#978 add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON
Closed: Fixed None Opened 10 years ago by jhrozek.

In some cases when SASL is used, openldap might try to canonicalize the hostname by doing a reverse lookup. This might be a blocking call because openldap uses glibc's getnameinfo (The openldap function is ldap_pvt_get_hname).

It is possible to turn off this check by setting LDAP_OPT_X_SASL_NOCANON.

Fields changed

cc: => myllynen@redhat.com

It is not only a problem about blocking on DNS calls.
It may also cause failures to get a ticket because the PTR is wrong. Bad DNs configuration for reverse addresses is very common, especially in test environments, and small networks.

Fields changed

rhbz: => 732935

Fields changed

component: SSSD => LDAP Provider
milestone: NEEDS_TRIAGE => SSSD 1.5.13

Fields changed

owner: somebody => jhrozek

Fixed by:
- a2e6bd6 (master)
- ad54c09 (sssd-1-6)
- 4fe4e06 (sssd-1-5)

resolution: => fixed
status: new => closed

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.5.13

4 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2020

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.