Hi,
I've configured correctly my DNS to provide SRV records for my ldap servers.
If I use ldap:/// , it would correctly use the entry corresponding to _ldap._tcp to make the connection:
ldapsearch -H ldap:///dc%3Dexample%2Cdc%3Dcom -v ldap_initialize( ldap://ldap.example.com:389 )
But if I use ldaps it would try to use _ldap entry instead of _ldaps. Is there a way I can avoid this?
--On Friday, June 5, 2020 7:26 PM -0400 Braiam braiamp@gmail.com wrote:
But if I use ldaps it would try to use _ldap entry instead of _ldaps. Is there a way I can avoid this?
Following up for posterity, but as you already found there is no standard describing how this would work, and in particular how it would guard against MITM attacks (https://bugs.openldap.org/show_bug.cgi?id=8610)
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
openldap-technical@openldap.org
-
Braiam -
Quanah Gibson-Mount