same SASL config that works on CentOS5 & 6 fails on CentOS7
Paul Raines
raines at nmr.mgh.harvard.edu
Fri Sep 28 15:58:09 EDT 2018
On Fri, 28 Sep 2018 3:44pm, Quanah Gibson-Mount wrote:
> External Email - Use Caution
> --On Friday, September 28, 2018 4:19 PM -0400 Paul Raines
> <raines at nmr.mgh.harvard.edu> wrote:
>
>> Any idea why on C7 the DIGEST-MD5 thing going on does not set
>> digest-uri like it does on C6? I guess that is really a question
>> for the openldap devs.
>
> Seems more like a DNS resolution issue than an OpenLDAP issue. RHEL6 uses
> OpenLDAP 2.4.40, RHEL7 uses OpenLDAP 2.4.44. There haven't been any changes
> related to this functionality between the two. It's possible RedHat has made
> their own custom modifications in this arena so you might want to look for
> any differences there.
>
> However, it seems more that on your CentOS 5/6 boxes that when DNS is queried
> for "ldap.foobar.org" it gets back "dc8.foobar.org" whereas on your CentOS7
> box, it gets back "ldap.foobar.org".
>
Running 'host ldap.foobar.org' on the C6 and C7 machine both return the exact
same four lines/IPs. Reverse DNS of the 4 IPs using the host command is also
the same on both C6 and C7 machines. It really looks like OpenLDAP is
just not doing the reverse DNS on C7 when building the MD5 digest
More information about the Cyrus-sasl
mailing list