[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL LDAP binding over IPv6

Hi, all: 

In using ldapsearch to bind to a server with IPv6 address, some error pops up: 
qxu@durian(pts/3):/etc[133]$ kinit XCTEST100@XCIPV6.COM Password for XCTEST100@XCIPV6.COM:

qxu@durian(pts/3):/etc[134]$ klist
Ticket cache: FILE:/tmp/krb5cc_20153
Default principal: XCTEST100@XCIPV6.COM

Valid starting     Expires            Service principal
06/09/09 17:35:18  06/10/09 03:34:41  krbtgt/XCIPV6.COM@XCIPV6.COM
        renew until 06/10/09 17:35:18

qxu@durian(pts/3):/etc[135]$ ldapsearch -Y GSSAPI -H 'ldap://3ffe:2000:0:1:e0be:1872:d4f8:6b2c' -b 'dc=xcipv6,dc=com' -s sub -LLL 'cn=XCTEST100' mail 
Could not create LDAP session handle for URI=ldap://3ffe:2000:0:1:e0be:1872:d4f8:6b2c (-9): Bad parameter to an ldap routine

qxu@durian(pts/3):/etc[136]$ ldapsearch -Y GSSAPI -H 'ldap://[3ffe:2000:0:1:e0be:1872:d4f8:6b2c]' -b 'dc=xcipv6,dc=com' -s sub -LLL 'cn=XCTEST100' mail 
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
        additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Server not found in Kerberos database) 
Shall I add the brackets [] around the IPv6 address? DNS server has been correctly set up, because sasl binding over IPv4 address is good.

Any possible reason for the failure of ldapsearch?

Xu Qiang