Hello,
I'm attempting to use an IP clause in an ACI attribute to restrict privileges for a particular DN to connections from a particular host. The ACI attribute is successfully added by ldapmodify, but does not work. As a workaround, I had to use a DNS clause instead, but this is not desirable from either a performance or a security perspective.
The access log shows the connection coming from the expected IPv4 address, but when I enabled the appropriate debugging level I found that the server was complaining about an IPv6 address.
It looks like the server is getting an address in the v4-in-v6 format and since the ACLs do not support IPv6, the particular ACL fails. Unfortunately, I seem to be at a loss to force the system to return IPv4 addresses. Any suggestions?
The system is running RHEL 6 with 389 DS 1.2.10.4. /etc/modprobe.d/ipv6.conf has already been configured to disable IPv6 support.
Thanks
On 04/26/2012 03:06 PM, Iain Morgan wrote:
Hello,
I'm attempting to use an IP clause in an ACI attribute to restrict privileges for a particular DN to connections from a particular host. The ACI attribute is successfully added by ldapmodify, but does not work. As a workaround, I had to use a DNS clause instead, but this is not desirable from either a performance or a security perspective.
The access log shows the connection coming from the expected IPv4 address, but when I enabled the appropriate debugging level I found that the server was complaining about an IPv6 address.
It looks like the server is getting an address in the v4-in-v6 format and since the ACLs do not support IPv6, the particular ACL fails. Unfortunately, I seem to be at a loss to force the system to return IPv4 addresses. Any suggestions?
The system is running RHEL 6 with 389 DS 1.2.10.4. /etc/modprobe.d/ipv6.conf has already been configured to disable IPv6 support.
Thanks
Sounds like a bug - perhaps this is a symptom of https://fedorahosted.org/389/ticket/196
389-users@lists.fedoraproject.org