Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • D dhcp
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 128
    • Issues 128
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 13
    • Merge requests 13
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Container Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • ISC Open Source ProjectsISC Open Source Projects
  • dhcp
  • Issues
  • #49
Closed
Open
Issue created Sep 09, 2019 by Ghost User@ghost

need to be able to specify DNS domain for ldap

In a large system, LDAP servers can change. We don't want to have to reconfigure every service that uses LDAP. DNS allows us to use SRV records to locate the servers. Unfortunately, although Openldap has support for looking up the LDAP servers using SRV records, the normal hostname and URI processing doesn't use that support. You have to call for it explicitly.

Also, the existing code doesn't allow you to specify a URI. Unless you exploit bugs in the parser, this limits you to specifying a single host.

This patch does two things:

  1. If ldap_server starts with ldap: or ldaps:, it is taken to be the URI, and is passed to ldap_initialize unmodified. (I make no guarantees that ldaps: will actually work, but I've tested with ldap:)
  2. If ldap_server starts with DNS:, the rest is taken to be a domainname. DNS service location is used to find the hosts and ports to build the URI. (This convention is taken from nslcd. There's a convention involving hex-encoded characters that seems unnecessarily obscure.)

If neither of these things is true, it is treated as a hostname, as before. dhcp-dns-domain.patch

Caveats:

  1. While I pass on URI's starting with ldaps:, I have no idea whether they work. I can't get either SSL or TLS to work at all, and I've tried lots of different options.
  2. Be aware that these patches are with respect to the code in Centos 7.
Edited Sep 09, 2019 by Ghost User
Assignee
Assign to
Time tracking