[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7036) ldapsearch should attempt DNS-based fallback if possible

Full_Name: Sean Finney
Version: 2.4.21-0ubuntu5.5
OS: Ubuntu Lucid
Submission from: (NULL) (

We have an ldap.conf with

 URI         ldap://corp.net

where corp.net resolves to a list of about 20 round-robin balanced A records,
all of which are windows-based domain controllers for the site.  Recently, a
hiccup in change control ended up with 3 of these servers being offline but
remaining in DNS.

Therefore, with about 3/20 probability ldapsearch and friends will just sit and
hang waiting for packets to return from the void until the TCP/IP RTT timeout is

It would be nice if ldapsearch could, either by default or as an option, have
some way of iteratively trying all of the returned DNS records in the face of
such failure (which could also be from some form of network hiccup, or a crashed
server).  Bonus points if it could somehow be pre-emptive (i.e. not waiting for
the entire TCP/IP RTT timeout before trying another server).

Of course another alternative would be for us to duplicate the information from
DNS into multiple servers listed in URI, but that seems... duplicative.   But in
any event I did a quick search of the issue system and didn't see a documented
position on the matter so I figured I could at least post this and see what you
think :)