Hide Forgot
Description of problem: When trying to set up IPA using a hostname different from the system hostname bind fails to start with the error: Jun 2 16:06:01 panther named[18671]: GSSAPI Error: An invalid name was supplied (Hostname cannot be canonicalized) In this case the name that cannot be canonicalized in this case is the system hostname (/bin/hostname) which is different from the name being used in the kerberos principal. The problem is in the ldap bind using ldapi. Because no hostname is passed it uses the current hostname value. The fix is to call ldap_set_option using LDAP_OPT_HOST_NAME before doing any LDAP calls. Version-Release number of selected component (if applicable): bind-dyndb-ldap-0.2.0-1.fc14.x86_64
Created attachment 502636 [details] Use fake_mname as hostname if doing an ldapi bind I'm not 100% sure that fake_mname is the right value to use here or if we want a separate option (or pull apart the principal to determine the name to use). This worked in my tests though.
I think I spoke to soon. named starts but buried deep in the logs is: Jun 2 17:18:47 panther named[25098]: bind to LDAP server failed: Can't contact LDAP server So the named process is up, just not serving my domain.
It was the trailing dot in fake_mname causing problems. I hardcoded a string as a test and it worked fine. I've yet to figure out the wonky string management in bind to come up with an updated patch.
Created attachment 505842 [details] Updated set hostname patch Updated patch to correctly use DNS memory management routines to strip off trailing period from hostname when setting it in LDAP.
I can confirm that Rob's patch works fine. I was able to use bind-dyndb-ldap with IPA hostname different from the system hostname.
Fixed in upstream: http://git.fedorahosted.org/git/?p=bind-dyndb-ldap.git;a=commitdiff;h=c6913e6f0bb90253ad141917cb804f74dec070ae