LDAP server requires correct hostname to answer
The AD discovery performs an (unauthenticated) query for NetLogon to LDAP servers. The connection is established with ldap_initialize
, using the IP address of the server (ldap_disco()
in addisco.c). Later, when we ldap_search_ext
using that connection, the LDAP object has never been told the hostname.
I've encountered an AD which does not answer (timeout in ldap_disco_poller
) unless you include the hostname in the query. I'm not sure about the LDAP protocol details here, but I've spotted the difference between a succeeding ldapsearch
and the failing connection attempt from adcli
. When using ldap_init_fd
instead of ldap_initialize
, it is possible to supply both the IP (via the socket fd) and the hostname (via URI argument). This particular AD then does respond.
This might be related to my DNS issues mentioned in #34 (e.g. if OpenLDAP performs a reverse DNS search on the supplied IP, that DNS answer might also be affected in my case); however, I think it is beneficial to use ldap_init_fd
anyway: it is used in the ldaps_disco
and it allows implementing a connecting timeout because we gain control over the connect()
call.
Please note that ldap_init_fd
is available from <openldap.h>
; no need to manually declare it.