#978 add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON
Closed: Fixed None Opened 8 years ago by jhrozek.

In some cases when SASL is used, openldap might try to canonicalize the hostname by doing a reverse lookup. This might be a blocking call because openldap uses glibc's getnameinfo (The openldap function is ldap_pvt_get_hname).

It is possible to turn off this check by setting LDAP_OPT_X_SASL_NOCANON.

Fields changed

cc: => myllynen@redhat.com

It is not only a problem about blocking on DNS calls.
It may also cause failures to get a ticket because the PTR is wrong. Bad DNs configuration for reverse addresses is very common, especially in test environments, and small networks.

Fields changed

rhbz: => 732935

Fields changed

component: SSSD => LDAP Provider
milestone: NEEDS_TRIAGE => SSSD 1.5.13

Fields changed

owner: somebody => jhrozek

Fixed by:
- a2e6bd6 (master)
- ad54c09 (sssd-1-6)
- 4fe4e06 (sssd-1-5)

resolution: => fixed
status: new => closed

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.5.13

2 years ago

Login to comment on this ticket.