lists.arthurdejong.org
RSS feed

DNS feature doesn't work with LDAPS

[Date Prev][Date Next] [Thread Prev][Thread Next]

DNS feature doesn't work with LDAPS



Package: nslcd
Version: 0.9.11

Hi, Arthur!

DNS is a great feature that allows effortless reinstall/modification of LDAP servers.
But unfortunately it does not work with LDAPS in my case.
The problem. Samba AD, uses both LDAP 389 port and LDAPS 636 port. But advertises only 389 via SRV records (AFAIK same is true for MS AD).
Therefore nslcd choses non secure LDAP 389 port. And there is no way to tell nslcd to use the LDAPS 636 port instead.

I use the configuration directives:
uri DNS:my.domain.org
ssl on

Tell me please, is the nslcd currently maintained? If so, I would suggest introducing DNSLDAPS directive, that will force using LDAPS port, or simpler way: just check if `ssl on` option is present in config file.

I am using Debian 11

Best regards,
Albert