Use SRV record for LDAP Authentication
Maybe it is me, but, using an SRV record to resolve to either SSL or TLS LDAP server doesn't work. IMO, this would provide elegant failover for authentication.
Keep up the great work.
Updated by Jim Pingle over 4 years ago
pfSense is at the mercy of the PHP LDAP module here, which itself uses OpenLDAP.
There isn't a way I could see to trigger the use of SRV records through PHP. From the CLI you can use `-H ldap://<dn>` and it will attempt to find an SRV record for the DN (not a hostname!) so even that doesn't seem optimal. Maybe this will improve in the future, but your best bet is to lobby to PHP to have support for this added to the LDAP module first.
Updated by fw admin over 4 years ago
Thank you for the thoughtful response. I'll submit the feature to php-ldap!
Updated by Viktor Gurov almost 3 years ago
unchanged since 2018: