[Samba] missing dns records? _ldaps._tcp ?

L.P.H. van Belle belle at bazuin.nl
Thu Aug 25 09:22:46 UTC 2016


> 
> No, I think you need to fix squid or at the very least, ask squid where
> they got _ldaps from, because it doesn't seem to exist on any AD DC.
> 
> Rowland

Thats correct Rowland, found that also.. but.. i also did find. 


_ldaps._tcp is not any standard 
But that’s what usually people do if they can't use startTLS.

And 
startTLS is prefered always before ldaps

and 
https://tools.ietf.org/html/draft-hall-ldap-whois-01 
  7.4.5.  SRV processing

  
     The query models described in this document make use of DNS SRV
     resource records whenever a new query process is started, as a way
     to locate the LDAP servers associated with a DIT.
  
     The procedure for constructing this SRV lookup is as follows:
  
        a.  Construct an SRV-specific label pair for the service type.
            For LDAP queries, this will be "_ldap._tcp", while LDAPS
            will use "_ldaps._tcp".

        b.  Append the SRV label pair to the left of the input domain
            name. In the case of an LDAP query for "example.com", this
            would result in an SRV-specific domain name of
            "_ldap._tcp.example.com".
  
        c.  Issue a DNS query for the SRV resource records associated
            with the domain name formed in step 7.4.5.b.

https://tools.ietf.org/html/rfc2782 
no word about ssl/tls..  arg :-/  

So, its all optional, as im seeing here. 

So if you preffer SSL over STARTTLS then its an option to add 
the SRV records or is an application uses/prefferes it. 
Of default _ldap._tcp with the ldaps port and set higher preference on the SRV record. 

One i must make a note of for the squid group setup. 

Thanks guys. 

Greetz, 

Louis






More information about the samba mailing list