How to use Bind SRV records with LDAP clients

[Jose Vicente Nunez Z <josevnz@newbreak.com>]

Greetings,

I'm trying to use SRV records with OpenLDAP so my clients ask the DNS
server directly for the service; So far (please correct me if i'm wrong)
the setup looks like this:

1) Comment out the 'HOST' entry in the ldap.conf file (this forces the
NSS library to use the SRV record on the DNS server).
2) Add something like the following to the DNS server zone file:


_ldap._tcp.subdomain.domain.com. 1D IN SRV 0 1 389 myserver

But when i try to run a query looks like the client is not using this
facility:

[root@linux0037 root]# ldapsearch -d5 -x -LLL -b
"nisMapName=auto.master,dc=XXXX,dc=ZZZ" "cn" "nisMapEntry" -s sub|grep
-v dn
ldap_create
ldap_bind_s
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host: localhost
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 127.0.0.1:389
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_ndelay_on: 3
ldap_is_sock_ready: 3
ldap_is_socket_ready: error on socket 3: errno: 111 (Connection refused)
ldap_close_socket: 3
ldap_perror
ldap_bind: Can't contact LDAP server
[root@linux0037 root]# 

Please note than my LDAP dn doesn't contain the DNS subdomain.

Any ideas about how i can troubleshoot this problem?

How i can debug whats going on? (look like my client is not even trying
to use the SRV DNS record)

TIA,

JV.


-- 
José Vicente Núñez Zuleta (josevnz at newbreak dot com)
Newbreak LLC System Administrator