This is an LDAP improvement request to enhance support for Active Directory LDAP server discovery via DNS SRV records. Active Directory will by default dynamically publish all LDAP servers available in the domain. This client feature would apply to all platform builds, not just Windows.
I suggest adding a configuration option say security.ldap.msad (default false) to explicitly enable AD discovery. The corresponding security.ldap.servers parameter would need to contain the AD domain name where the SRV records are populated. Optionally, you may attempt to detect the domain name by truncating the hostname and/or traversing up towards the TLD of the FQDN. A successful query against the "_ldap._tcp." SRV records will indicate success of discovery, as this sample indicates:
nslookup
> set q=SRV
> _ldap._tcp.mongodb.org.
Server: UnKnown
Address: 172.31.1.5
_ldap._tcp.mongodb.org SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = adc1.mongodb.org
adc1.mongodb.org internet address = 172.31.1.5
The other resource records can be used to specify the LDAP port. In the likely case that multiple servers are discovered, you may optionally consider the priority and weight to determine LDAP server preference.
Additional reference material can be found on a MSKB here.
- depends on
-
SERVER-59048 Add support for SRV and SRV raw to LDAPDNSResolverCache
-
- Closed
-
- related to
-
-
- Closed
-