".
The problem seems to be caused by a single line in dse.ldif:
nsslapd-listenhost: <hostname>
According to the RedHat Directory Server Configuration guide (p.68) this
attribute allows multiple directory server instances to run on a multihomed
machine. (And that's exactly what I need to achieve.) The attribute worked fine
with FDS 1.0.2.

Version-Release number of selected component (if applicable):
FDS 1.0.3 on FC 5

How reproducible:

Steps to Reproduce:
1. setup FDS 1.0.3
2. Enter the folling line to slapd-<host>/config/dse.ldif below dn: cn=config

nsslapd-listenhost: <hostname>

3. cd /opt/fedora-ds/slapd-<host>; ./start-slapd

Actual results:
slapd doesn't start with the error message
"[02/Nov/2006:12:10:57 +0100] createprlistensocket - PR_Bind() on <ip-address>
port 389 failed: Netscape Portable Runtime error -5967 (TCP file descriptor is
already bound.)"

Expected results:
slapd starts

Additional info:
The test machine is not multihomed, the production server I have to update is
multihomed (in both cases no problem with FDS 1.0.2).
Comment 1 Rich Megginson 2006-11-02 09:13:06 EST
I think this may be IPv6 related.  Is your workaround to use an IPv6 style address?
Comment 2 Dirk Husung 2006-11-02 10:23:56 EST
Sorry, our computer center doesn't support IPv6 addresses yet, so an IPv6 style
address would not be a workaround for me, I think. (The <ip-address> in the
error message was correctly resolved, btw.)
Comment 3 Rich Megginson 2006-11-02 10:28:55 EST
Someone else reported a workaround was to use an IPv6 style address like this:

nsslapd-listenhost: ::ffff:N.N.N.N

Can you give it a try?  Even though your network is not IPv6, the TCP stack may
be able to parse this address into a valid IPv4 netaddr.
Comment 4 Dirk Husung 2006-11-02 10:48:39 EST
Thanks a lot!
That seems to solve my problem; slapd starts up and the log file reports:

[02/Nov/2006:16:44:11 +0100] - Fedora-Directory/1.0.3 B2006.303.2257 starting up
[02/Nov/2006:16:44:11 +0100] - slapd started.  Listening on <ip-address> port
389 for LDAP requests

(with the correct <ip-address>)
Comment 5 sergey ivanov 2006-11-02 11:27:49 EST
Another way, which helped me for this problem, was adding '::ffff:' in front of
IP address in /etc/hosts for the line containing hostname which directory server
is binding to.
Comment 6 Noriko Hosoi 2006-11-02 14:12:52 EST
The problem is ... 

On FDS 1.0.2 and older, if the IPv4 style listenhost is set in the config file
(dse.ldif), it's converted to the IPv4-compatible IPv6 address and the conflict
is avoided.  If the IPv6 style listenhost is set, it shows the same bind
conflict error at the start up time:  createprlistensocket - PR_Bind() on
fe80::208:74ff:xxxx:xxxx port <port> failed: Netscape Portable Runtime error
-5967 (TCP file descriptor is already bound.)

On FDS 1.0.3, the listenhost sets what's specified in the config file.  Thus, if
the listenhost is the same as the main socket's address, the bind fails with the
error "already bound".
Comment 7 Noriko Hosoi 2007-07-27 19:05:20 EDT
*** Bug 249789 has been marked as a duplicate of this bug. ***
Comment 8 Noriko Hosoi 2007-08-03 18:19:46 EDT
It turned out the problem was caused by setting the wrong socket type.  This bug
was fixed as part of another bug #250702:
Summary: not all the addresses associated with listenhost are bound to listen
Comment 9 Noriko Hosoi 2007-09-06 16:38:59 EDT
*** Bug 160624 has been marked as a duplicate of this bug. ***
Comment 10 Michael Gregg 2007-11-19 14:56:03 EST
Verfied aginst:
1195501819 redhat-ds-base-8.0.0-11.el5dsrv Mon Nov 19 2007 
1195501821 redhat-ds-admin-8.0.0-1.15.el5dsrv Mon Nov 19 2007 
1195501823 redhat-admin-console-8.0.0-9.el5dsrv Mon Nov 19 2007 
1195501823 redhat-ds-console-8.0.0-8.el5dsrv Mon Nov 19 2007 

Note You need to log in before you can comment on or make changes to this bug.