On Fri, 28 Sep 2018 4:12pm, Quanah Gibson-Mount wrote:
External Email - Use Caution
--On Friday, September 28, 2018 4:58 PM -0400 Paul Raines
<raines@xxxxxxxxxxxxxxxxxxx> wrote:
Running 'host ldap.foobar.org' on the C6 and C7 machine both return the
exact same four lines/IPs. Reverse DNS of the 4 IPs using the host
command is also the same on both C6 and C7 machines. It really looks
like OpenLDAP is
just not doing the reverse DNS on C7 when building the MD5 digest
Hi Paul,
Again, as I stated, there have been no changes to OpenLDAP in this area.
Additionally, OpenLDAP leverages cyrus-sasl for SASL mechanism negotiations.
The culprit most likely would be a change in the version of cyrus-sasl being
used between C5/C6 and C7.
c7 has: 2.1.26-23.el7
c6 has: 2.1.23-15.el6_6.2
Okay, that makes sense. Though the change may go even deeper such as
newer openssl or other crypto library maybe.
Thanks