Re: [nssldap] Active Directory Server and strange referrals like DomainDnsZones ForestDnsZones - Unable to chase referral

["Jamin W. Collins" <jcollins [at] asgardsrealm.net>]

Jodok Ole Müllers wrote:
> 
> It turned out that this errors were cause by the ADS sending not only data 
> but also strange referrals:
> 
> ldapsearch -x -H ldap://10.2.1.70 -D "CN=ldap,CN=Users,DC=av-verlag,DC=de" -W 
> -b "dc=av-verlag,dc=de" 
> .... a lot of ldif here, and at the end of the output: ...
> # search reference
> ref: ldap://ForestDnsZones.av-verlag.de/DC=ForestDnsZones,DC=av-verlag,DC=de
> 
> # search reference
> ref: ldap://DomainDnsZones.av-verlag.de/DC=DomainDnsZones,DC=av-verlag,DC=de
> 
> # search reference
> ref: ldap://av-verlag.de/CN=Configuration,DC=av-verlag,DC=de
> 
> These hostnames after the ldap:// are not valid hostnames.
> I am wondering where they are comming from.
> To work around this problem I added this to /etc/hosts:
> 10.2.1.70       ForestDnsZones.av-verlag.de
> 10.2.1.70       DomainDnsZones.av-verlag.de
> 10.2.1.70       av-verlag.de
> 
> This works, but is dirty.
> 
> My ADS admin was not able to tell me what these
> referals are about nor does he know how to disable them.
> He told me that they returned by default.
> 
> Is this a known problem ?
> Can I tell libnss-ldap to ignore them somehow ?

I'm not an expert on integrating LDAP with MS ADS by any means (never
done it).

Is av-verlag.de your company's domain or in any way related to your
company?  These two sub listings ForestDnsZones and DomainDnsZones
appear to be a standard part of MS ADS and I suspect they are missing
from your companies ADS server(s):

http://forums.techarena.in/showthread.php?t=503672
http://www.tomshardware.com/forum/196043-46-forestdnszones-domaindnszones-listed

Found using the following search:

http://www.google.com/search?q=ads+forestdnszones