[PATCH] support for LDAP_OPT_X_NOCANON
geert at boskant.nl
Sat Nov 22 00:18:54 CET 2008
[re-send in plain text. apologies for posting in html]
OpenLDAP CVS has just added support for a new LDAP option
LDAP_OPT_X_NOCANON. This option turns off host canonicalization based
on reverse DNS in OpenLDAP. The attached patch makes this option
available in python-ldap.
One use case for this option is environments where you don't need
reverse DNS for canonicalization, or where you have server-side
canonicalization. This works great in Windows environments, especially
so because there reverse DNS is often wrong.
If you combine this LDAP option with the setting "rdns = no" in your
/etc/krb5.conf, you are now able to use SASL/GSSAPI to authenticate to
an LDAP server that has no or no proper reverse DNS.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 850 bytes
Desc: not available
More information about the python-ldap