[Samba] missing dns records? _ldaps._tcp ?
L.P.H. van Belle
belle at bazuin.nl
Thu Aug 25 09:22:46 UTC 2016
> No, I think you need to fix squid or at the very least, ask squid where
> they got _ldaps from, because it doesn't seem to exist on any AD DC.
Thats correct Rowland, found that also.. but.. i also did find.
_ldaps._tcp is not any standard
But that’s what usually people do if they can't use startTLS.
startTLS is prefered always before ldaps
7.4.5. SRV processing
The query models described in this document make use of DNS SRV
resource records whenever a new query process is started, as a way
to locate the LDAP servers associated with a DIT.
The procedure for constructing this SRV lookup is as follows:
a. Construct an SRV-specific label pair for the service type.
For LDAP queries, this will be "_ldap._tcp", while LDAPS
will use "_ldaps._tcp".
b. Append the SRV label pair to the left of the input domain
name. In the case of an LDAP query for "example.com", this
would result in an SRV-specific domain name of
c. Issue a DNS query for the SRV resource records associated
with the domain name formed in step 7.4.5.b.
no word about ssl/tls.. arg :-/
So, its all optional, as im seeing here.
So if you preffer SSL over STARTTLS then its an option to add
the SRV records or is an application uses/prefferes it.
Of default _ldap._tcp with the ldaps port and set higher preference on the SRV record.
One i must make a note of for the squid group setup.
More information about the samba