Hi, On Tuesday, 22. May 2007 13:42, Graham Barr wrote: > On May 20, 2007, at 7:46 AM, Peter Marschall wrote: > > I have tried to write a little patch to Net::LDAP that should > > implement support for IPv6. > > > > It tries to stay compatible as much as possible. > > Only if the > > inet6 => 1 > > option is passed to Net::LDAP->new() it takes the IPv6 variants > > of the modules into account. > > That is fine for now. IO::Socket::INET6 is suppose to fallback to IPv4 > if it cannot find a v6 address. So in the long term I think we should > default to using INET6 if the module is available and fallback to ::INET > But that is only after we are satisfied it works as we expect.
I have played around with my little patch and my environment a bit and I found the solution to the patch not working with IPv6: I have secured my machine with Wietse Venema's TCP wrapper. After adding [::1] to /etc/hosts.allow, connecting to the LDAP server worked in IPv4 as well as in IPv6. It even worked with IPv6 and with start_tls() as well as LDAPS (the latter after a few fixes to the patch) For the curious: my SW environment is Debian lenny with Perl 5.8.8, IO::Socket::INET6 2.51 and IO::Socket::SSL 1.02. With that experience I have committed the updated patch to SVN. > > It works well with IPv4 (even when inet6 is set), but fails > > with IPv6 in my ienvironment: the connection gets immediately > > closed by the server. > > This might be a problem of my environment or of the patch. > > Currently I cannot tell, since this was my first tyoing with IPv6. > > That is encouraging. However, I am not sure I like how IO::Socket::SSL > switches between v4 and v6. It uses arguments passed to import to change > @ISA. Which means @ISA can change from INET to INET6 or back at runtime. I do not like the interface either. Do you have any idea about changing the interface of IO::Socket::SSL with regard to inet4/inet6 so that we can contact the maintainer with something sensible. BTW. I do not like the inet => 1 option for Net::LDAP->new() very much. If anybody has an idea of making it better (e.g. to allow distinction between AF_INET, AF_INET6 and AF_UNSPEC) Have fun Peter -- Peter Marschall [EMAIL PROTECTED]
