FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 04-26-2012, 09:06 PM
Iain Morgan
 
Default IP clause in ACI attributes

Hello,

I'm attempting to use an IP clause in an ACI attribute to restrict
privileges for a particular DN to connections from a particular host.
The ACI attribute is successfully added by ldapmodify, but does not
work. As a workaround, I had to use a DNS clause instead, but this is
not desirable from either a performance or a security perspective.

The access log shows the connection coming from the expected IPv4
address, but when I enabled the appropriate debugging level I found that
the server was complaining about an IPv6 address.

It looks like the server is getting an address in the v4-in-v6 format
and since the ACLs do not support IPv6, the particular ACL fails.
Unfortunately, I seem to be at a loss to force the system to return IPv4
addresses. Any suggestions?

The system is running RHEL 6 with 389 DS 1.2.10.4.
/etc/modprobe.d/ipv6.conf has already been configured to disable IPv6
support.

Thanks

--
Iain Morgan
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 04-30-2012, 02:42 PM
Rich Megginson
 
Default IP clause in ACI attributes

On 04/26/2012 03:06 PM, Iain Morgan wrote:

Hello,

I'm attempting to use an IP clause in an ACI attribute to restrict
privileges for a particular DN to connections from a particular host.
The ACI attribute is successfully added by ldapmodify, but does not
work. As a workaround, I had to use a DNS clause instead, but this is
not desirable from either a performance or a security perspective.

The access log shows the connection coming from the expected IPv4
address, but when I enabled the appropriate debugging level I found that
the server was complaining about an IPv6 address.

It looks like the server is getting an address in the v4-in-v6 format
and since the ACLs do not support IPv6, the particular ACL fails.
Unfortunately, I seem to be at a loss to force the system to return IPv4
addresses. Any suggestions?

The system is running RHEL 6 with 389 DS 1.2.10.4.
/etc/modprobe.d/ipv6.conf has already been configured to disable IPv6
support.

Thanks

Sounds like a bug - perhaps this is a symptom of
https://fedorahosted.org/389/ticket/196

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 11:54 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org