A combined make test

[Andrew Bartlett]

On Sat, 2011-04-16 at 15:58 +0200, Volker Lendecke wrote:
> On Sat, Apr 16, 2011 at 08:08:13PM +1000, Andrew Bartlett wrote:
> > The main issue I foresee is ensuring that Samba3 does not make any DNS
> > lookups, and to constrain the LDAP and Kerberos traffic.  Kerberos
> 
> Attached find two patches which I use when testing net ads
> join and winbind on a system with broken DNS. Maybe that
> gets you a little step further towards that goal.

Out of interest, why don't we always us the first patch?  I could see
how it could possibly break Start-TLS, but was there any other reason?

While I don't yet have enough background to propose a solution in
Samba3, the way I solved this in Samba4 was to ensure all name
resolution went via our library, and to use a 'fake dns' lookup file. 

If things do work fine with the address there, one way to make OpenLDAP
use socket wrapper would be to (breaking all abstractions) obtain the
address as you do, and inquire of socket_wrapper the path that would be
used, and then connect to that path with ldapi://.  That might be just
enough to get this tested without a major rewrite. 

Similarly, to help me better understand this layer and your second
patch, what are the advantages or disadvantages to storing the srv_name?
Is the problem that we are storing DNS names in the netbios name cache,
or just that we won't re-query DNS at the right time, or something else?

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org