What if you setHi,
I'm configuring 389 DS on CentOS 7 using some packages from epel-testing
# rpm -qa | grep 389 | sort
389-admin-1.1.42-1.el7.x86_64
389-admin-console-1.1.10-1.el7.noarch
389-admin-console-doc-1.1.10-1.el7.noarch
389-adminutil-1.1.22-1.el7.x86_64
389-console-1.1.9-1.el7.noarch
389-ds-1.2.2-1.el7.centos.noarch
389-ds-base-1.3.3.1-20.el7_1.x86_64
389-ds-base-libs-1.3.3.1-20.el7_1.x86_64
389-ds-console-1.2.12-1.el7.noarch
389-ds-console-doc-1.2.12-1.el7.noarch
There is a lot of warnings in /var/log/dirsrv/admin-serv/error
[Tue Aug 11 16:59:43.061536 2015] [:warn] [pid 6814:tid 140053607032576] [client 10.10.10.22:50957] admserv_host_ip_check: failed to get host by ip addr [10.10.10.22] - check your host and DNS configuration
According to documentation http://directory.fedoraproject.org/docs/389ds/howto/howto-adminserverldapmgmt.html#how-to-set-the-hostsip-addresses-allowed-to-access-the-admin-server nsAdminAccessHosts attribute can be deleted to turn off access control by host/domain name.
:
nsAdminAccessHosts andnsAdminAccessAddresses to "*"? instead of deleting those attributes.
But deleting "nsAdminAccessHosts" leads to also deleting "configuration.nsAdminAccessHosts" from /etc/dirsrv/admin-serv/local.conf. After that Admin Server doesn't start with error
[Tue Aug 11 17:03:51.704255 2015] [:crit] [pid 7292:tid 140568690079808] host_ip_init(): PSET failure: Could not retrieve access hosts attribute (pset error = )
If i put empty parameter "configuration.nsAdminAccessHosts: " in /etc/dirsrv/admin-serv/local.conf Admin Server works as expected until next configuration change from Management Console. After next restart "configuration.nsAdminAccessHosts" is again missing from config because there is no "nsAdminAccessHosts" in directory and Admin Server doesn't start again.
Is it a bug? How to turn off access control by host/domain name?Aleksey
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users