Re: [389-devel] Setting up 389 DS without DNS

Tue, 24 Jul 2012 07:49:49 -0700 

On 07/23/2012 08:58 PM, Chaudhari, Rohit K. wrote:

Thanks everyone for the quick response.  We do need to use TLS for doing LDAP 
authentication for users to sign in.  So based on the notes below, the lack of 
DNS will not work.  How can I get TLS and no-DNS to work together?



It does work.  Perhaps it is in violation of some spec somewhere 
(link?), but using /etc/hosts or even NIS host maps will work.  DNS is 
not a requirement to get it to work.




Thanks.
________________________________________
From: 389-devel-boun...@lists.fedoraproject.org 
[389-devel-boun...@lists.fedoraproject.org] On Behalf Of Rich Megginson 
[rmegg...@redhat.com]
Sent: Monday, July 23, 2012 8:09 PM
To: 389 Directory server developer discussion.
Subject: Re: [389-devel] Setting up 389 DS without DNS

On 07/23/2012 05:13 PM, Paul Robert Marino wrote:

On Jul 23, 2012 5:15 PM, "Rich 
Megginson"<rmegg...@redhat.com<mailto:rmegg...@redhat.com>>  wrote:

On 07/23/2012 02:46 PM, Chaudhari, Rohit K. wrote:

Hey 389 community,



I had a question.  We want to set up 389-ds on a Red Hat VM without DNS.  I 
read online that disabling SELinux would allow us to accomplish this.  Is this 
true or false?


False.  AFAIK it has nothing to do with SELinux.  Where did you read this?



If DNS cannot be disabled, how do we create a dummy DNS so that replication and 
single sign-on from client to the server can occur?  Do we have to hard-code IP 
addresses or something else?  Thank you for your time this afternoon.


It depends.  If you are using Fedora/RHEL virtualization, you just have to
virsh net-edit default - create new entries for your VMs with unique MACs and 
IP addresses
edit /etc/hosts - add entries for you IP addresses and your new hosts - make 
sure the FQDN is the first name e.g.
192.168.122.2 myhost.mydomain.com<http://myhost.mydomain.com>  myhost


This will only work if you don't intend to use TLS encryption
TLS requiers full forward and reverse 'DNS' lookup and won't work properly with 
entries in the /etc/hosts file per the RFC that defines the TLS standard.

Hmm - I've successfully done this with /etc/hosts files - what exactly is the 
problem with that?  What specifically requires a DNS lookup and not a getent 
hosts?



Thanks.



--
389-devel mailing list
389-de...@lists.fedoraproject.org<mailto:389-de...@lists.fedoraproject.org>
https://admin.fedoraproject.org/mailman/listinfo/389-devel



--
389-devel mailing list
389-de...@lists.fedoraproject.org<mailto:389-de...@lists.fedoraproject.org>
https://admin.fedoraproject.org/mailman/listinfo/389-devel



--
389-devel mailing list
389-de...@lists.fedoraproject.org<mailto:389-de...@lists.fedoraproject.org>
https://admin.fedoraproject.org/mailman/listinfo/389-devel

--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel


--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel





















					Reply via email to