Closed
Bug 228439
Opened 21 years ago
Closed 17 years ago
LDAP broken if IPv6-Stack is installed
Categories
(MailNews Core :: LDAP Integration, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: bugzilla, Unassigned)
References
Details
(Keywords: regression, Whiteboard: see comment 20 for status)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6b) Gecko/20031208 CE++
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6b) Gecko/20031208
This bug was introduced between Mozilla 1.5 release and 1.6 alpha.
LDAP-Adressbooks can't be accessed anymore if IPv6-Stack is installed. Tested on
2 different systems, both Windows XP Professional. The problem is that Mozilla
tries to reach the LDAP server via IPv6-in-v4-tunneling ::ffff:10.1.2.3 for
example. This happens both if you enter a FQDN or a IPv4-Adress in the LDAP
hostname.
Workaround: Uninstall IPv6 support in Win XP, than it works again.
Reproducible: Always
Steps to Reproduce:
1.
2.
3.
Comment 1•21 years ago
|
||
Confirmed ... I reported this earlier as an "LDAP Broken" bug and found that the
IPv6 removal is a nice workaround ... sure would be nice if it worked though !!!
Reporter | ||
Updated•21 years ago
|
Flags: blocking1.6?
Comment 2•21 years ago
|
||
this is likely related to the DNS rewrite that has us now calling getaddrinfo on
WinXP. the result of that is converted to a string and given to the LDAP C-SDK.
i'm not sure why exactly we are generating mapped addresses like this though.
perhaps this has something to do with PR_NetAddrToString. i don't have a way to
test this, but perhaps a review of the code will indicate the problem.
Comment 3•21 years ago
|
||
1.6- maybe we can get this working in 1.7...
Flags: blocking1.6? → blocking1.6-
Comment 4•21 years ago
|
||
At present Windows doesn't support using an
IPv4-mapped IPv6 address with an AF_INET6 socket.
So to reach an IPv4 host you must create an
AF_INET socket and use its IPv4 address.
Comment 5•21 years ago
|
||
By the way, ::ffff:10.1.2.3 is not IPv6-in-v4 tunneling.
An address for IPv6-in-v4 tunneling is called an
IPv4-compatible (as opposed to IPv4-mapped) address
and would look like ::10.1.2.3.
Reporter | ||
Updated•20 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
In IPv4 and IPv6 dual enabled environment,
Same bug confirmed in Mozilla 1.7.2 and 1.7.3.
Also confirmed is the solution to uninstall IPv6 and restart the PC again with
native IPv4.
Ethereal logs reveals that
1. Mozilla queries by AAAA to the local IPv6 enabled LDAP server and get the
global IPv6 address of LDAP server correctly.
2. But somehow, instead of using the correct global IPv6 address, Mozilla
tries to reach the LDAP server via IPv4 mapped IPv6 address ::ffff:10.1.2.3.
(Note: 10.1.2.3 is of the IPv4 address of the LDAP server,
and it is said that IPv4 mapped IPv6 address ::ffff:10.1.2.3 is deprecated.)
By the way, in my case, Mozilla hangs-up for 2-3 minutes before getting a LDAP
error message.
I hope this report will be of some help.
Comment 7•20 years ago
|
||
Same problem shows up with Thunderbird version 0.8 (20040913) on XP SP1, I have
regressed back to 0.5 and the problem seems to be the same. A tcpdump show the
problem
10.10.11.34.3866 > 10.10.128.1.53: 22+ AAAA? directory.moria.org. (37)
10.10.128.1.53 > 10.10.11.34.3866: 22 0/1/0 (103)
10.10.11.34.3866 > 10.10.128.1.53: 23+ AAAA? directory.moria.org.ict.ru.ac.za. (50)
10.10.128.1.53 > 10.10.11.34.3866: 23 NXDomain* 0/1/0 (103)
10.10.11.34.3866 > 10.10.128.1.53: 24+ AAAA? directory.moria.org.mydomain.com. (46)
146.231.128.1.53 > 10.10.11.34.3866: 24 NXDomain* 0/1/0 (99)
10.10.11.34.3866 > 10.10.128.1.53: 25+ A? directory.moria.org. (37)
10.10.128.1.53 > 10.10.11.34.3866: 25 1/3/3 A 10.10.10.10 (186)
Only a V4 address is returned 10.10.10.10, but now we go off and do a connect to
a v6 version of the address
2001:548:1010:fff0:dc92:4f60:266d:b74a.1068 > ::ffff:10.10.10.10.389: S
1897039014:1897039014(0) win 16384 <mss 1440>
2001:548:1010:fff0:dc92:4f60:266d:b74a.1068 > ::ffff:10.10.10.10.389: S
1897039014:1897039014(0) win 16384 <mss 1440>
2001:548:1010:fff0:dc92:4f60:266d:b74a.1068 > ::ffff:10.10.10.10.389: S
1897039014:1897039014(0) win 16384 <mss 1440>
On XP system at the saame patch level, without v6 enabled the connection works
fine.
Problem persists even if DNS name of LDAP server is replaces with an IP address
- again the v6 ified address is used.
Updated•20 years ago
|
Product: MailNews → Core
Updated•20 years ago
|
Keywords: regression
Comment 8•19 years ago
|
||
*** Bug 220795 has been marked as a duplicate of this bug. ***
Comment 9•19 years ago
|
||
Can someone please change the priority to P2 as IPv6 is required in our company (Netzwert AG, http://www.netzwert.ag) and we also need access to our LDAP directory from within Thunderbird...
