Re: OpenLDAP and DNS SRV records

-- Kind Regards, Gavin Henry. Managing Director. T +44 (0) 1224 279484 M +44 (0) 7930 323266 F +44 (0) 1224 824887 E ghenry@suretecsystems.com Open Source. Open Solutions(tm). http://www.suretecsystems.com/ Suretec Systems is a limited company registered in Scotland. Registered number: SC258005. Registered office: 13 Whiteley Well Place, Inverurie, Aberdeenshire, AB51 4FP. Subject to disclaimer at http://www.suretecgroup.com/disclaimer.html -----Original Message----- From: "Matt Kowske" jmkowske@gmail.com Date: Wed, 17 Dec 2008 17:12:33 To: Gavin Henryghenry@openldap.org Cc: openldap-software@openldap.org Subject: Re: OpenLDAP and DNS SRV records Disregard, I've figured out it needs to be of the form: ldap:///dc%3Ddomain%2Cdc%3Dcom On Wed, Dec 17, 2008 at 4:38 PM, Matt Kowske jmkowske@gmail.com wrote: > Thank you. could you provide an example of this functionality with > ldapsearch? > > ldapsearch -x -v -H "dc%3Ddomain%2Cdc%3Dcom" -b "CN=Users,DC=domain,DC=com" > -D "CN=Matt Kowske,CN=Users,DC=domain,DC=com" -W "samaccountname=mkowske" > > Could not parse LDAP URI(s)=dc%3Ddomain%2Cdc%3Dcom (3) > > This is ldap version 2.4.11. I (tried) to look at the code, and and found > the section of code in common.c where it is erroring out, but couldn't > determine much beyond that. Why is the above not being recognized as a DN? > It should not be parsed as a URI according to the man page. > > -Matt > > > On Wed, Dec 17, 2008 at 3:14 PM, Gavin Henry ghenry@openldap.org wrote: > >> >> ----- "Matt Kowske" jmkowske@gmail.com wrote: >> >> > I apologize, but I did find a reference on how to do this in the man >> > page for ldapsearch: >> > >> > .BI -H \ ldapuri >> > Specify URI(s) referring to the ldap server(s); >> > a list of URI, separated by whitespace or commas is expected; >> > only the protocol/host/port fields are allowed. >> > As an exception, if no host/port is specified, but a DN is, >> > the DN is used to look up the corresponding host(s) using the >> > DNS SRV records, according to RFC 2782. The DN must be a non-empty >> > sequence of AVAs whose attribute type is "dc" (domain component), >> > and must be escaped according to RFC 2396. >> > >> > My question then, is this also possible when not using the ldapsearch >> > tool, but using the ldap library calls/API or is this change in 2.4 >> > exclusive to the command line tools? >> >> The client tools all use libldap. >> >> Thanks. >> >> -- >> Kind Regards, >> >> Gavin Henry. >> OpenLDAP Engineering Team. >> >> E ghenry@OpenLDAP.org >> >> Community developed LDAP software. >> >> http://www.openldap.org/project/ >> > >