[PATCH] support for LDAP_OPT_X_NOCANON

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

[re-send in plain text. apologies for posting in html]

Hi,

OpenLDAP CVS has just added support for a new LDAP option
LDAP_OPT_X_NOCANON. This option turns off host canonicalization based
on reverse DNS in OpenLDAP. The attached patch makes this option
available in python-ldap.

One use case for this option is environments where you don't need
reverse DNS for canonicalization, or where you have server-side
canonicalization. This works great in Windows environments, especially
so because there reverse DNS is often wrong.

If you combine this LDAP option with the setting "rdns = no" in your
/etc/krb5.conf, you are now able to use SASL/GSSAPI to authenticate to
an LDAP server that has no or no proper reverse DNS.

Regards,
Geert