directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <>
Subject Re: ApacheDS and Java 6 build pb
Date Mon, 20 May 2013 23:31:52 GMT
Le 5/20/13 8:25 PM, Stefan Seelmann a écrit :
> On 20.05.2013 09:42, Emmanuel Lécharny wrote:
>> Le 5/20/13 8:54 AM, Stefan Seelmann a écrit :
>>> Hi Emmanuel,
>>> On 20.05.2013 08:35, Emmanuel Lécharny wrote:
>>>> So the problem appears to be that we create an entry which 
>>>> KerberosPrincipal is ldap/, but for some unknown
>>>> reason, we are looking for an entry which kerberos principal is
>>>> ldap/localhost@EXAMPLE.COM.
>>>> It looks like that there is some name resolution occuring somewhere on
>>>> Mac OSX... Either we don't store the correct KerberosPrincipal, or we
>>>> have a conversion we don't asked for.
>>>> I'm investigating...
>>> Please check the constructor of SaslBindIT. I remember that I added some
>>> magic code to detect how the machine resolves because Windows
>>> 7 made some trouble.
>> Yes, saw that.
>> I just committed some code that fixes the issue on Mac OSX, it would be
>> cool to check if it still works on windows and linux !
>> See
> On Windows two GSSAPI SASL bind tests fail:
> On my Linux machine the SaslBindIT.testSaslGssApiBind() fails also. If I
> debug into TicketGrantingService,getRequestPrincipalEntry() the
> tgsContext.getRequest().getKdcReqBody().getSName() contains
> "localhost.localdomain". I checked my /etc/hosts and there I have the
> following entry:
>	localhost.localdomain	localhost
> When I change that entry to the following the test works.
>	localhost
> When I revert your commit the test also works as
> InetAddress.getByName("").getHostName() returns
> "localhost.localdomain"
> Can you please check your /etc/hosts if you have an entry for

Here is what I have :       localhost

> More important: Somewhere in the production code the IP is
> resolved to "localhost.localdomain" or whatever /etc/hosts contains.
> Where does that happen? Does the KRB client does that and sends the
> resolved name to the server? Or does the server resolve the name when a
> connection is made? In the end the principal name contains
> "localhost.localdomain". I think to have a stable test the test setup
> needs to use the same mechanism to lookup the hostname as the production
> code.

The thing is that I think that the conversion to ldaphost is done
internaly but some of the JDK code. It was working fine before I
upgraded my JVM.

This is not cristal clear to me... I will investigate more deeply tomorrow.

Thanks for the feedback Stefan !

Emmanuel Lécharny 

View raw message