DNS SRV Records and ldaps

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Matthew Roy <imjustmatthew [at] gmail.com>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: DNS SRV Records and ldaps
Date: Fri, 2 Sep 2011 22:29:25 -0400

My reading of nss-pam-ldapd/nslcd/cfg.c lines 212 to 215 is that
ldap:// is hard-coded into URIs added from DNS SRV records, which
matches what I'm seeing in practice - ldaps-only servers are rejected
(if ssl on is set) or simply time out (if ssl on is not set)

186     static void add_uris_from_dns(const char *filename,int lnr,
187                                   struct ldap_config *cfg,
188                                   const char *domain)
189     {
...
194       rc=ldap_domain2hostlist(domain,&hostlist);
...
203       while(hostlist!=NULL)
204       {
...
212         /* add the URI */
213         mysnprintf(buf,sizeof(buf),"ldap://%s",hostlist);
214         log_log(LOG_DEBUG,"add_uris_from_dns(): found uri: %s",buf);
215         add_uri(filename,lnr,cfg,buf);
...
218       }
219     }

What is the correct way to fix this so that DNS SRV records can be
used to point clients to the correct ldaps servers?

Does this need to be addressed in OpenLDAP first? (perhaps adding a
sister method to ldap_domain2hostlist, ldaps_domain2hostlist)

Matthew Roy
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users

DNS SRV Records and ldaps, Matthew Roy

Re: DNS SRV Records and ldaps, Jakub Hrozek
- Re: DNS SRV Records and ldaps, Matthew Roy

Prev by Date: Patch: strip domain part of uid (passwd, shadow)
Next by Date: Re: DNS SRV Records and ldaps
Previous by thread: Patch: strip domain part of uid (passwd, shadow)
Next by thread: Re: DNS SRV Records and ldaps