directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Seelmann <m...@stefan-seelmann.de>
Subject Re: ApacheDS and Java 6 build pb
Date Mon, 20 May 2013 18:25:13 GMT
On 20.05.2013 09:42, Emmanuel Lécharny wrote:
> Le 5/20/13 8:54 AM, Stefan Seelmann a écrit :
>> Hi Emmanuel,
>>
>> On 20.05.2013 08:35, Emmanuel Lécharny wrote:
>>> So the problem appears to be that we create an entry which 
>>> KerberosPrincipal is ldap/127.0.0.1@EXAMPLE.COM, but for some unknown
>>> reason, we are looking for an entry which kerberos principal is
>>> ldap/localhost@EXAMPLE.COM.
>>>
>>> It looks like that there is some name resolution occuring somewhere on
>>> Mac OSX... Either we don't store the correct KerberosPrincipal, or we
>>> have a conversion we don't asked for.
>>>
>>> I'm investigating...
>>>
>> Please check the constructor of SaslBindIT. I remember that I added some
>> magic code to detect how the machine resolves 127.0.0.1 because Windows
>> 7 made some trouble.
> 
> Yes, saw that.
> 
> I just committed some code that fixes the issue on Mac OSX, it would be
> cool to check if it still works on windows and linux !
> See
> 
> http://svn.apache.org/r1484387
> 

On Windows two GSSAPI SASL bind tests fail:
https://builds.apache.org/job/dir-apacheds-jdk16-win/399/


On my Linux machine the SaslBindIT.testSaslGssApiBind() fails also. If I
debug into TicketGrantingService,getRequestPrincipalEntry() the
tgsContext.getRequest().getKdcReqBody().getSName() contains
"localhost.localdomain". I checked my /etc/hosts and there I have the
following entry:

    127.0.0.1	localhost.localdomain	localhost


When I change that entry to the following the test works.

    127.0.0.1	localhost


When I revert your commit the test also works as
InetAddress.getByName("127.0.0.1").getHostName() returns
"localhost.localdomain"


Can you please check your /etc/hosts if you have an entry for 127.0.0.1?

More important: Somewhere in the production code the IP 127.0.0.1 is
resolved to "localhost.localdomain" or whatever /etc/hosts contains.
Where does that happen? Does the KRB client does that and sends the
resolved name to the server? Or does the server resolve the name when a
connection is made? In the end the principal name contains
"localhost.localdomain". I think to have a stable test the test setup
needs to use the same mechanism to lookup the hostname as the production
code.

Kind Regards,
Stefan


Mime
View raw message