[Date Prev][Date Next]
Re: SASL LDAP binding over IPv6
Xu, Qiang (FXSGSC) wrote:
> Just to let you guys know that Howard is correct. In dealing with
> IPv6 address, we must provide hostname to ldapsearch command. The
> numeric address doesn't work. In contrast, if the server only has
> IPv4 address, then providng hostname is optional, i.e. we can also
> supply IPv4 address directly to ldapsearch command.
> So, generally, when we don't know which one of the two addresses
> (IPv6 and IPv4) the server is prioritized upon, we had better always
> provide hostname to ldapsearch command, when doing SASL bindings.
Even with IPv4 addresses I had some issues when using SASL bind to MS AD
(with OpenLDAP's ldapsearch tool). And this not only with GSSAPI mech.
Also AD is picky with DIGEST-MD5.
So in general: If you have any issues with SASL bind and MS AD examine
your DNS and the attribute servicePrincipalName of the used service
account and fix related DNS RRs if needed.