On Fri, 28 Sep 2018 3:44pm, Quanah Gibson-Mount wrote:
External Email - Use Caution
--On Friday, September 28, 2018 4:19 PM -0400 Paul Raines
<raines@xxxxxxxxxxxxxxxxxxx> wrote:
Any idea why on C7 the DIGEST-MD5 thing going on does not set
digest-uri like it does on C6? I guess that is really a question
for the openldap devs.
Seems more like a DNS resolution issue than an OpenLDAP issue. RHEL6 uses
OpenLDAP 2.4.40, RHEL7 uses OpenLDAP 2.4.44. There haven't been any changes
related to this functionality between the two. It's possible RedHat has made
their own custom modifications in this arena so you might want to look for
any differences there.
However, it seems more that on your CentOS 5/6 boxes that when DNS is queried
for "ldap.foobar.org" it gets back "dc8.foobar.org" whereas on your CentOS7
box, it gets back "ldap.foobar.org".
Running 'host ldap.foobar.org' on the C6 and C7 machine both return the exact
same four lines/IPs. Reverse DNS of the 4 IPs using the host command is also
the same on both C6 and C7 machines. It really looks like OpenLDAP is
just not doing the reverse DNS on C7 when building the MD5 digest
