RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 982582 - 389 Directory Server Only Binds to IPv6 - IPv4 Not Accessible
Summary: 389 Directory Server Only Binds to IPv6 - IPv4 Not Accessible
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: 389-ds-base
Version: 7.0
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: rc
: 7.1
Assignee: Rich Megginson
QA Contact: Sankar Ramalingam
URL:
Whiteboard:
Depends On:
Blocks: 1061410
TreeView+ depends on / blocked
 
Reported: 2013-07-09 10:39 UTC by Miles
Modified: 2020-09-13 20:39 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-08-11 17:28:13 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github 389ds 389-ds-base issues 775 0 None closed 389 Directory Server Only Binds to IPv6 - IPv4 Not Accessible 2021-02-05 11:58:57 UTC
Red Hat Bugzilla 588480 0 high CLOSED setup-ds-admin.pl fails to configure admin server on ipv6 enabled hosts 2021-02-22 00:41:40 UTC

Description Miles 2013-07-09 10:39:51 UTC
Description of problem:

First bug submission, sorry if I screw it up.
Platform is CentOS 6.4 (64bit) using EPEL 389 Directory Server packages.

After running "setup-ds-admin.pl", LDAP binds to IPv6 address, while ds-admin binds to IPv4 address

Have also tried to disable IPv6 using the following...

echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6
echo 1 > /proc/sys/net/ipv6/conf/default/disable_ipv6

but it still binds to IPv4 instead.

Version-Release number of selected component (if applicable):
rpm -qa | grep 389 | sort

389-admin-1.1.29-1.el6.x86_64
389-admin-console-1.1.8-1.el6.noarch
389-admin-console-doc-1.1.8-1.el6.noarch
389-adminutil-1.1.15-1.el6.x86_64
389-console-1.1.7-1.el6.noarch
389-ds-1.2.2-1.el6.noarch
389-ds-base-1.2.11.15-14.el6_4.x86_64
389-ds-base-libs-1.2.11.15-14.el6_4.x86_64
389-ds-console-1.2.6-1.el6.noarch
389-ds-console-doc-1.2.6-1.el6.noarch
389-dsgw-1.1.10-1.el6.x86_64


How reproducible:
Consistently.

Steps to Reproduce:
1. Install CentOS-6.4-x86_64-minimal
2. rpm -ivh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
3. rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
4. yum -y install 389-ds openldap-clients
5. setup-ds-admin.pl

Actual results:
netstat -tulpn

Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 0.0.0.0:9830                0.0.0.0:*                   LISTEN      3070/httpd.worker
tcp        0      :::389                        :::*                        LISTEN      2969/ns-slapd


Expected results:
netstat -tulpn

Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 0.0.0.0:389                 0.0.0.0:*                   LISTEN      2969/ns-slapd
tcp        0      0 0.0.0.0:9830                0.0.0.0:*                   LISTEN      3070/httpd.worker


Additional info:
This has been reported and closed previously under RH Bug 588480.

Can manually change LDAP configuration to use IPv4 using following steps:

vi /etc/dirsrv/fix-ipv6-bind.ldif

dn: cn=config
changetype: modify
replace: nsslapd-listenhost
nsslapd-listenhost: 0.0.0.0

ldapmodify -a -x -h localhost -p 389 -D cn="Directory Manager" -w PASSWORD -f /etc/dirsrv/fix-ipv4-bind.ldif



vi /etc/dirsrv/fix-ipv6-sslbind.ldif

dn: cn=config
changetype: modify
replace: nsslapd-securelistenhost
nsslapd-securelistenhost: 0.0.0.0

ldapmodify -a -x -h localhost -p 389 -D cn="Directory Manager" -w PASSWORD -f /etc/dirsrv/fix-ipv4-sslbind.ldif


service dirsrv restart
service dirsrv-admin restart

Comment 2 Rich Megginson 2013-07-22 15:47:40 UTC
Upstream ticket:
https://fedorahosted.org/389/ticket/47438

Comment 4 Noriko Hosoi 2014-07-22 01:09:04 UTC
Miles, could you elaborate your problem some more?

By default, both IPv4 and v6 are listened:
# /usr/lib64/mozldap/ldapsearch -h [::0] -p 389 -b "" -s base "(objectclass=*)" dn
dn:
# /usr/lib64/mozldap/ldapsearch -h 127.0.0.1 -p 389 -b "" -s base "(objectclass=*)" dn
dn:

Once disabling the IPv6:
# echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6
# echo 1 > /proc/sys/net/ipv6/conf/default/disable_ipv6

indeed, IPv6 is not available any more:
# /usr/lib64/mozldap/ldapsearch -h [::0] -p 389 -b "" -s base "(objectclass=*)"
ldap_search: Can't connect to the LDAP server - No route to host
# /usr/lib64/mozldap/ldapsearch -h 127.0.0.1 -p 389 -b "" -s base "(objectclass=*)" dn
dn:

Yes, netstat returns ":::*" even after IPv6 is disabled.
# netstat -tulpn | egrep 389  
tcp6    0      0 :::389       :::*      LISTEN      14613/ns-slapd

But that's just the format that netstat is returning?

For instance, other utilities such as sshd and cupsd returns ":::*" even after IPv6 is disabled:
tcp6    0      0 :::22        :::*      LISTEN      825/sshd            
tcp6    0      0 :::631       :::*      LISTEN      1440/cupsd 

Regarding the admin server, please take a look at /etc/dirsrv/admin-serv/console.conf. You will see a comment like this:

# To allow connections to IPv6 addresses add "Listen [::]:80"
#
Listen 0.0.0.0:9830

That is, IPv4 address is explicitly configured.

We are thinking this is not a bug in the directory server.

Comment 5 Noriko Hosoi 2014-08-11 17:28:13 UTC
Closing this bug as NOTABUG along with https://fedorahosted.org/389/ticket/47438.


Note You need to log in before you can comment on or make changes to this bug.