[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#4996) Use SRV records to locate local server for command-line clients
On Jun 2, 2007, at 5:31 AM, rra@stanford.edu wrote:
> Full_Name: Russ Allbery
> Version: 2.3.35
> OS: Debian
> URL:
> Submission from: (NULL) (171.66.157.14)
>
>
> A user of the Debian OpenLDAP package requested support in the
> command-line
> utilities for using SRV entries to locate the local LDAP server. My
> understanding of the suggestion is that if one didn't specify -h or
> -H, a SRV
> record lookup would be tried before falling back to localhost.
> (You may not
> want to change the default behavior, though, and add another switch.)
One could use DNS SRV on the domain provided by -H, or by ldap.conf
(5), and
use it present, with (likely best) or without an option to enable the
behavior.
One could also use DNS SRV on the domain associated with the
baseObject/target
DN with an option to enable this behavior. That is, ldapsearch -b
"dc=example,dc=org"
would cause a DNS SRV lookup on example.org. This is what the DNSSRV
backend
does.
Not sure adding to the command line tools would be especially
useful. That is,
I don't think DNS SRV fits well in the common use pattern of command
line tools.
But someone implements this behind an option, it shouldn't do any harm.
Lastly I note that the domain to use DNS SRV should come from the
user (or application
entity), not the local host. Using the local resolver configuration
is a really
bad idea.
-- Kurt
>
> For the full suggestion, see:
>
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=221173
>
> It looks like much of the necessary code is already there in
> libldap, and
> looking at the libldap code, you could also intuit the correct
> server based on
> any search base provided.
>
>