Geert Jansen geert at boskant.nl
Sat Nov 22 00:18:54 CET 2008

[re-send in plain text. apologies for posting in html]


OpenLDAP CVS has just added support for a new LDAP option
LDAP_OPT_X_NOCANON. This option turns off host canonicalization based
on reverse DNS in OpenLDAP. The attached patch makes this option
available in python-ldap.

One use case for this option is environments where you don't need
reverse DNS for canonicalization, or where you have server-side
canonicalization. This works great in Windows environments, especially
so because there reverse DNS is often wrong.

If you combine this LDAP option with the setting "rdns = no" in your
/etc/krb5.conf, you are now able to use SASL/GSSAPI to authenticate to
an LDAP server that has no or no proper reverse DNS.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: python-ldap-2.3.5-canon.patch
Type: application/octet-stream
Size: 850 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20081121/891941d5/attachment.obj>

More information about the python-ldap mailing list