RSS feed

DNS SRV Records and ldaps

[Date Prev][Date Next] [Thread Prev][Thread Next]

DNS SRV Records and ldaps

My reading of nss-pam-ldapd/nslcd/cfg.c lines 212 to 215 is that
ldap:// is hard-coded into URIs added from DNS SRV records, which
matches what I'm seeing in practice - ldaps-only servers are rejected
(if ssl on is set) or simply time out (if ssl on is not set)

186     static void add_uris_from_dns(const char *filename,int lnr,
187                                   struct ldap_config *cfg,
188                                   const char *domain)
189     {
194       rc=ldap_domain2hostlist(domain,&hostlist);
203       while(hostlist!=NULL)
204       {
212         /* add the URI */
213         mysnprintf(buf,sizeof(buf),"ldap://%s",hostlist);
214         log_log(LOG_DEBUG,"add_uris_from_dns(): found uri: %s",buf);
215         add_uri(filename,lnr,cfg,buf);
218       }
219     }

What is the correct way to fix this so that DNS SRV records can be
used to point clients to the correct ldaps servers?

Does this need to be addressed in OpenLDAP first? (perhaps adding a
sister method to ldap_domain2hostlist, ldaps_domain2hostlist)

Matthew Roy
To unsubscribe send an email to or see