Project

General

Profile

Feature #8775

Use SRV record for LDAP Authentication

Added by fw admin about 1 year ago. Updated about 1 year ago.

Status:
New
Priority:
Very Low
Assignee:
-
Category:
Authentication
Target version:
Start date:
08/09/2018
Due date:
% Done:

0%

Estimated time:

Description

Maybe it is me, but, using an SRV record to resolve to either SSL or TLS LDAP server doesn't work. IMO, this would provide elegant failover for authentication.

Keep up the great work.

History

#1 Updated by Jim Pingle about 1 year ago

pfSense is at the mercy of the PHP LDAP module here, which itself uses OpenLDAP.

There isn't a way I could see to trigger the use of SRV records through PHP. From the CLI you can use `-H ldap://<dn>` and it will attempt to find an SRV record for the DN (not a hostname!) so even that doesn't seem optimal. Maybe this will improve in the future, but your best bet is to lobby to PHP to have support for this added to the LDAP module first.

#2 Updated by fw admin about 1 year ago

Thank you for the thoughtful response. I'll submit the feature to php-ldap!

Also available in: Atom PDF