On Jun 2, 2007, at 5:31 AM, rra(a)stanford.edu wrote:
Full_Name: Russ Allbery
Version: 2.3.35
OS: Debian
URL:
Submission from: (NULL) (171.66.157.14)
A user of the Debian OpenLDAP package requested support in the
command-line
utilities for using SRV entries to locate the local LDAP server. My
understanding of the suggestion is that if one didn't specify -h or
-H, a SRV
record lookup would be tried before falling back to localhost.
(You may not
want to change the default behavior, though, and add another switch.)
One could use DNS SRV on the domain provided by -H, or by ldap.conf
(5), and
use it present, with (likely best) or without an option to enable the
behavior.
One could also use DNS SRV on the domain associated with the
baseObject/target
DN with an option to enable this behavior. That is, ldapsearch -b
"dc=example,dc=org"
would cause a DNS SRV lookup on
example.org. This is what the DNSSRV
backend
does.
Not sure adding to the command line tools would be especially
useful. That is,
I don't think DNS SRV fits well in the common use pattern of command
line tools.
But someone implements this behind an option, it shouldn't do any harm.
Lastly I note that the domain to use DNS SRV should come from the
user (or application
entity), not the local host. Using the local resolver configuration
is a really
bad idea.
-- Kurt
For the full suggestion, see:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=221173
It looks like much of the necessary code is already there in
libldap, and
looking at the libldap code, you could also intuit the correct
server based on
any search base provided.