[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Finding Kerberos server from IPv6 address in SASL binding

To: "Xu, Qiang (FXSGSC)" <Qiang.Xu@fujixerox.com>
Subject: Re: Finding Kerberos server from IPv6 address in SASL binding
From: Howard Chu <hyc@symas.com>
Date: Thu, 06 Aug 2009 23:20:35 -0700
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
In-reply-to: <D8C9BC7FFCF8154FB7141EB8DB609C172E71BF2382@SGPAPHQ-EXSCC01.dc01.fujixerox.net>
References: <D8C9BC7FFCF8154FB7141EB8DB609C172E6F0B2FB2@SGPAPHQ-EXSCC01.dc01.fujixerox.net> <4A31E76E.20905@symas.com> <D8C9BC7FFCF8154FB7141EB8DB609C172E6F10649B@SGPAPHQ-EXSCC01.dc01.fujixerox.net> <4A323772.8090102@stroeder.com> <D8C9BC7FFCF8154FB7141EB8DB609C172E71BF2320@SGPAPHQ-EXSCC01.dc01.fujixerox.net> <4A7BB862.1020902@symas.com> <D8C9BC7FFCF8154FB7141EB8DB609C172E71BF2382@SGPAPHQ-EXSCC01.dc01.fujixerox.net>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; rv:1.9.1b5pre) Gecko/20090630 SeaMonkey/2.0a1pre Firefox/3.0.3

Xu, Qiang (FXSGSC) wrote:

-----Original Message-----
From: Howard Chu [mailto:hyc@symas.com]
Sent: Friday, August 07, 2009 1:15 PM
To: Xu, Qiang (FXSGSC)
Cc: openldap-technical@openldap.org
Subject: Re: Finding Kerberos server from IPv6 address in SASL binding

Have you read the ldapsearch(1) manpage? Have you already
tried the "-d" debug option?


Blushed... Just read the manpage carefully, and use the option "-d -1"

(ldap_log.h shows -1 means LDAP_DEBUG_ANY). I got screens of output, around
1000 lines.


However, from the output, I still can't figure out who in the process
locate

the Kerberos server (resolved by DNS to IPv6 address) and sent out TGS-REQ.
Could you shed some light on it?

What OS are you running on, and what version of OpenLDAP are you using?

I suppose you could run ldapsearch -d -1 under strace, which ought to make itclear what the full sequence of events is.

By default, on an OS that supports IPv6, libldap will use getnameinfo() to dothe reverse lookup from the address. If your system's resolver is configuredcorrectly, and your DNS is configured correctly, then this should return thecanonical hostname corresponding to the IP address. The result of this call isused in the sasl_client_new() function as the name of the remote host, and sowill be passed on to the GSSAPI plugin.


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- RE: Finding Kerberos server from IPv6 address in SASL binding
  - From: "Xu, Qiang (FXSGSC)" <Qiang.Xu@fujixerox.com>
- RE: Finding Kerberos server from IPv6 address in SASL binding
  - From: "Xu, Qiang (FXSGSC)" <Qiang.Xu@fujixerox.com>
- RE: Finding Kerberos server from IPv6 address in SASL binding
  - From: "Xu, Qiang (FXSGSC)" <Qiang.Xu@fujixerox.com>
- RE: Finding Kerberos server from IPv6 address in SASL binding
  - From: "Xu, Qiang (FXSGSC)" <Qiang.Xu@fujixerox.com>

References:
- Finding Kerberos server from IPv6 address in SASL binding
  - From: "Xu, Qiang (FXSGSC)" <Qiang.Xu@fujixerox.com>
- Re: Finding Kerberos server from IPv6 address in SASL binding
  - From: Howard Chu <hyc@symas.com>
- RE: Finding Kerberos server from IPv6 address in SASL binding
  - From: "Xu, Qiang (FXSGSC)" <Qiang.Xu@fujixerox.com>

Prev by Date: RE: Finding Kerberos server from IPv6 address in SASL binding
Next by Date: RE: Finding Kerberos server from IPv6 address in SASL binding
Index(es):
- Chronological
- Thread