Hi Trevor, The easiest way will be to use the *dsconf *command and run the *dsconf add* a few times (and do separate delete commands if needed).
dsconf instance config add nsslapd-haproxy-trusted-ip=192.168.0.1 dsconf instance config add nsslapd-haproxy-trusted-ip=192.168.0.2 dsconf instance config add nsslapd-haproxy-trusted-ip=192.168.0.3 dsconf instance config delete nsslapd-haproxy-trusted-ip=192.168.0.2 dsconf instance config add nsslapd-haproxy-trusted-ip=192.168.0.4 Another way will be to use *ldapmodify *command and do the modification in the same LDAP transaction: dn: cn=config changetype: modify add: nsslapd-haproxy-trusted-ip nsslapd-haproxy-trusted-ip: 192.168.0.1 - add: nsslapd-haproxy-trusted-ip nsslapd-haproxy-trusted-ip: 192.168.0.2 - add: nsslapd-haproxy-trusted-ip nsslapd-haproxy-trusted-ip: 192.168.0.3 Sorry if it's a bit inconvenient. We have plans to improve the cn=config handling logic for multivalued attributes. Regards, Simon On Fri, Nov 8, 2024 at 3:43 PM Trevor Fong via 389-users < [email protected]> wrote: > Hi There, > > I'm trying to set up 389 DS nodes (2.4.5) for to use the Proxy protocol > for HAProxy load-balancing behind F5 load-balancers. > > I've been following > https://www.port389.org/docs/389ds/howto/howto-test-haproxy-ldaps.html > and > > https://docs.redhat.com/en/documentation/red_hat_directory_server/12/html/configuration_and_schema_reference/assembly_core-server-configuration-attributes_config-schema-reference-title#nsslapd-haproxy-trusted-ip_assembly_cn-config > . > > The Red Hat docs say "the nsslapd-haproxy-trusted-ip attribute configures > the list of trusted proxy servers." I have at least 5 IP's I would need > the 389 DS nodes to trust, but nsslapd-haproxy-trusted-ip does not want to > accept a CIDR nor does it seem to accept multiple values. It also doesn't > want to accept a comma delimited list of IP's. > > Does anyone know the correct syntax/setup for multiple HAProxy trusted > IP's? > Are there any further docs available? > > Thanks, > Trev > -- > _______________________________________________ > 389-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
-- _______________________________________________ 389-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
