On Fri, 05 Apr 2013, Rich Megginson wrote:
Rich do you set LDAP_OPT_X_SASL_NOCANON in 389ds code at all ?
Yes.
ldap/servers/slapd/ldaputil.c:    ldap_set_option(ld,
LDAP_OPT_X_SASL_NOCANON, LDAP_OPT_ON);

Should this be off by default?  Should this be configurable?
On by default (meaning no canonicalization is performed) is the coreect
behavior.

I do not think we need it to be configurable for now.

But it puzles me then as to why Brent sees a failure w/o ptr records.

Does DS do reverse resolution of replication peers somewhere ?
Not explicitly, no, but probably somewhere inside openldap.
Can it be that SASL layer does it?

Yes, since openldap has to call into sasl.
libldap performs canonicalization before calling into SASL. SASL itself
does nothing related to canonicalization, it is libldap simply pushing a
different host name string to sasl_client_new() if canonicalization
was not inhibited.

--
/ Alexander Bokovoy

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to