[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8610) ldaps not usable with DNS SRV

To: openldap-its@OpenLDAP.org
Subject: (ITS#8610) ldaps not usable with DNS SRV
From: Silvio.Wanka@fiege.com
Date: Mon, 06 Mar 2017 14:48:57 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Silvio Wanka
Version: openldap-client-2.4.44
OS: FreeBSD 10.3-RELEASE-p16
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (62.138.118.158)


Hi,

if I use "ldap:///dc%3Dexample%2Cdc%3Dorg"; on a test system all works properly
but I must use LDAPS on a DMZ system and so I try
"ldaps:///dc%3Dexample%2Cdc%3Dorg" but this search for a ldap DNS SRV record
which of course returns the normal ldap port not the ldaps port. This can't
work, because a firewall is between.
Is this normal (by design) or an bug? There is also an old discussion on your
site: http://www.openldap.org/lists/openldap-technical/201203/msg00027.html.
IMO should OpenSSL either support DNS SRV lookup for each scheme or for none.

TIA,
Silvio

Prev by Date: (ITS#8609) segfault in mods.c - modify_add_values
Next by Date: Re: (ITS#8607) Second master in MMR config logging contextCSN changes to accesslog
Index(es):
- Chronological
- Thread