Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
D
dhcp
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 64
    • Issues 64
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 16
    • Merge Requests 16
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • ISC Open Source Projects
  • dhcp
  • Issues
  • #49

Closed
Open
Opened Sep 09, 2019 by Charles Hedrick@clhedrick

need to be able to specify DNS domain for ldap

In a large system, LDAP servers can change. We don't want to have to reconfigure every service that uses LDAP. DNS allows us to use SRV records to locate the servers. Unfortunately, although Openldap has support for looking up the LDAP servers using SRV records, the normal hostname and URI processing doesn't use that support. You have to call for it explicitly.

Also, the existing code doesn't allow you to specify a URI. Unless you exploit bugs in the parser, this limits you to specifying a single host.

This patch does two things:

  1. If ldap_server starts with ldap: or ldaps:, it is taken to be the URI, and is passed to ldap_initialize unmodified. (I make no guarantees that ldaps: will actually work, but I've tested with ldap:)
  2. If ldap_server starts with DNS:, the rest is taken to be a domainname. DNS service location is used to find the hosts and ports to build the URI. (This convention is taken from nslcd. There's a convention involving hex-encoded characters that seems unnecessarily obscure.)

If neither of these things is true, it is treated as a hostname, as before. dhcp-dns-domain.patch

Caveats:

  1. While I pass on URI's starting with ldaps:, I have no idea whether they work. I can't get either SSL or TLS to work at all, and I've tried lots of different options.
  2. Be aware that these patches are with respect to the code in Centos 7.
Edited Sep 09, 2019 by Charles Hedrick
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: isc-projects/dhcp#49