[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: DNS discovery for OpenLDAP?

Quoting Howard Chu <hyc@symas.com>:

Russ Allbery wrote:

I'm not sure if this is also available directly in the library or if the
client has to implement it.

This feature is implemented in the OpenLDAP client code, not in libldap.

Okay, so I created these DNS records in my example.com zone file:

   _ldap._tcp   IN   SRV   10 0 389 server1
   _ldap._tcp   IN   SRV   20 0 389 server2

... and I got this to work:

   ldapsearch -H ldap:///dc%3Dexample%2Cdc%3Dcom uid=jsmith

(That's "dc=example,dc=com" escaped according to RFC 2396).

However, if /etc/ldap/ldap.conf could be configured like this:

   BASE    dc=example,dc=com
   URI     ldap:///dc%3Dexample%2Cdc%3Dcom

... and /etc/libnss-ldap.conf and /etc/pam_ldap.conf could support about the same, now that would be more like it! Unfortunately, that doesn't work.

Correct me if I'm wrong, but I get the impression that none of the above will be possible until support for DNS SRV records is added to libldap.