Learn more about these different git repos.
Other Git URLs
The problem is that in the resolve callback we construct the LDAP URI based on IP address. LDAP routines cannot parse IPv6 IP address in URI.
We should use the server hostname instead and only use the address in the kdcinfo files.
status: new => assigned
If I remember correctly we decided to use the IP address to prevent ldap libraries from doing name resolution on its own (possibly also affecting the way libgssapi works). Also related to server affinity IIRC, but this may be less of a problem with IPA.
So before doing any change make sure to know why we did it that way and that everything works as before if you do.
Yes, Simo is correct here. The correct fix for this behavior would be to check whether the reply from the resolver is IPv6 and just make sure that when we construct the URI to do so with the proper enclosure of the address.
Right, I remember now. I was fooled by ordinary LDAP provider where we pass the hostname. Also, if I remember correctly, the problem of LDAP libraries doing name resolving was only present when GSSAPI auth was used.
So related question - should we change the behaviour of the LDAP provider, too? Either when GSSAPI is used or always?
milestone: SSSD 1.5.8 => SSSD 1.5.9
component: SSSD => Async Resolver
resolution: => fixed
status: assigned => closed
rhbz: => 0
Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.5.9
SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here:
If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.
Thank you for understanding. We apologize for all inconvenience.
to comment on this ticket.