Graham Leggett wrote:
Richard Megginson wrote:
>> Having got my brand new DS v1.0.2 up and running, and the admin
>> server started up, I discover that the admin server has arbitrarily
>> placed a host check of *.domain.com onto the server, effectively
>> locking me out of the admin server (my client machine is not in
>> *.domain.com).
>
> See
http://directory.fedora.redhat.com/wiki/Howto:AdminServerLDAPMgmt
> and
>
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=183925
I don't follow - I need to download the source, apply the patch in the
above bug, then rebuild the entire thing before I have any hope of
administering this server?
no, you just need to supply a pattern which _does not match_ the
incoming IP address. Then it will allow it. It's backwards.
Is there some kind of manual override that I can use to switch this
behaviour off? Or alternatively if this is not possible, to require
localhost so that I can run the admin server behind a reverse proxy
whose access control does work properly?
Having changed the *.domain.com to * I am now getting this error:
[Sat Mar 04 10:42:50 2006] [notice] [client xx.xx.xx.xx]
admserv_host_ip_check: Unauthorized host ip=xx.xx.xx.xx, connection
rejected
Google finds other people with this problem, apparently "*" doesn't
mean "let everybody in", but instead it means "let everyone in whose
reverse DNS works". In this case reverse DNS does work, but I may be
getting bitten by bug 183925.
So in short, does the admin server in v1.0.2 work at all, or am I just
wasting my time? :(
Regards,
Graham
--
------------------------------------------------------------------------
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users