Issue #1693: ipa-client-install should set LDAPSASL_NOCANON when calling ipa-getkeytab - freeipa

freeipa

#1693 ipa-client-install should set LDAPSASL_NOCANON when calling ipa-getkeytab

Closed: Fixed None Opened 12 years ago by dpal.

https://bugzilla.redhat.com/show_bug.cgi?id=732468

Description of problem:
ipa-client-install fails when A/PTR names do not match. It turned out that the fix is easy, just set an environment variable to disable reverse lookup when calling ipa-getkeytab. From bug 719060:

"When testing IPA on a network where A/PTR names do not match it turned out that
OpenLDAP/cyrus-sasl fail when using GSSAPI.

Reverse lookup can be disabled by enabling SASL_NOCANON in ldap.conf or by
setting LDAPSASL_NOCANON environmental variable."

Version-Release number of selected component (if applicable):
RHEL 6.1

rcritten commented 12 years ago

ldap_set_option() is broken in F-15, https://bugzilla.redhat.com/show_bug.cgi?id=733056

rcritten commented 12 years ago

attachment
freeipa-rcrit-858-rdns.patch

rcritten commented 12 years ago

master: a750ccb

ipa-2-1: aad2aec

Metadata Update from @dpal:
- Issue assigned to rcritten
- Issue set to the milestone: FreeIPA 2.1.1 (bug fixing)

7 years ago

Metadata

Assignee

rcritten

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 2.1.1 (bug fixing)

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

IPA

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=732468

tester

None

changelog

None

design

None

freeipa

Source Code

#1693 ipa-client-install should set LDAPSASL_NOCANON when calling ipa-getkeytab Closed: Fixed None Opened 12 years ago by dpal.

Metadata

#1693 ipa-client-install should set LDAPSASL_NOCANON when calling ipa-getkeytab

Closed: Fixed None Opened 12 years ago by dpal.