[lsc-dev] [LDAP Synchronization Connector - Bug #789] DNS SRV records for LDAP service location cannot be used

Wed, 26 Aug 2015 13:38:29 -0700 

Issue #789 has been updated by Leszek Buczkowski.


Formatting around nslookup is wrong, it should be like this:

nslookup
set type=any
_ldap._tcp.domain.com
Server: 1.2.3.4
Address: 1.2.3.4#53

_ldap._tcp.domain.com service = 0 100 389 dc1.domain.com.
_ldap._tcp.domain.com service = 0 100 389 dc2.domain.com.

----------------------------------------
Bug #789: DNS SRV records for LDAP service location cannot be used
http://tools.lsc-project.org/issues/789

Author: Leszek Buczkowski
Status: New
Priority: High
Assigned to: Clément OUDOT
Category: Core
Target version: 
Problem in version: 2.1.3-1


Version: lsc_2.1.3-1_all.deb
System: Debian 6.0.10

Steps to reproduce:
- prepare environment with LDAP servers and DNS servers (I was using typical 
Microsoft Active Directory enviromnent)
- ensure you have at least one DNS SRV record for LDAP service location (below 
example of nslookup output from my network):

nslookup
> set type=any
> _ldap._tcp.domain.com
Server:         1.2.3.4
Address:        1.2.3.4#53

_ldap._tcp.domain.com     service = 0 100 389 dc1.domain.com.
_ldap._tcp.domain.com     service = 0 100 389 dc2.domain.com.


- configure url in lsc.xml ldapconnection like this 
<url>ldap:///DC=domain,DC=com</url> (please notice 3 slashes)
- run lsc


Expected result:
- lsc checks DNS SRV records for _ldap._tcp.domain.com
- lsc selects one service location, takes hostname and port (i.e. 
dc1.domain.com:389)
- lsc connects to this LDAP server, so "full URL" should be resolved to 
something like ldap://dc1.domain.com:389/DC=domain,DC=com

Actual result:
Aug 26 22:16:25 - INFO  - Connecting to LDAP server 
ldap://_ldap._tcp.com.domain:389/DC=domain,DC=com as 
CN=user,OU=users,DC=domain,DC=com
Aug 26 22:16:25 - ERROR - Error opening the LDAP connection to the destination! 
(javax.naming.CommunicationException: _ldap._tcp.com.domain:389 [Root exception 
is java.net.UnknownHostException: _ldap._tcp.com.domain])
Aug 26 22:16:25 - ERROR - org.lsc.exception.LscConfigurationException: 
Configuration exception: javax.naming.CommunicationException: 
_ldap._tcp.com.domain:389 [Root exception is java.net.UnknownHostException: 
_ldap._tcp.com.domain]



-- 
You have received this notification because you have either subscribed to it, 
or are involved in it.
To change your notification preferences, please click here: 
http://tools.lsc-project.org/my/account

_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-dev mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-dev

Reply via email to