RSS feed

Re: reverse lookup

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: reverse lookup

Dear Arthur,

On Fri, 2012-08-10 at 09:42 +0200, Marcus Moeller wrote:
I have noticed that after a LDAP Server has been discovered, a reverse
DNS lookup is done. Sadly, reverse DNS is misconfigured in our
environment, so is there a way to disable that feature?

This is something that the OpenLDAP library (and perhaps even something
underneath) does so it's not something that nss-pam-ldapd can do
anything about. I think it should only cause problems when using SSL/TLS

The problem is, that after the LDAP server name is determined, the IP
Address of the server is resolved.

Afterwards an reverse lookup is done on that address and the LDAP
connection is going to be established against that result (which is
wrong in our case).

From there are two options for disabling this check: by enabling SASL_NOCANON in ldap.conf or by setting LDAPSASL_NOCANON environmental variable.

But I guess in this case it has to be passed through to the libs by nslcd.

sssd does something similar allowing to set ldap_sasl_canonicalize = false (which is even the default value).

To unsubscribe send an email to or see