directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <elecha...@gmail.com>
Subject Re: ApacheDS and Java 6 build pb
Date Mon, 20 May 2013 23:31:52 GMT
Le 5/20/13 8:25 PM, Stefan Seelmann a écrit :
> On 20.05.2013 09:42, Emmanuel Lécharny wrote:
>> Le 5/20/13 8:54 AM, Stefan Seelmann a écrit :
>>> Hi Emmanuel,
>>>
>>> On 20.05.2013 08:35, Emmanuel Lécharny wrote:
>>>> So the problem appears to be that we create an entry which 
>>>> KerberosPrincipal is ldap/127.0.0.1@EXAMPLE.COM, but for some unknown
>>>> reason, we are looking for an entry which kerberos principal is
>>>> ldap/localhost@EXAMPLE.COM.
>>>>
>>>> It looks like that there is some name resolution occuring somewhere on
>>>> Mac OSX... Either we don't store the correct KerberosPrincipal, or we
>>>> have a conversion we don't asked for.
>>>>
>>>> I'm investigating...
>>>>
>>> Please check the constructor of SaslBindIT. I remember that I added some
>>> magic code to detect how the machine resolves 127.0.0.1 because Windows
>>> 7 made some trouble.
>> Yes, saw that.
>>
>> I just committed some code that fixes the issue on Mac OSX, it would be
>> cool to check if it still works on windows and linux !
>> See
>>
>> http://svn.apache.org/r1484387
>>
> On Windows two GSSAPI SASL bind tests fail:
> https://builds.apache.org/job/dir-apacheds-jdk16-win/399/
>
>
> On my Linux machine the SaslBindIT.testSaslGssApiBind() fails also. If I
> debug into TicketGrantingService,getRequestPrincipalEntry() the
> tgsContext.getRequest().getKdcReqBody().getSName() contains
> "localhost.localdomain". I checked my /etc/hosts and there I have the
> following entry:
>
>     127.0.0.1	localhost.localdomain	localhost
>
>
> When I change that entry to the following the test works.
>
>     127.0.0.1	localhost
>
>
> When I revert your commit the test also works as
> InetAddress.getByName("127.0.0.1").getHostName() returns
> "localhost.localdomain"
>
>
> Can you please check your /etc/hosts if you have an entry for 127.0.0.1?

Here is what I have :

127.0.0.1       localhost

>
> More important: Somewhere in the production code the IP 127.0.0.1 is
> resolved to "localhost.localdomain" or whatever /etc/hosts contains.
> Where does that happen? Does the KRB client does that and sends the
> resolved name to the server? Or does the server resolve the name when a
> connection is made? In the end the principal name contains
> "localhost.localdomain". I think to have a stable test the test setup
> needs to use the same mechanism to lookup the hostname as the production
> code.

The thing is that I think that the conversion to ldaphost is done
internaly but some of the JDK code. It was working fine before I
upgraded my JVM.

This is not cristal clear to me... I will investigate more deeply tomorrow.

Thanks for the feedback Stefan !

-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com 


Mime
View raw message