Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Resolving LDAP servers via SRV records #5
Currently, when requesting Kerberos ticket to the LDAP service, the JAAS login module (such as LdapDnAuthorizationModule) builds SPN by prepending "ldap/" to hostname specified in the ldapUrl. So if in the login module parameters appears:
This actually forces me to list specific DC or DCs in the ldapUrl, which, of course, isn't very flexible and can lead to problems, if these DCs are decomissioned and replaced by new ones.
In Active Directory, such discovery problems are solved by so-called SRV records in DNS. For example, SRV record
It would be great, if ldaptive login modules could make use of this mechanism.