[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8206) ldapsearch incorrectly cannonicalizes dns names for GSSAPI

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8206) ldapsearch incorrectly cannonicalizes dns names for GSSAPI
From: michael@stroeder.com
Date: Wed, 29 Jul 2015 16:24:34 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

cwinkows@vt.edu wrote:
> When using ldapsearch GSSAPI mechanism with a server whose reverse DNS name
> doesn't match its DNS name, ldapsearch will do the DNS lookups and hand the
> reverse DNS entry to GSSAPI. If the reverse DNS entry is not what is used by
> kerberos then kerberos will fail.

Did you already try with -N?

$ ldapsearch -h
[..]
  -N         do not use reverse DNS to canonicalize SASL host name
[..]

Ciao, Michael.

Prev by Date: (ITS#8207) ppolicy: pwdMinLength not checked if pwdInHistory == 0
Next by Date: Re: (ITS#8207) ppolicy: pwdMinLength not checked if pwdInHistory == 0
Index(es):
- Chronological
- Thread