[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: SASL LDAP binding over IPv6



> -----Original Message-----
> From: Howard Chu [mailto:hyc@symas.com] 
> Sent: Friday, June 12, 2009 1:28 PM
> To: Xu, Qiang (FXSGSC)
> Cc: openldap-technical@openldap.org
> Subject: Re: SASL LDAP binding over IPv6
> 
> Yes, that is required for IPv6 addresses in URLs.

Thanks, Howard. Just off-topic for a shot while, does this mean that when I am doing SASL binding over IPv6 address with MozLDAP, it also must be surrounded by brackets? In the implementation, I've got to pass the hostname or IPv6 address to the init function prldap_init(), I'm not sure whether I also need to bracet the address.
 
> ldapsearch didn't fail, the GSSAPI/Kerberos library did. It 
> was unable to match the provided IP address to the name of a 
> Kerberos server principal. In general, Kerberos requires 
> valid hostnames, it doesn't work well with numeric addresses.

But it can work well with numeric IPv6 addresses in simple binding. And when working with IPv4 addresss, SASL binding is also successful, coz it will initiate a reverse nslookup to find out FQDN of the LDAP server. So, why it can't deal with numeric addresses in IPv6? Kind of strange.

Is it possible that in the server, there isn't SPN for IPv6 address, but only IPv4?

Thanks a lot,
Xu Qiang