-----Original Message----- From: Howard Chu [mailto:hyc@symas.com] Sent: Friday, August 07, 2009 2:21 PM To: Xu, Qiang (FXSGSC) Cc: openldap-technical@openldap.org Subject: Re: Finding Kerberos server from IPv6 address in SASL binding
What OS are you running on, and what version of OpenLDAP are you using?
"Linux durian 2.6.18-128.1.6.el5.centos.plus #1 SMP Thu Apr 2 12:53:36 EDT 2009 i686 i686 i386 GNU/Linux" is the output of "uname -a".
I suppose you could run ldapsearch -d -1 under strace, which ought to make it clear what the full sequence of events is.
Yes, this is exactly what I did (ldapsearch -d -1 ...), but I failed to find where and when the Kerberos server is contacted. I do find a lot of LDAP sequencies. :-(
By default, on an OS that supports IPv6, libldap will use getnameinfo() to do the reverse lookup from the address. If your system's resolver is configured correctly, and your DNS is configured correctly, then this should return the canonical hostname corresponding to the IP address. The result of this call is used in the sasl_client_new() function as the name of the remote host, and so will be passed on to the GSSAPI plugin.
Here, your "canonical name" means the server's FQDN? So, you mean sasl_client_new() is the API to find the server and send out the request TGS-REQ?
Thanks, Xu Qiang