Uploaded image for project: 'Crowd'
  1. Crowd
  2. CWD-5601

Please add the ability to use dynamic lookups instead of DNS name lookups to connect to Active Directory on Crowd / Embedded Crowd

    XMLWordPrintable

    Details

    • Type: Suggestion
    • Status: Gathering Interest (View Workflow)
    • Resolution: Unresolved
    • Fix Version/s: None
    • Component/s: Directories
    • Labels:
      None
    • Feedback Policy:

      Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Description

      Dynamic Lookups (recommended method) - Applications should follow the guidance found in Internet Engineering Task Force Request for Comments 2782 (http://www.ietf.org/rfc/rfc2782.txt&#41;: A DNS RR for specifying the location of services (DNS SRV). The RFC outlines how a client can query for services (LDAP for domain or GC for forest) using the Domain Name System (DNS). Also, application code can use serverless binding techniques such as LDAP://RootDSE or GC://<forestname>. Serverless binding techniques allow the application code to find any available domain controller with preference given to domain controllers in the same Site (see next section "Site Aware").

      NOTE: When using the serverless binding technique, please note that LDAP://nam.nsroot.net is not the
      same as LDAP://DC=nam,DC=nsroot,DC=net.
      If the application uses LDAP://nam.nsroot.net, a domain controller is located based on the DNS
      round robin function of offering all the registered 'A' (Host) records for the domain in a random order. The impact of this method is that DNS will offer 'A' records in a random order, thus the application could receive an IP address of a remote domain controller. In addition, the records returned in response to the 'A' query may not represent domain controllers that are online or available for use by the application as DNS is not aware of the status of the domain controller or the application services it provides.
      If the application uses LDAP://DC=nam,DC=nsroot,DC=net, it is using the serverless binding
      technique and relying upon the Directory Service DCLocator function. The DCLocator function(http://msdn.microsoft.com/en-us/library/ms675900(VS.85&#41;.aspx\) is
      AD Site Aware and will select a domain controller closest to the server and will also ensure that the domain controller is responsive.

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            amarques@atlassian.com Andre Marques
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated: