Uwe, helllo.
On 20 Feb 2023, at 13:28, Uwe Sauter wrote: > ldapsearch -x -H 'ldap://<HOST>/dc=example,dc=net' '(cn=foo)' > > instead of > > ldapsearch -x -H 'ldap:///dc=example,dc=net' '(cn=foo)' No: the documentation for the -H option says that the SRV-lookup form, with the dc= components, is only tried when the host:port element of the URI is empty. Looking at the code, the problem does appear to be that common.c:tool_args attempts to break the -H argument into multiple LDAP URIs by separating at commas, as well as spaces. That's the right thing to do to match the first sentence of the ldapsearch(1) documentation of -H, but the second sentence there (the one starting 'As an exception...') doesn't mention a list of SRV names (sensibly, since an SRV record is implicitly a list anyway), so shouldn't, I think, attempt to split the argument. As the code stands, you have to escape the ',' in order to trick the code into not splitting this argument. I noted in the OP that there's a mild code change which would make this work as expected. I'm raise this as a bugreport with suggested fix, since it doesn't sound from this discussion that there's something obvious I'm missing. Best wishes, Norman -- Norman Gray : https://nxg.me.uk
