RE: SASL LDAP binding over IPv6

["Xu, Qiang (FXSGSC)" <Qiang.Xu@fujixerox.com>]

> -----Original Message-----
> From: Howard Chu [mailto:hyc@symas.com] 
> Sent: Friday, June 12, 2009 1:28 PM
> To: Xu, Qiang (FXSGSC)
> Cc: openldap-technical@openldap.org
> Subject: Re: SASL LDAP binding over IPv6
> 
> ldapsearch didn't fail, the GSSAPI/Kerberos library did. It 
> was unable to match the provided IP address to the name of a 
> Kerberos server principal. In general, Kerberos requires 
> valid hostnames, it doesn't work well with numeric addresses.

Just to let you guys know that Howard is correct. In dealing with IPv6 address, we must provide hostname to ldapsearch command. The numeric address doesn't work. In contrast, if the server only has IPv4 address, then providng hostname is optional, i.e. we can also supply IPv4 address directly to ldapsearch command.

So, generally, when we don't know which one of the two addresses (IPv6 and IPv4) the server is prioritized upon, we had better always provide hostname to ldapsearch command, when doing SASL bindings.

Thanks heartedly, Howard!
Xu Qiang