[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP and DNS SRV records

To: "Buchan Milne" <bgmilne@staff.telkomsa.net>, openldap-software@openldap.org, "Pierangelo Masarati" <ando@sys-net.it>
Subject: Re: OpenLDAP and DNS SRV records
From: "Gavin Henry" <gavin.henry@gmail.com>
Date: Tue, 30 Dec 2008 17:18:45 +0000
Content-disposition: inline
In-reply-to: <200812301334.25238.bgmilne@staff.telkomsa.net>
References: <cc7bed4e0812171309l48af3344gc0cac2ef223c3037@mail.gmail.com> <cc7bed4e0812171438q394b96abq4ff43308136d6119@mail.gmail.com> <49498A1B.8030806@sys-net.it> <200812301334.25238.bgmilne@staff.telkomsa.net>

It is Buchan. See andos reply.

On 30/12/2008, Buchan Milne <bgmilne@staff.telkomsa.net> wrote:
> On Thursday 18 December 2008 01:24:11 Pierangelo Masarati wrote:
>> Matt Kowske wrote:
>> > Thank you.  could you provide an example of this functionality with
>> > ldapsearch?
>> >
>> > ldapsearch -x -v -H "dc%3Ddomain%2Cdc%3Dcom" -b
>> > "CN=Users,DC=domain,DC=com" -D "CN=Matt
>> > Kowske,CN=Users,DC=domain,DC=com"
>> > -W "samaccountname=mkowske"
>> >
>> > Could not parse LDAP URI(s)=dc%3Ddomain%2Cdc%3Dcom (3)
>> >
>> > This is ldap version 2.4.11.  I (tried) to look at the code, and and
>> > found the section of code in common.c where it is erroring out, but
>> > couldn't determine much beyond that. Why is the above not being
>> > recognized as a DN? It should not be parsed as a URI according to the
>> > man
>> > page.
>>
>> The man page says: "if no host/port is specified, but a DN is...".  It
>> means that:
>>
>> - you must provide a(n RFC 45) LDAP URI
>>
>> - it must contain no host/port
>>
>> - it must contain a DN
>>
>> yours is not a LDAP URI.  Try something like "ldap:///dc=domain,dc=com";.
>>
>> The 2.4 client tools have been modified to support this feature.
>> However, they use libldap to perform this.  See clients/tools/common.c,
>> the calls to ldap_dn2domain(3) and ldap_domain2hostlist(3) calls (I
>> don't think they actually have a man page...).  Those calls are
>> available in libldap since 2.0, I believe, in 2000.
>
> Is there a reason this isn't implemented in the library? As far as I
> understand, at present only the OpenLDAP utilities will work with this URI,
> while if it were implemented in the library, other LDAP clients using the
> OpenLDAP library which don't already support a similar feature (sudo is the
> best example I can think of in this case, though various other desktop
> software could benefit) would get it for free?
>
> (nss_ldap has it's own implementation of this feature, but the configuration
> is different and probably not compatible with sudo if sudo uses the nss_ldap
> configuration file).
>
> Regards,
> Buchan
>

-- 
Sent from my mobile device

http://www.suretecsystems.com/services/openldap/

References:
- Re: OpenLDAP and DNS SRV records
  - From: "Matt Kowske" <jmkowske@gmail.com>
- Re: OpenLDAP and DNS SRV records
  - From: "Matt Kowske" <jmkowske@gmail.com>
- Re: OpenLDAP and DNS SRV records
  - From: Pierangelo Masarati <ando@sys-net.it>
- Re: OpenLDAP and DNS SRV records
  - From: Buchan Milne <bgmilne@staff.telkomsa.net>

Prev by Date: Re: OpenLDAP and DNS SRV records
Next by Date: Re: OpenLDAP and DNS SRV records
Index(es):
- Chronological
- Thread