[Date Prev][Date Next] [Chronological] [Thread] [Top]

Context around DNS resolution

I setup LDAPS (yes, will be switching to ldap + StartTLS) and ran into something odd and I'm really just looking for a bit of context.  Everything is working correctly and I'm able to authenticate clients to the ldap server, however when I run the following ldapsearch I get an error:

jschaeffer@zipmaster07:~$ ldapsearch -LLL -v -D cn=admin,dc=harmonywave,dc=com -W -H ldaps://baneling -b uid=jschaeffer,ou=People,dc=harmonywave,dc=com
ldap_initialize( ldaps://baneling:636/??base )
Enter LDAP Password:
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

And from the debug output:

531c7c0a ber_get_next on fd 12 failed errno=0 (Success)
531c7c0a conn=1000 op=1 do_unbind
531c7c0a connection_close: conn=1000 sd=12
531c7c18 slap_listener_activate(6):
531c7c18 >>> slap_listener(ldaps:///)
531c7c18 connection_get(12): got connid=1001
531c7c18 connection_read(12): checking for input on id=1001
531c7c18 connection_get(12): got connid=1001
531c7c18 connection_read(12): checking for input on id=1001
531c7c18 connection_read(12): unable to get TLS client DN, error=49 id=1001
531c7c18 connection_get(12): got connid=1001
531c7c18 connection_read(12): checking for input on id=1001
ber_get_next
531c7c18 ber_get_next on fd 12 failed errno=0 (Success)
531c7c18 connection_close: conn=1001 sd=12

If I use the FQDN for the URI then everything works fine and I get results.  I know DNS is working correctly, I can ping the server name and it returns the FQDN and reverse DNS resolution also worksThe hostname and hostname -f commands work correctly on both client and server.

Was it never intended for ldap commands to resolve server names to their FQDN? I'm also assuming that ldap + StartTLS would show the same behavior.