[Pkg-openldap-devel] Bug#696207: IPv6 reverse DNS vs. SPNs during GSSAPI bind

[Clay Haapala]

I've just been investigating the same problem, thinking that there is a 
problem with Cyrus SASL and IPv6 during ldapsearch.

I found that proper ipv6 PTR records needed to exist in the DNS before 
the ldap/<ipv6 literal address>@EXAMPLE.COM would become the proper 
principal name ldap/host.example.com at EXAMPLE.COM.

This issue has cropped up over several years; I guess so many people are 
freshly running into DNS and IPv6 configuration.
--
Clay Haapala , DeLL Compellent