need to be able to specify DNS domain for ldap
In a large system, LDAP servers can change. We don't want to have to reconfigure every service that uses LDAP. DNS allows us to use SRV records to locate the servers. Unfortunately, although Openldap has support for looking up the LDAP servers using SRV records, the normal hostname and URI processing doesn't use that support. You have to call for it explicitly.
Also, the existing code doesn't allow you to specify a URI. Unless you exploit bugs in the parser, this limits you to specifying a single host.
This patch does two things:
- If ldap_server starts with ldap: or ldaps:, it is taken to be the URI, and is passed to ldap_initialize unmodified. (I make no guarantees that ldaps: will actually work, but I've tested with ldap:)
- If ldap_server starts with DNS:, the rest is taken to be a domainname. DNS service location is used to find the hosts and ports to build the URI. (This convention is taken from nslcd. There's a convention involving hex-encoded characters that seems unnecessarily obscure.)
If neither of these things is true, it is treated as a hostname, as before. dhcp-dns-domain.patch
- While I pass on URI's starting with ldaps:, I have no idea whether they work. I can't get either SSL or TLS to work at all, and I've tried lots of different options.
- Be aware that these patches are with respect to the code in Centos 7.