Re: OpenLDAP and DNS SRV records

[Buchan Milne <bgmilne@staff.telkomsa.net>]

On Thursday 18 December 2008 01:24:11 Pierangelo Masarati wrote:
> Matt Kowske wrote:
> > Thank you.  could you provide an example of this functionality with
> > ldapsearch?
> >
> > ldapsearch -x -v -H "dc%3Ddomain%2Cdc%3Dcom" -b
> > "CN=Users,DC=domain,DC=com" -D "CN=Matt Kowske,CN=Users,DC=domain,DC=com"
> > -W "samaccountname=mkowske"
> >
> > Could not parse LDAP URI(s)=dc%3Ddomain%2Cdc%3Dcom (3)
> >
> > This is ldap version 2.4.11.  I (tried) to look at the code, and and
> > found the section of code in common.c where it is erroring out, but
> > couldn't determine much beyond that. Why is the above not being
> > recognized as a DN? It should not be parsed as a URI according to the man
> > page.
>
> The man page says: "if no host/port is specified, but a DN is...".  It
> means that:
>
> - you must provide a(n RFC 45) LDAP URI
>
> - it must contain no host/port
>
> - it must contain a DN
>
> yours is not a LDAP URI.  Try something like "ldap:///dc=domain,dc=com";.
>
> The 2.4 client tools have been modified to support this feature.
> However, they use libldap to perform this.  See clients/tools/common.c,
> the calls to ldap_dn2domain(3) and ldap_domain2hostlist(3) calls (I
> don't think they actually have a man page...).  Those calls are
> available in libldap since 2.0, I believe, in 2000.

Is there a reason this isn't implemented in the library? As far as I 
understand, at present only the OpenLDAP utilities will work with this URI, 
while if it were implemented in the library, other LDAP clients using the 
OpenLDAP library which don't already support a similar feature (sudo is the 
best example I can think of in this case, though various other desktop 
software could benefit) would get it for free?

(nss_ldap has it's own implementation of this feature, but the configuration 
is different and probably not compatible with sudo if sudo uses the nss_ldap 
configuration file).

Regards,
Buchan