[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4996) Use SRV records to locate local server for command-line clients

On Jun 2, 2007, at 5:31 AM, rra@stanford.edu wrote:

> Full_Name: Russ Allbery
> Version: 2.3.35
> OS: Debian
> URL:
> Submission from: (NULL) (
> A user of the Debian OpenLDAP package requested support in the  
> command-line
> utilities for using SRV entries to locate the local LDAP server.  My
> understanding of the suggestion is that if one didn't specify -h or  
> -H, a SRV
> record lookup would be tried before falling back to localhost.   
> (You may not
> want to change the default behavior, though, and add another switch.)

One could use DNS SRV on the domain provided by -H, or by ldap.conf 
(5), and
use it present, with (likely best) or without an option to enable the  

One could also use DNS SRV on the domain associated with the  
DN with an option to enable this behavior.  That is, ldapsearch -b  
would cause a DNS SRV lookup on example.org.  This is what the DNSSRV  

Not sure adding to the command line tools would be especially  
useful.  That is,
I don't think DNS SRV fits well in the common use pattern of command  
line tools.
But someone implements this behind an option, it shouldn't do any harm.

Lastly I note that the domain to use DNS SRV should come from the  
user (or application
entity), not the local host.  Using the local resolver configuration  
is a really
bad idea.

-- Kurt

> For the full suggestion, see:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=221173
> It looks like much of the necessary code is already there in  
> libldap, and
> looking at the libldap code, you could also intuit the correct  
> server based on
> any search base provided.