[Samba] missing dns records? _ldaps._tcp ?
L.P.H. van Belle
belle at bazuin.nl
Thu Aug 25 09:22:46 UTC 2016
>
> No, I think you need to fix squid or at the very least, ask squid where
> they got _ldaps from, because it doesn't seem to exist on any AD DC.
>
> Rowland
Thats correct Rowland, found that also.. but.. i also did find.
_ldaps._tcp is not any standard
But that’s what usually people do if they can't use startTLS.
And
startTLS is prefered always before ldaps
and
https://tools.ietf.org/html/draft-hall-ldap-whois-01
7.4.5. SRV processing
The query models described in this document make use of DNS SRV
resource records whenever a new query process is started, as a way
to locate the LDAP servers associated with a DIT.
The procedure for constructing this SRV lookup is as follows:
a. Construct an SRV-specific label pair for the service type.
For LDAP queries, this will be "_ldap._tcp", while LDAPS
will use "_ldaps._tcp".
b. Append the SRV label pair to the left of the input domain
name. In the case of an LDAP query for "example.com", this
would result in an SRV-specific domain name of
"_ldap._tcp.example.com".
c. Issue a DNS query for the SRV resource records associated
with the domain name formed in step 7.4.5.b.
https://tools.ietf.org/html/rfc2782
no word about ssl/tls.. arg :-/
So, its all optional, as im seeing here.
So if you preffer SSL over STARTTLS then its an option to add
the SRV records or is an application uses/prefferes it.
Of default _ldap._tcp with the ldaps port and set higher preference on the SRV record.
One i must make a note of for the squid group setup.
Thanks guys.
Greetz,
Louis
More information about the samba
mailing list