Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support SRV record lookup and failover (rfc2782) #191

Closed
cperrin88 opened this issue Feb 27, 2015 · 8 comments
Closed

Support SRV record lookup and failover (rfc2782) #191

cperrin88 opened this issue Feb 27, 2015 · 8 comments
Labels
Feature Requests

Comments

@cperrin88
Copy link

To allow higher availability for LDAP, it would be nice if this implementation supported looking up SRV records according to rfc2782.

The lookup would be on

_ldap._tcp_.$HOSTNAME

and would return a list like

_ldap._tcp.example.com. 600 IN  SRV 0 100 389 ldap1.example.com
_ldap._tcp.example.com. 600 IN  SRV 0 100 389 ldap2.example.com
_ldap._tcp.example.com. 600 IN  SRV 0 100 389 ldap3.example.com

These should be tried according to the priority and weight fields. Pages 5 and 6 of rfc2782 explain how te process should work.

Real world use would be for example for Active Directories in a HA setup.
@mtodd
Copy link
Member

mtodd commented Apr 10, 2015

@cperrin88 is this something that necessarily belongs inside of the client library or is something that can be negotiated externally and then passed into the client library once a host is selected?

@cperrin88
Copy link
Author

Yes I think so. It is a standard feature of Active Directory and this is the easiest way to make this centraly available. It is not uncommon for one DC to be down and Switching could be seamless without everyone putting that part in their software.

@javanthropus
Copy link

I have created a gem that can assist with this feature request: https://rubygems.org/gems/resolv-srv. The example included with its README file shows one way to use it with net-ldap to perform SRV record lookups, but it would be nicer if this facility were directly integrated into net-ldap. That way the library could more seamlessly switch servers when necessary without the consumer code needing to handle the details.

@jch
Copy link
Member

jch commented Sep 18, 2015

@javanthropus thanks for the link. As valuable as this sounds, I don't have the bandwidth to maintain this. It looks like a straightforward single lib file. As a compromise, I propose adding a section to the readme that links to useful ruby LDAP utilities #220

@jch jch closed this as completed Sep 18, 2015
@javanthropus
Copy link

Thanks for adding the reference in the README. Hopefully, others find the library and can make use of it.

I'm not sure what exactly you don't have bandwidth to maintain though. If someone were to provide a PR with minimal changes that enables using this library as an external dependency, would you consider it?

It should be possible to add a single, optional attribute to Net::LDAP providing the domain in which to search that gets passed to Net::LDAP::Connection. If that attribute is set Net::LDAP::Connection would then perform SRV lookups to find servers and try each one in turn until it successfully opens a connection.

@javanthropus
Copy link

@jch I actually have a very minimal patch that doesn't introduce any dependency on the resolv-srv library. Instead, I introduced a new attribute named hosts which is an enumerable of host-port pairs that defaults to the values of the existing host and port attributes. Net::LDAP::Connection is provided this enumerable and iterates over it until a connection can be made. Should all attempts fail, an exception is raised containing all accumulated exception messages.

Manual testing works, but before I go adding a bunch of automation, are you interested?

@javanthropus javanthropus mentioned this issue Sep 28, 2015
Merged
@jch
Copy link
Member

jch commented Sep 28, 2015

I'm not sure what exactly you don't have bandwidth to maintain though. If someone were to provide a PR with minimal changes that enables using this library as an external dependency, would you consider it?

@javanthropus I'm sure it's a valuable feature, but it's not part of the core LDAP spec, and is out of scope for this library. Yes, it would be convenient to have it work out of the box, but having a separate dedicated gem with a maintainer like yourself who is knowledgeable about the feature ensures that it works long term.

@javanthropus
Copy link

@jch thanks for the clarification. I believe the solution provided in #223 is better in general since all that is needed there is a list object that responds to the each method and yields host-port pairs. The details of populating that list are removed from net-ldap entirely and allow for people to provide static or randomized lists or even lists created via SRV lookups. Just having the ability to provide a randomized list would be a boon for applications that wish to load balance their LDAP servers better.

Please take a look at #223 and tell me what you think about it. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature Requests
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mtodd @jch @cperrin88 @javanthropus