directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Seelmann <>
Subject Re: ApacheDS and Java 6 build pb
Date Mon, 20 May 2013 18:25:13 GMT
On 20.05.2013 09:42, Emmanuel Lécharny wrote:
> Le 5/20/13 8:54 AM, Stefan Seelmann a écrit :
>> Hi Emmanuel,
>> On 20.05.2013 08:35, Emmanuel Lécharny wrote:
>>> So the problem appears to be that we create an entry which 
>>> KerberosPrincipal is ldap/, but for some unknown
>>> reason, we are looking for an entry which kerberos principal is
>>> ldap/localhost@EXAMPLE.COM.
>>> It looks like that there is some name resolution occuring somewhere on
>>> Mac OSX... Either we don't store the correct KerberosPrincipal, or we
>>> have a conversion we don't asked for.
>>> I'm investigating...
>> Please check the constructor of SaslBindIT. I remember that I added some
>> magic code to detect how the machine resolves because Windows
>> 7 made some trouble.
> Yes, saw that.
> I just committed some code that fixes the issue on Mac OSX, it would be
> cool to check if it still works on windows and linux !
> See

On Windows two GSSAPI SASL bind tests fail:

On my Linux machine the SaslBindIT.testSaslGssApiBind() fails also. If I
debug into TicketGrantingService,getRequestPrincipalEntry() the
tgsContext.getRequest().getKdcReqBody().getSName() contains
"localhost.localdomain". I checked my /etc/hosts and there I have the
following entry:	localhost.localdomain	localhost

When I change that entry to the following the test works.	localhost

When I revert your commit the test also works as
InetAddress.getByName("").getHostName() returns

Can you please check your /etc/hosts if you have an entry for

More important: Somewhere in the production code the IP is
resolved to "localhost.localdomain" or whatever /etc/hosts contains.
Where does that happen? Does the KRB client does that and sends the
resolved name to the server? Or does the server resolve the name when a
connection is made? In the end the principal name contains
"localhost.localdomain". I think to have a stable test the test setup
needs to use the same mechanism to lookup the hostname as the production

Kind Regards,

View raw message