Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-25072

nsslapd-haproxy-trusted-ip accepts IPv6, but the passthrough doesn't work

XMLWordPrintable

    • sst_idm_ds
    • ssg_idm
    • 13
    • None
    • Dev ack
    • False
    • Hide

      None

      Show
      None
    • None
    • None

      What were you trying to do that didn't work?

      I'm trying to configure HAProxy backend to use IPv6 to connect to LDAP server:

      backend ldap
    balance     roundrobin
    server ldap1 [::1]:389 send-proxy

      But the server doesn't accept it:

      [12/Feb/2024:05:35:07.024868922 -0500] conn=28 fd=64 slot=64 connection from ::1 to ::1
[12/Feb/2024:05:35:07.025052017 -0500] conn=28 op=-1 fd=64 Disconnect - Protocol error - Unknown Proxy - P4

      Even though nsslapd-haproxy-trusted-ip is set to ::1

      Please provide the package NVR for which bug is seen:

      389-ds-base-2.4.5-3.el9.x86_64

      How reproducible:

      always

      Steps to reproduce

      1.  Configure HAProxy backend to connect via IPv6 to LDAP server
      2.  Set nsslapd-haproxy-trusted-ip to ::1
      3.  Issue ldapsearch command to HAProxy IP:Port

      Expected results

      Request should be successful

      Actual results

      # ldapsearch -D cn=Directory\ Manager -w password -H ldap://haproxy:3389
ldap_result: Can't contact LDAP server (-1)

            idm-ds-dev-bugs IdM DS Dev
            vashirov@redhat.com Viktor Ashirov
            Simon Pichugin Simon Pichugin
            IdM DS QE IdM DS QE
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated: