[Freeipa-users] Replication Issue
Alexander Bokovoy
abokovoy at redhat.com
Fri Apr 5 19:24:31 UTC 2013
On Fri, 05 Apr 2013, Rich Megginson wrote:
>>>>>>Rich do you set LDAP_OPT_X_SASL_NOCANON in 389ds code at all ?
>>>>>Yes.
>>>>>ldap/servers/slapd/ldaputil.c: ldap_set_option(ld,
>>>>>LDAP_OPT_X_SASL_NOCANON, LDAP_OPT_ON);
>>>>>
>>>>>Should this be off by default? Should this be configurable?
>>>>On by default (meaning no canonicalization is performed) is the coreect
>>>>behavior.
>>>>
>>>>I do not think we need it to be configurable for now.
>>>>
>>>>But it puzles me then as to why Brent sees a failure w/o ptr records.
>>>>
>>>>Does DS do reverse resolution of replication peers somewhere ?
>>>Not explicitly, no, but probably somewhere inside openldap.
>>Can it be that SASL layer does it?
>
>Yes, since openldap has to call into sasl.
libldap performs canonicalization before calling into SASL. SASL itself
does nothing related to canonicalization, it is libldap simply pushing a
different host name string to sasl_client_new() if canonicalization
was not inhibited.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list