[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap_domain2hostlist is for "ldap" service only

To: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Subject: Re: ldap_domain2hostlist is for "ldap" service only
From: Michael Ströder <michael@stroeder.com>
Date: Sat, 22 Nov 2008 15:08:52 +0100
Cc: openldap-bugs@openldap.org
In-reply-to: <hbf.20081121wr3o@bombur.uio.no>
References: <OFAC168D04.08D6AC39-ON85257508.006DF48B-85257508.006E567A@us.ibm.com> <hbf.20081121wr3o@bombur.uio.no>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.18) Gecko/20081030 SeaMonkey/1.1.13

Hallvard B Furuseth wrote:

_ldap._tcp.<domain> is also in practice Active
Directory specific, because Microsoft "stole" it for their own purpose.
That is, when a site sets up Active Directory they are supposed to point
_ldap._tcp.<their domain> at their Active Directory serveres.

So if the site has Windows and uses Active Directory for that, but
uses another server for LDAP, they have two choices: Fight Microsoft
and likely buy themselves a world of trouble with users who expect
the "normal" AD setup, or drop _ldap._tcp.<domain> for its intended
use.  I can't imagine many choose the former.

I'm far away from being a MS endorser but let's keep objective here: If you set up MS AD you MUST clarify DNS name spaces issues *before* that. But solving this is really easy by e.g. defining separate sub-domains in DNS for MS AD and other LDAP services. Not a big deal and not a show-stopper for using SRV _ldap._tcp.name for non-AD LDAP services.

Ciao, Michael.

References:
- ldap_domain2hostlist is for "ldap" service only
  - From: Marc Lavergne <lavergn@us.ibm.com>
- Re: ldap_domain2hostlist is for "ldap" service only
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: Re: ldap_domain2hostlist is for "ldap" service only
Next by Date: (ITS#5825) syncrepl default is no retry
Index(es):
- Chronological
- Thread