[Freeipa-devel] [freeipa PR#395][comment] Configure PKI ajp redirection to use "localhost" instead of "::1"
tiran
freeipa-github-notification at redhat.com
Fri Jan 13 14:51:35 UTC 2017
URL: https://github.com/freeipa/freeipa/pull/395
Title: #395: Configure PKI ajp redirection to use "localhost" instead of "::1"
tiran commented:
"""
Bad news, you are out of luck.
Dogtag uses its own LDAP connector, which in turn uses JSS (NSS bindings for Java) to provide TLS for LDAP. SSLSocket from ```org.mozilla.jss``` does not support ```AF_INET6``` and is therefore limited to IPv4 connections, https://hg.mozilla.org/projects/jss/file/1a96a08e6f3d/org/mozilla/jss/ssl/SSLSocket.c#l443
The experimental branch of JSS has IPv6 support, https://hg.mozilla.org/projects/jss/file/c76470016016/org/mozilla/jss/ssl/SSLSocket.c#l593, though.
"""
See the full comment at https://github.com/freeipa/freeipa/pull/395#issuecomment-272460844
More information about the Freeipa-devel
mailing list