[Freeipa-devel] [PATCH] 351 Installer should not connect to 127.0.0.1
Rob Crittenden
rcritten at redhat.com
Mon Jan 21 17:14:28 UTC 2013
Martin Kosek wrote:
> On 01/16/2013 03:10 PM, Simo Sorce wrote:
>> On Wed, 2013-01-16 at 15:01 +0100, Martin Kosek wrote:
>>> On 01/16/2013 02:50 PM, Simo Sorce wrote:
>>>> On Wed, 2013-01-16 at 10:42 +0100, Martin Kosek wrote:
>>>>> IPA installer sometimes tries to connect to the Directory Server
>>>>> via loopback address 127.0.0.1. However, the Directory Server on
>>>>> pure IPv6 systems may not be listening on this address. This address
>>>>> may not even be available.
>>>>>
>>>>> Rather use the FQDN of the server when connecting to the DS to fix
>>>>> this issue and make the connection consistent ldapmodify calls which
>>>>> also use FQDN instead of IP address.
>>>>>
>>>>> https://fedorahosted.org/freeipa/ticket/3355
>>>>
>>>> Martin,
>>>> shouldn't the installer rather always use the ldapi socket ?
>>>>
>>>> Simo.
>>>>
>>>
>>> Probably yes, but the fix would be much more intrusive than the current patch
>>> as we connect to ldap://$HOST:389 all over the installer code. My intention was
>>> to prepare rather a short fix for the upcoming release...
>>
>> Uhmm wouldn't you just need to replace ldap://$HOST:389 with
>> ldapi://path ?
>>
>> However it is understandable to have a short term fix, but can you open
>> a ticket for the longer term goal of moving away from TCP connections to
>> LDAPI ones ?
>>
>> Simo.
>>
>
> Sure. I updated ticket https://fedorahosted.org/freeipa/ticket/3272 which
> already plans to fix other inappropriate protocol in installer code.
ACK, pushed to master, ipa-3-1 and ipa-3-0
rob
More information about the Freeipa-devel
mailing list