[Freeipa-devel] [PATCH] 351 Installer should not connect to 127.0.0.1
Martin Kosek
mkosek at redhat.com
Wed Jan 16 14:23:19 UTC 2013
On 01/16/2013 03:10 PM, Simo Sorce wrote:
> On Wed, 2013-01-16 at 15:01 +0100, Martin Kosek wrote:
>> On 01/16/2013 02:50 PM, Simo Sorce wrote:
>>> On Wed, 2013-01-16 at 10:42 +0100, Martin Kosek wrote:
>>>> IPA installer sometimes tries to connect to the Directory Server
>>>> via loopback address 127.0.0.1. However, the Directory Server on
>>>> pure IPv6 systems may not be listening on this address. This address
>>>> may not even be available.
>>>>
>>>> Rather use the FQDN of the server when connecting to the DS to fix
>>>> this issue and make the connection consistent ldapmodify calls which
>>>> also use FQDN instead of IP address.
>>>>
>>>> https://fedorahosted.org/freeipa/ticket/3355
>>>
>>> Martin,
>>> shouldn't the installer rather always use the ldapi socket ?
>>>
>>> Simo.
>>>
>>
>> Probably yes, but the fix would be much more intrusive than the current patch
>> as we connect to ldap://$HOST:389 all over the installer code. My intention was
>> to prepare rather a short fix for the upcoming release...
>
> Uhmm wouldn't you just need to replace ldap://$HOST:389 with
> ldapi://path ?
>
> However it is understandable to have a short term fix, but can you open
> a ticket for the longer term goal of moving away from TCP connections to
> LDAPI ones ?
>
> Simo.
>
Sure. I updated ticket https://fedorahosted.org/freeipa/ticket/3272 which
already plans to fix other inappropriate protocol in installer code.
Martin
More information about the Freeipa-devel
mailing list