[Date Prev][Date Next]
Re: OpenLDAP and DNS SRV records
On Thursday 18 December 2008 01:24:11 Pierangelo Masarati wrote:
> Matt Kowske wrote:
> > Thank you. could you provide an example of this functionality with
> > ldapsearch?
> > ldapsearch -x -v -H "dc%3Ddomain%2Cdc%3Dcom" -b
> > "CN=Users,DC=domain,DC=com" -D "CN=Matt Kowske,CN=Users,DC=domain,DC=com"
> > -W "samaccountname=mkowske"
> > Could not parse LDAP URI(s)=dc%3Ddomain%2Cdc%3Dcom (3)
> > This is ldap version 2.4.11. I (tried) to look at the code, and and
> > found the section of code in common.c where it is erroring out, but
> > couldn't determine much beyond that. Why is the above not being
> > recognized as a DN? It should not be parsed as a URI according to the man
> > page.
> The man page says: "if no host/port is specified, but a DN is...". It
> means that:
> - you must provide a(n RFC 45) LDAP URI
> - it must contain no host/port
> - it must contain a DN
> yours is not a LDAP URI. Try something like "ldap:///dc=domain,dc=com".
> The 2.4 client tools have been modified to support this feature.
> However, they use libldap to perform this. See clients/tools/common.c,
> the calls to ldap_dn2domain(3) and ldap_domain2hostlist(3) calls (I
> don't think they actually have a man page...). Those calls are
> available in libldap since 2.0, I believe, in 2000.
Is there a reason this isn't implemented in the library? As far as I
understand, at present only the OpenLDAP utilities will work with this URI,
while if it were implemented in the library, other LDAP clients using the
OpenLDAP library which don't already support a similar feature (sudo is the
best example I can think of in this case, though various other desktop
software could benefit) would get it for free?
(nss_ldap has it's own implementation of this feature, but the configuration
is different and probably not compatible with sudo if sudo uses the nss_ldap