Re: SRV records can't point to CNAMEs

To: debian-edu@lists.debian.org
Subject: Re: SRV records can't point to CNAMEs
From: "Andreas B. Mundt" <andi.mundt@web.de>
Date: Sat, 19 Feb 2011 09:36:49 +0100
Message-id: <20110219083648.GB12790@flashgordon>
Mail-followup-to: debian-edu@lists.debian.org
In-reply-to: <20110219071403.GB21132@login2.uio.no>
References: <E1Pq5TU-0007wL-Rk@alioth.debian.org> <20110217170302.GA26872@login1.uio.no> <20110217191331.GA30460@flashgordon> <20110218110904.GL2787@login2.uio.no> <20110218171204.GA14204@flashgordon> <20110218185442.GA21132@login2.uio.no> <20110218212955.GA29678@flashgordon> <20110219071403.GB21132@login2.uio.no>

Hi,

On Sat, Feb 19, 2011 at 08:14:03AM +0100, Petter Reinholdtsen wrote:
> [Andreas B. Mundt]
> > Hmm, I don't know how to fix this. To me it looks a bit like
> > sacrificing a clear and common DNS setup in favor of a very special
> > setup (for which I don't know how to get Kerberos working).  This
> > tuned setup works out of the box at the University of Oslo in a
> > special environment, but causes hassle and confusion probably
> > everywhere else.
> 
> Note that as far as I can tell, the university of Oslo is not a
> special environment, and the script is written to handle the common
> way to set up Kerberos and LDAP on unix in a mixed AD/Unix network.
> It allow Windows and AD clients to get their separate setup without
> one leaking into the other unless it is the indended behaviour.  The
> script also generate what seem to be a working setup for mit.edu, and
> I would very much welcome info on other environments (DNS-domains)
> where I can test it. :)
> 
> There were many considerations to take when writing the code to
> dynamically set up all clients during installation based on DNS, and I
> believe I ended up with the most sensible way to do it.
> 

Well I don't know.  But I wonder when asking for the domain's ldap
server in the basic setup right now (and not the mixed Windows AD
setup):   

root@localhost:~# nslookup -type=srv _ldap._tcp.intern
Server:         127.0.0.1
Address:        127.0.0.1#53

_ldap._tcp.intern       service = 100 0 389 tjener.intern.

I get the correct answer: LDAP is currently provided by
tjener.intern. This is what I expect.

But if I use the script debian-edu-ldapserver which I would think has
exactly the same job, to tell me the ldap server, it fails. Hopefully
this is fixed now with the latest commit. It fixes a bug that
prevented the fallback to 'ldap' in debian-edu-ldapserver to work.

Let's see how far we get with that now. But if a function called
'find_ldap_server' does not find the ldapserver which is clearly
announced by its service record in the domain, I'm not sure if that
function works as intended.

Best regards,

     Andi

Reply to:

References:
- SRV records can't point to CNAMEs (Was: r73002 - in trunk/src/debian-edu-config: debian etc/bind ldap-bootstrap)
  - From: Petter Reinholdtsen <pere@hungry.com>
- Re: SRV records can't point to CNAMEs (Was: r73002 - in trunk/src/debian-edu-config: debian etc/bind ldap-bootstrap)
  - From: "Andreas B. Mundt" <andi.mundt@web.de>
- Re: SRV records can't point to CNAMEs
  - From: Petter Reinholdtsen <pere@hungry.com>
- Re: SRV records can't point to CNAMEs
  - From: "Andreas B. Mundt" <andi.mundt@web.de>
- Re: SRV records can't point to CNAMEs
  - From: Petter Reinholdtsen <pere@hungry.com>
- Re: SRV records can't point to CNAMEs
  - From: "Andreas B. Mundt" <andi.mundt@web.de>
- Re: SRV records can't point to CNAMEs
  - From: Petter Reinholdtsen <pere@hungry.com>

Prev by Date: cron for ldap2bind and exim brocken in test debian-edu-squeeze?
Next by Date: Re: cron for ldap2bind and exim brocken in test debian-edu-squeeze?
Previous by thread: Re: SRV records can't point to CNAMEs
Next by thread: Turnig of squid
Index(es):
- Date
- Thread