On Mon, Jun 11, 2012 at 10:04:59AM +0300, ????? ??????? wrote: > Does Postfix support LDAP URI like ldapsearch?
Actually, OpenLDAP does not (properly) support SRV record-based LDAP URIs. > With ldapsearch in order to connect to AD controller I use next > URI: ldap:///dc%3Dtestdomain%2Cdc%3Dlocal This syntax is dead wrong, it should be "ldap:///dc=testdomain,dc=local"; The "=" and "," in this context are delimiters between elements of the URI path component, and should ONLY be escaped when a delimiter needs to become a literal character. Therefore, you would only use ldap:///dc=testdomain%2Cdc=local when your domain name is "testdomain,dc=local", which it plainly is not. Secondly, and more importantly, the (broken) SRV syntax is supported not by the OpenLDAP library, but by the command-line utility code that produces ldapsearch(1), ldapmodify(1), ... So this SRV syntax is not available to applications that use OpenLDAP, for example Postfix. I would like to see proper SRV-based LDAP URIs in the OpenLDAP library, based on correctly formed escaping rules. Sadly the support for these is a half-baked hack in the command-line utilities. -- Viktor.
