Have there been any considerations in providing a similar API for a service name other than "ldap"? For example, what if I wanted to find global catalog servers? Even though GCs are Active Directory specific, I don't see why OpenLDAP would not support that type of query. It seems like a new API where the service name can be passed in as a parameter (eg. "gc") would be useful. Before using ITS to issue a bug report, I thought I'd ask via this forum.
Thanks.
Marc Lavergne writes:
Have there been any considerations in providing a similar API for a service name other than "ldap"? For example, what if I wanted to find global catalog servers? Even though GCs are Active Directory specific, I don't see why OpenLDAP would not support that type of query.
I don't see much point. dnssrv for LDAP is close to dead outside the Microsoft world: _ldap._tcp.<domain> is also in practice Active Directory specific, because Microsoft "stole" it for their own purpose. That is, when a site sets up Active Directory they are supposed to point _ldap._tcp.<their domain> at their Active Directory serveres.
So if the site has Windows and uses Active Directory for that, but uses another server for LDAP, they have two choices: Fight Microsoft and likely buy themselves a world of trouble with users who expect the "normal" AD setup, or drop _ldap._tcp.<domain> for its intended use. I can't imagine many choose the former.
(Unless I'm out of touch - for all I know they've switched to use something else with Vista. I don't use Windows myself.)
Hallvard B Furuseth wrote:
_ldap._tcp.<domain> is also in practice Active Directory specific, because Microsoft "stole" it for their own purpose. That is, when a site sets up Active Directory they are supposed to point _ldap._tcp.<their domain> at their Active Directory serveres.
So if the site has Windows and uses Active Directory for that, but uses another server for LDAP, they have two choices: Fight Microsoft and likely buy themselves a world of trouble with users who expect the "normal" AD setup, or drop _ldap._tcp.<domain> for its intended use. I can't imagine many choose the former.
I'm far away from being a MS endorser but let's keep objective here: If you set up MS AD you MUST clarify DNS name spaces issues *before* that. But solving this is really easy by e.g. defining separate sub-domains in DNS for MS AD and other LDAP services. Not a big deal and not a show-stopper for using SRV _ldap._tcp.name for non-AD LDAP services.
Ciao, Michael.
On Nov 21, 2008, at 12:05 PM, Marc Lavergne wrote:
Even though GCs are Active Directory specific, I don't see why OpenLDAP would not support that type of query.
Er, because they are AD specific. I note that the particulars of DNS SRV lookup for any particular application protocol/service is application protocol/service, per the DNS SRV technical specification. I think it quite reasonable to leave implementation of general (multi-protocol/service) framework for DNS SRV lookups to general purpose (DNS and/or discovery) libraries.
-- Kurt
Marc Lavergne wrote:
Have there been any considerations in providing a similar API for a service name other than "ldap"? For example, what if I wanted to find global catalog servers?
If you want a more generic API for services outside the LDAP standards it's fairly easy to hack something yourself in your favourite programming language with the help of a decent DNS module.
Even though GCs are Active Directory specific, I don't see why OpenLDAP would not support that type of query. It seems like a new API where the service name can be passed in as a parameter (eg. "gc") would be useful.
It's very proprietary. I'm not even sure whether _gc._tcp was registered by IANA for that purpose.
Ciao, Michael.
-
Hallvard B Furuseth -
Kurt Zeilenga -
Marc Lavergne -
Michael Ströder