Project

General

Profile

Actions

Feature #8775

open

Use SRV record for LDAP Authentication

Added by fw admin over 3 years ago. Updated over 1 year ago.

Status:
New
Priority:
Very Low
Assignee:
-
Category:
Authentication
Target version:
Start date:
08/09/2018
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:

Description

Maybe it is me, but, using an SRV record to resolve to either SSL or TLS LDAP server doesn't work. IMO, this would provide elegant failover for authentication.

Keep up the great work.

Actions #1

Updated by Jim Pingle over 3 years ago

pfSense is at the mercy of the PHP LDAP module here, which itself uses OpenLDAP.

There isn't a way I could see to trigger the use of SRV records through PHP. From the CLI you can use `-H ldap://<dn>` and it will attempt to find an SRV record for the DN (not a hostname!) so even that doesn't seem optimal. Maybe this will improve in the future, but your best bet is to lobby to PHP to have support for this added to the LDAP module first.

Actions #2

Updated by fw admin over 3 years ago

Thank you for the thoughtful response. I'll submit the feature to php-ldap!

Actions #3

Updated by Viktor Gurov over 1 year ago

Actions

Also available in: Atom PDF