Bug 982582 - 389 Directory Server Only Binds to IPv6 - IPv4 Not Accessible
389 Directory Server Only Binds to IPv6 - IPv4 Not Accessible
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: 389-ds-base (Show other bugs)
7.0
x86_64 Linux
unspecified Severity medium
: rc
: 7.1
Assigned To: Rich Megginson
Sankar Ramalingam
:
Depends On:
Blocks: 1061410
  Show dependency treegraph
 
Reported: 2013-07-09 06:39 EDT by Miles
Modified: 2015-07-27 08:26 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-08-11 13:28:13 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Bugzilla 588480 None CLOSED setup-ds-admin.pl fails to configure admin server on ipv6 enabled hosts 2018-06-12 21:18 EDT

  None (edit)
Description Miles 2013-07-09 06:39:51 EDT
Description of problem:

First bug submission, sorry if I screw it up.
Platform is CentOS 6.4 (64bit) using EPEL 389 Directory Server packages.

After running "setup-ds-admin.pl", LDAP binds to IPv6 address, while ds-admin binds to IPv4 address

Have also tried to disable IPv6 using the following...

echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6
echo 1 > /proc/sys/net/ipv6/conf/default/disable_ipv6

but it still binds to IPv4 instead.

Version-Release number of selected component (if applicable):
rpm -qa | grep 389 | sort

389-admin-1.1.29-1.el6.x86_64
389-admin-console-1.1.8-1.el6.noarch
389-admin-console-doc-1.1.8-1.el6.noarch
389-adminutil-1.1.15-1.el6.x86_64
389-console-1.1.7-1.el6.noarch
389-ds-1.2.2-1.el6.noarch
389-ds-base-1.2.11.15-14.el6_4.x86_64
389-ds-base-libs-1.2.11.15-14.el6_4.x86_64
389-ds-console-1.2.6-1.el6.noarch
389-ds-console-doc-1.2.6-1.el6.noarch
389-dsgw-1.1.10-1.el6.x86_64


How reproducible:
Consistently.

Steps to Reproduce:
1. Install CentOS-6.4-x86_64-minimal
2. rpm -ivh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
3. rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
4. yum -y install 389-ds openldap-clients
5. setup-ds-admin.pl

Actual results:
netstat -tulpn

Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 0.0.0.0:9830                0.0.0.0:*                   LISTEN      3070/httpd.worker
tcp        0      :::389                        :::*                        LISTEN      2969/ns-slapd


Expected results:
netstat -tulpn

Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 0.0.0.0:389                 0.0.0.0:*                   LISTEN      2969/ns-slapd
tcp        0      0 0.0.0.0:9830                0.0.0.0:*                   LISTEN      3070/httpd.worker


Additional info:
This has been reported and closed previously under RH Bug 588480.

Can manually change LDAP configuration to use IPv4 using following steps:

vi /etc/dirsrv/fix-ipv6-bind.ldif

dn: cn=config
changetype: modify
replace: nsslapd-listenhost
nsslapd-listenhost: 0.0.0.0

ldapmodify -a -x -h localhost -p 389 -D cn="Directory Manager" -w PASSWORD -f /etc/dirsrv/fix-ipv4-bind.ldif



vi /etc/dirsrv/fix-ipv6-sslbind.ldif

dn: cn=config
changetype: modify
replace: nsslapd-securelistenhost
nsslapd-securelistenhost: 0.0.0.0

ldapmodify -a -x -h localhost -p 389 -D cn="Directory Manager" -w PASSWORD -f /etc/dirsrv/fix-ipv4-sslbind.ldif


service dirsrv restart
service dirsrv-admin restart
Comment 2 Rich Megginson 2013-07-22 11:47:40 EDT
Upstream ticket:
https://fedorahosted.org/389/ticket/47438
Comment 4 Noriko Hosoi 2014-07-21 21:09:04 EDT
Miles, could you elaborate your problem some more?

By default, both IPv4 and v6 are listened:
# /usr/lib64/mozldap/ldapsearch -h [::0] -p 389 -b "" -s base "(objectclass=*)" dn
dn:
# /usr/lib64/mozldap/ldapsearch -h 127.0.0.1 -p 389 -b "" -s base "(objectclass=*)" dn
dn:

Once disabling the IPv6:
# echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6
# echo 1 > /proc/sys/net/ipv6/conf/default/disable_ipv6

indeed, IPv6 is not available any more:
# /usr/lib64/mozldap/ldapsearch -h [::0] -p 389 -b "" -s base "(objectclass=*)"
ldap_search: Can't connect to the LDAP server - No route to host
# /usr/lib64/mozldap/ldapsearch -h 127.0.0.1 -p 389 -b "" -s base "(objectclass=*)" dn
dn:

Yes, netstat returns ":::*" even after IPv6 is disabled.
# netstat -tulpn | egrep 389  
tcp6    0      0 :::389       :::*      LISTEN      14613/ns-slapd

But that's just the format that netstat is returning?

For instance, other utilities such as sshd and cupsd returns ":::*" even after IPv6 is disabled:
tcp6    0      0 :::22        :::*      LISTEN      825/sshd            
tcp6    0      0 :::631       :::*      LISTEN      1440/cupsd 

Regarding the admin server, please take a look at /etc/dirsrv/admin-serv/console.conf. You will see a comment like this:

# To allow connections to IPv6 addresses add "Listen [::]:80"
#
Listen 0.0.0.0:9830

That is, IPv4 address is explicitly configured.

We are thinking this is not a bug in the directory server.
Comment 5 Noriko Hosoi 2014-08-11 13:28:13 EDT
Closing this bug as NOTABUG along with https://fedorahosted.org/389/ticket/47438.

Note You need to log in before you can comment on or make changes to this bug.