Comment 10•19 years ago
|
||
I did a LXR search for PR_GetIPNodeByName in the SeaMonkey
source tree (http://lxr.mozilla.org/seamonkey/ident?i=PR_GetIPNodeByName).
It shows that LDAP C SDK (mozilla/directory/c-sdk) is using
that function with PR_AF_INET6 sockets and addresses exclusively.
The code I saw in ldappr-io.c, and the knowledge that Windows
XP IPv6 does not support IPv4-mapped IPv6 addresses, explain
what was reported in comment 6 and comment 7. (Someone familiar
with the code should confirm my findings.)
There are two ways to fix this:
1. Modify mozilla/directory/c-sdk to use PR_GetAddrInfoByName.
We've already done this work in Necko. This is the preferred
solution because PR_GetIPNodeByName and the use of IPv6 sockets
for communicating with both IPv4 hosts (with IPv4-mapped IPv6 addresses)
and IPv6 hosts (with regular IPv6 addresses) is deprecated.
2. Modify NSPR to be smarter on Windows and automatically
change a (IPv6 socket, IPv4-mapped IPv6 address) pair to
(IPv4 socket, IPv4 address).
Either one will do. Since we should do #1 anyway, I think we
should not waste time doing #2 to fix a bug in deprecated code.
Updated•19 years ago
|
Assignee: sspitzer → nobody
Comment 11•19 years ago
|
||
*** Bug 292906 has been marked as a duplicate of this bug. ***
Comment 12•19 years ago
|
||
Rich, any interest in implementing solution #1 in the ldap c-sdk proposed by wtc in comment 10?
Flags: blocking-thunderbird2?
Comment 13•19 years ago
|
||
Yes. We need to make sure our LDAP C SDK code is IPv6 clean. This is also related to https://bugzilla.mozilla.org/show_bug.cgi?id=328791
Updated•19 years ago
|
QA Contact: grylchan → ldap-integration
Comment 14•18 years ago
|
||
Bug reproduced in a Windows 2003 Server with Citrix Presentation Server 4.0 environment.
Uninstalling the IPV6 layer (and a reboot...) makes LDAP queries work again.
Comment 15•18 years ago
|
||
*** Bug 346221 has been marked as a duplicate of this bug. ***
Comment 16•18 years ago
|
||
Note that IPv6 is installed by default on Windows Vista (see bug 346221 comment 10) so this will mean that LDAP won't work on a default installation of Windows Vista.
Comment 17•18 years ago
|
||
Also note that on Vista you cannot uninstall the IPv6 stack. You can unbind it from a LAN interface, but it cannot be disabled on the loopback interface. Simply disabling the stack does not fix the LDAP lookup problem on Vista.
This is going to be a significant problem in our environment. We have a lot of Thunderbird users, and LDAP lookup is a very commonly used feature.
More details below:
--------------------------------------------
Microsoft describes how to disable IPv6 here:
http://www.microsoft.com/technet/itsolutions/network/ipv6/ipv6faq.mspx
We are advised to add the following DWORD:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents
With the value "0xFF".
After doing this and performing a reboot, LDAP lookups still do not function.
Comment 18•18 years ago
|
||
This bug has been confirmed to also exists on a Windows 2000 box using Microsofts IPv6 technology preview patched to install onto Service Pack 4. I have not tried uninstalling it on this machine, but an identical machine running Windows 2000 SP4 without the stack without any problems. Using a DNS names with both an A and AAAA record causes Mozilla Thunderbird 1.5.0.5 to do an AAAA record look followed by an A record, however, only a connection to the IPv6 mapped IPv4 address is attempted. Using an AAAA-only DNS name causes aname lookup with no attempts at communication, and a straight IPv6 address causes a parsing error as it tries to read it as an IPv4 address followed by a port number. IPv4 addresses and A-only dns names also attempt communication using an IPv6 mapped IPv4 address. Disabling IPv6 on this machine would severely hinder other applications that we are using including accessing the IMAP and SMTP servers for E-mail communication.
Comment 19•18 years ago
|
||
As suggested by Wan-Teh in Comment #10 (1), using PR_GetAddrInfoByName in LDAP C SDK fixes the problem. Tested on Windows 2003 and Windows 2000 + IPv6 technology preview.
Making this bug depend on 328791...
Depends on: 328791
Comment 20•18 years ago
|
||
(In reply to comment #19)
> Making this bug depend on 328791...
Bug 328791 has been fixed on branch (in time for SeaMonkey 1.1 beta and Thunderbird 2.0 beta). To fix on trunk we'll need to fix bug 359716 which is upgrading us to the latest c-sdk version.
Whiteboard: see comment 20 for status
Comment 21•18 years ago
|
||
given comment 20, sounds like the remaning work is not a blocker on the branch.
Flags: blocking-thunderbird2? → blocking-thunderbird2-
Comment 22•17 years ago
|
||
Bug 359716 has now been fixed, so this bug should be fixed on trunk as well (by bug 328791 and bug 359716).
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•16 years ago
|
Product: Core → MailNews Core
You need to log in
before you can comment on or make changes to this bug.
Description
•