#880 The IPA provider does not work with IPv6
Closed: Fixed None Opened 12 years ago by jhrozek.

The problem is that in the resolve callback we construct the LDAP URI based on IP address. LDAP routines cannot parse IPv6 IP address in URI.

We should use the server hostname instead and only use the address in the kdcinfo files.


Fields changed

status: new => assigned

If I remember correctly we decided to use the IP address to prevent ldap libraries from doing name resolution on its own (possibly also affecting the way libgssapi works). Also related to server affinity IIRC, but this may be less of a problem with IPA.
So before doing any change make sure to know why we did it that way and that everything works as before if you do.

Simo.

Yes, Simo is correct here. The correct fix for this behavior would be to check whether the reply from the resolver is IPv6 and just make sure that when we construct the URI to do so with the proper enclosure of the address.

Right, I remember now. I was fooled by ordinary LDAP provider where we pass the hostname. Also, if I remember correctly, the problem of LDAP libraries doing name resolving was only present when GSSAPI auth was used.

So related question - should we change the behaviour of the LDAP provider, too? Either when GSSAPI is used or always?

Fields changed

milestone: SSSD 1.5.8 => SSSD 1.5.9

Fixed by:
- Master:
- bfdcff2
- f820268
- 65d6947
- 11ce5ae

- sssd-1-5
    - 38e989bc5d5ff556505dbd149a0757276774983d
    - c326cfa73357be922105dd8ce42b39273fe21f37
    - e364b9bd3cd6cda1d51b7ee305988eb9958baab6
    - 6635e492615e83a19b74ccac05efe7b2e31a14e5

component: SSSD => Async Resolver
resolution: => fixed
status: assigned => closed

Fields changed

rhbz: => 0

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.5.9

7 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/1922

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata