IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Disable reverse lookups in ipa-join and ipa-getkeytab

Browse Source 
This prevents broken DNS from causing enrollment problems.

https://fedorahosted.org/freeipa/ticket/1693
This commit is contained in:
Rob Crittenden 2011-08-26 10:42:40 -04:00
parent 9dd689ff9d
commit a750ccb5a2
2 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ipa-client/ipa-getkeytab.c
View File

@ -577,6 +577,13 @@ static int ldap_set_keytab(krb5_context krbctx,
goto error_out;
}
/* Don't do DNS canonicalization */
ret = ldap_set_option(ld, LDAP_OPT_X_SASL_NOCANON, LDAP_OPT_ON);
if (ret != LDAP_SUCCESS) {
fprintf(stderr, _("Unable to set LDAP_OPT_X_SASL_NOCANON\n"));
goto error_out;
}
version = LDAP_VERSION3;
ret = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version);
if (ret != LDAP_SUCCESS) {

7
ipa-client/ipa-join.c
View File

@ -213,6 +213,13 @@ connect_ldap(const char *hostname, const char *binddn, const char *bindpw) {
goto fail;
}
/* Don't do DNS canonicalization */
ret = ldap_set_option(ld, LDAP_OPT_X_SASL_NOCANON, LDAP_OPT_ON);
if (ret != LDAP_SUCCESS) {
fprintf(stderr, _("Unable to set LDAP_OPT_X_SASL_NOCANON\n"));
goto fail;
}
ret = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version);
if (ret != LDAP_SUCCESS) {
fprintf(stderr, _("Unable to set LDAP version\n"));