Re: reverse lookup

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Marcus Moeller <marcus.moeller [at] gmx.ch>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: reverse lookup
Date: Tue, 14 Aug 2012 17:09:11 +0200

Dear Arthur,

On Fri, 2012-08-10 at 09:42 +0200, Marcus Moeller wrote:

I have noticed that after a LDAP Server has been discovered, a reverse
DNS lookup is done. Sadly, reverse DNS is misconfigured in our
environment, so is there a way to disable that feature?


This is something that the OpenLDAP library (and perhaps even something
underneath) does so it's not something that nss-pam-ldapd can do
anything about. I think it should only cause problems when using SSL/TLS
though.


The problem is, that after the LDAP server name is determined, the IP
Address of the server is resolved.

Afterwards an reverse lookup is done on that address and the LDAP
connection is going to be established against that result (which is
wrong in our case).

From https://bugzilla.redhat.com/show_bug.cgi?id=719060 there are twooptions for disabling this check: by enabling SASL_NOCANON in ldap.confor by setting LDAPSASL_NOCANON environmental variable.


But I guess in this case it has to be passed through to the libs by nslcd.

sssd does something similar allowing to set ldap_sasl_canonicalize =false (which is even the default value).


Greets
Marcus
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

reverse lookup, Marcus Moeller
- Re: reverse lookup, Arthur de Jong
  - Re: reverse lookup, Marcus Moeller
    - Re: reverse lookup, Marcus Moeller

Prev by Date: Re: sssd/pam/pam_check_user_search throwing 'No matching domain for [user], fail!'
Next by Date: Re: reverse lookup
Previous by thread: Re: reverse lookup
Next by thread: Re: reverse lookup