[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7301) Improve DNS SRV support in OpenLDAP

quanah@OpenLDAP.org wrote:
> Full_Name: Quanah Gibson-Mount
> Version: 2.4.31
> OS:
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (
> LDAP URI handling via SRV records is not in the library. In
> particular, an OpenLDAP library client that specifies a
> (correctly formed or otherwise) LDAP URI of the form:
> 	ldap:///dc=example,dc=com/
> will not be connected to the LDAP servers found in the SRV records
> for _ldap._tcp.example.com. That code is only in the ldapsearch(1)
> and related tools.
> The existence of the low-level support functions in the library is
> of no help to users who want to specify URIs that resolve to the
> underlying LDAP servers via SRV records.

Tough luck. Currently ldap:/// means localhost. Changing the library behavior 
here would be a pretty drastic incompatible change and would break pretty much 
all existing software. This has been discussed and shot down before, and 
rejecting this request is the only correct outcome for this ITS.

> Also, the SRV -> host:port list lookup code that is in the library
> (but not tied to the libraries connection establishment code) is
> broken, it ignores the weight and priority which is not a good
> idea, the published SRV priorities and weights must not be ignored.

priorities/weights are already the subject of ITS#7027.

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/