Dotaz: directory server - localhost

16.2.2015 13:35 Milan Roubal | skóre: 25
directory server - localhost

Přečteno: 678×

Odpovědět | Admin

Zdravim, potreboval bych vysvetlit pro me nelogicke chovani directory serveru. Cilem je donutit server poslouchat pouze na vnitrnim rozhrani. Vyzkousel jsem tyto 3 moznosti v souboru /etc/dirsrv/slapd-opensuse64/dse.ldif

127.0.0.1
localhost
::1

127.0.0.1 posloucha jak na IPv4, tak IPv6

localhost vrati pri startu chybovou hlasku a funguje jen na IPv6

::1 funguje jen na IPv6, ale pri ukonceni serveru je v souboru dse.ldif radek zmenen na nsslapd-listenhost:: Ojox

nsslapd-listenhost: 127.0.0.1

opensuse64:/etc/dirsrv/slapd-opensuse64 # ldapsearch -h 127.0.0.1 -p 389 -b "" -s base "(objectclass=*)" dn
ldap_sasl_interactive_bind_s: Inappropriate authentication (48)
        additional info: Anonymous access is not allowed.
opensuse64:/etc/dirsrv/slapd-opensuse64 # ldapsearch -h localhost -p 389 -b "" -s base "(objectclass=*)" dn
ldap_sasl_interactive_bind_s: Inappropriate authentication (48)
        additional info: Anonymous access is not allowed.
opensuse64:/etc/dirsrv/slapd-opensuse64 # ldapsearch -h [::1] -p 389 -b "" -s base "(objectclass=*)" dn
ldap_sasl_interactive_bind_s: Inappropriate authentication (48)
        additional info: Anonymous access is not allowed.


nsslapd-listenhost: localhost

opensuse64:/etc/dirsrv/slapd-opensuse64 # /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-opensuse64 -i /var/run/dirsrv/slapd-opensuse64.pid -w /var/run/dirsrv/slapd-opensuse64.startpid
[16/Feb/2015:13:12:36 +0100] - slapd_listenhost2addr: detected duplicated address -W�G [-W�G]
opensuse64:/etc/dirsrv/slapd-opensuse64 # ldapsearch -h 127.0.0.1 -p 389 -b "" -s base "(objectclass=*)" dn
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
opensuse64:/etc/dirsrv/slapd-opensuse64 # ldapsearch -h localhost -p 389 -b "" -s base "(objectclass=*)" dn
ldap_sasl_interactive_bind_s: Inappropriate authentication (48)
        additional info: Anonymous access is not allowed.
opensuse64:/etc/dirsrv/slapd-opensuse64 # ldapsearch -h [::1] -p 389 -b "" -s base "(objectclass=*)" dn
ldap_sasl_interactive_bind_s: Inappropriate authentication (48)
        additional info: Anonymous access is not allowed.


nsslapd-listenhost: ::1

opensuse64:/etc/dirsrv/slapd-opensuse64 # /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-opensuse64 -i /var/run/dirsrv/slapd-opensuse64.pid -w /var/run/dirsrv/slapd-opensuse64.startpid
opensuse64:/etc/dirsrv/slapd-opensuse64 # ldapsearch -h 127.0.0.1 -p 389 -b "" -s base "(objectclass=*)" dn
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
opensuse64:/etc/dirsrv/slapd-opensuse64 # ldapsearch -h localhost -p 389 -b "" -s base "(objectclass=*)" dn
ldap_sasl_interactive_bind_s: Inappropriate authentication (48)
        additional info: Anonymous access is not allowed.
opensuse64:/etc/dirsrv/slapd-opensuse64 # ldapsearch -h [::1] -p 389 -b "" -s base "(objectclass=*)" dn
ldap_sasl_interactive_bind_s: Inappropriate authentication (48)
        additional info: Anonymous access is not allowed.


opensuse64:/etc/dirsrv/slapd-opensuse64 # cat /etc/hosts
127.0.0.1       localhost
::1             localhost ipv6-localhost ipv6-loopback
fe00::0         ipv6-localnet
ff00::0         ipv6-mcastprefix
ff02::1         ipv6-allnodes
ff02::2         ipv6-allrouters
ff02::3         ipv6-allhosts
127.0.0.2       opensuse64.keyserver.cz opensuse64

Ocekaval bych, ze pri 127.0.0.1 to bude poslouchat jen na IPv4 a pri localhost a ::1 to bude poslouchat na IPv4 a IPv6, ne? A proc to pri pouziti toho localhost vrati tu chybu?

Nástroje: Začni sledovat (0) ?

Odpovědi

16.2.2015 17:58 NN
Rozbalit Rozbalit vše Re: directory server - localhost

127.0.0.1       localhost
::1             localhost ipv6-localhost ipv6-loopback

ma byt:

127.0.0.1       localhost
::1             ipv6-localhost ipv6-loopback

17.2.2015 11:27 Milan Roubal | skóre: 25
Rozbalit Rozbalit vše Re: directory server - localhost

no to sice tu chybovou hlasku vyresi, ale podle me i wikipedie je localhost mozne uvest u obou, jak pro IPv4, tak pro IPv6. Musim otestovat, zda to nema nejaky nezadouci sideefekt, nez to dam na produkci. Nejsem si uplne vedom, ze bych tu konfiguraci /etc/hosts menil a ten IPv6 localhost tam pridaval, neni to takto default? Diky.

Zacina me trochu iritovat vystup prikazu netstat, nebot vsechny 3 sluzby poslouchaji jak na IPv4, tak IPv6, i kdyz to neni poznat.

# netstat -anp | grep LIST
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1011/sshd
tcp        0      0 127.0.0.1:389           0.0.0.0:*               LISTEN      3596/ns-slapd
tcp        0      0 :::22                   :::*                    LISTEN      1011/sshd
tcp        0      0 :::80                   :::*                    LISTEN      25022/httpd2-prefor

Neni nejaky lepsi prikaz nez netstat, ktery by ukazal vsechny sluzby na IPv4 a vsechny na IPv6? Ze apache posloucha na IPv4 i kdyz je v netstat uvedena jen adresa IPv6 jsem si uz zvykl, ale aby byla videt jen IPv4 adresa jako u ns-slapd a pritom to poslouchalo i na IPv6, to jsem jeste nevidel.

17.2.2015 14:09 NN
Rozbalit Rozbalit vše Re: directory server - localhost

To sice ano, ale slapd_listenhost2addr to vyhodnoti jako dve adresy.. Btw. parametr -4 donuti slapd poslouchat na IPv4 only.. Ad netstat, zkontroluj vystup:

netstat anpA inet6

17.2.2015 14:31 Milan Roubal | skóre: 25
Rozbalit Rozbalit vše Re: directory server - localhost

vyborne, diky. Tedy je to specifikum toho slapd. Zatim jsem to nechal v konfiguraci s 127.0.0.1, na testu jsem zmenil ten /etc/hosts a uvidim. Diky

Jsem ten prikaz upravil na netstat -anpA inet6 ale stejne tam ten slapd neni videt.

Založit nové vlákno • Nahoru

Tiskni Sdílej: