Am dealing with an issue where I connect to a user provided LDAP server but sometimes the hostname is not available for the server. I either have the IP Address or the hostname at a give n time.
Am able to fetch IP address from the given hostname but there is no DNS mapping available in my /etc/hosts for me to obtain hostname from IP Address
I couldnt find any method to avoid hostname being used in the authentication process and just proceed with IP Address. Wanted to check if this is possible?
Can I tell kerberos to skip the hostname and only authenticate using IP address?
I tried most of the options provided in https://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/krb5_conf.html#domain-realm but nothing helped me skip the hostname check.
context = LDAPConnectionPtr(new LDAPConnection(authSrv.getIP(), authSrv.getPort()));
context->saslInteractiveBind("GSSAPI", LDAP_SASL_INTERACTIVE, new Sasl());
Following is error that am facing
SASL/GSSAPI authentication started
Sasl::handleInteractions()
SASL Prompt: Please enter your authorization name
Caught LDAP Bind exception: Error -2: Local error
You cannot use IP addresses with Kerberos, it must be hostnames. More over, you don't do interactive bind in scripts unless a human uses it permanently. Use the non-interactive bind (hence the error you see).
This perfectly works in Python:
url = 'ldap://ad.company.com'
directory = ldap.initialize(url)
directory.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION3)