Bug 588499 - 389-console uses ipv4 mapped ipv6 addresses on ipv6 enabled machines.
Summary: 389-console uses ipv4 mapped ipv6 addresses on ipv6 enabled machines.
Alias: None
Product: 389
Classification: Retired
Component: Directory Console
Version: 1.1.3
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Rich Megginson
QA Contact: Chandrasekar Kannan
Depends On:
Blocks: 434915
TreeView+ depends on / blocked
Reported: 2010-05-03 20:07 UTC by Rick Dicaire
Modified: 2015-01-04 23:42 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2011-02-16 16:42:42 UTC

Attachments (Terms of Use)

Description Rick Dicaire 2010-05-03 20:07:13 UTC
Description of problem:
389-console uses ipv4 mapped ipv6 addresses on ipv6 enabled machines.
When sysctl key net.ipv6.bindv6only is set to 1, 389-console cannot connect to an ipv4 resolved hostname or implicit IP.

Version-Release number of selected component (if applicable):
Name       : 389-console
Arch       : noarch
Version    : 1.1.3
Release    : 5.fc12

How reproducible:
Assumes client machine is ipv6 enabled and has working ipv6 Global IPs.
Set net.ipv6.bindv6only=1. Execute 389-console. Try to connect to an ipv4 host. Connection fails.

Steps to Reproduce:
Actual results:
Connection to host fails.

Expected results:
Successful connection to host.

Additional info:

From strace -e trace=network 389-console:

connect(25, {sa_family=AF_INET6, sin6_port=htons(9830), inet_pton(AF_INET6, "::ffff:", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = -1 ENETUNREACH (Network is unreachable)

When I set sysctl key net.ipv6.bindv6only=0, 389-console successfully connects.
Its understood this sysctl key is set to 0 by default, I have it set to 1 because oidentd won't bind to ipv4 socket by default when the key value is 0, plus other potential security issues where I dont want a daemon using one socket for both inet address families.

Comment 3 Nathan Kinder 2011-02-14 22:24:09 UTC
How do you have 389-ds-base and 389-admin configured with regards to the hostname/address they listen on?  By default, ns-slapd listens on all interfaces, though setting net.ipv6.bindv6only=1 will cause it to listen on the v6 interfaces only.

Do you have 389-ds-base and 389-admin configured on the same system where you are running console, or are you attempting to connect to an admin server on a remote system via IPv4?

Comment 4 Nathan Kinder 2011-02-16 16:42:42 UTC
This was apparently a bug in Java.  I was able to reproduce the problem on a freshly installed (but not updated) F14 system.  After updating to java-1.6.0-openjdk-, I am able to connect to a remove system using a IPv4 address with net.ipv6.bindv6only set to 1.

I believe that this problem was caused by upstream Java bug http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6342561.

Closing as WORKSFORME.

Note You need to log in before you can comment on or make changes to this bug.