Avoid using DNS for hostname name resolution in ldap_bind_s

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: hagaiy@xxxxxxxxx
Date: 11 Dec 2006 08:40:17 -0800

Hello,

I am using windows LDAP API (in windows 2000 / 2003 machines) to
perform LDAP queries with LDAP directories (Active Directory, Sun One
and more). I have noticed that when I provide the hostname (for example
host.domain.com) the LDAP API is trying to perform DNS queries to
resolve the target host ip address.

I have the relevant hostname & ip in a local hosts file and I would
like the LDAP API to use it instead of using DNS, my problem is that
DNS is not available from my client machine and the hosts file is used
but only after a few failed DNS attempts (I can see them using a
network sniffer), these DNS queries cause my connect to take about 10
seconds!

I must use an FQDN for the target host since I am using SSL and the
sever verification will fail if the target host name will not match the
LDAP server FQDN.

I have gone over the API documentation but I can't see anything
regarding name resolution options or DNS queries, is there a way for me
to control this (I have seen a note stating that if I provide a domain
name in the hostname parameter for ldap_sslinit then the default domain
controller will be located, so I thought that the API might be
mistaking the hostname that I provide as a domain name, but I didn't
see any explanation regarding how does the API knows that the parameter
is a domain name / host name)?

Thanks,
Hagai.

.

Follow-Ups:
- Re: Avoid using DNS for hostname name resolution in ldap_bind_s
  - From: Joe Richards [MVP]
- Re: Avoid using DNS for hostname name resolution in ldap_bind_s
  - From: strongline

Prev by Date: Re: Block inheritance on DC - password problem - nee advice
Next by Date: Re: Block inheritance on DC - password problem - nee advice
Previous by thread: Re: Block inheritance on DC - password problem - nee advice
Next by thread: Re: Avoid using DNS for hostname name resolution in ldap_bind_s
Index(es):
- Date
- Thread

Relevant Pages

Re: Turning off secured LDAP on Win2K domain controllers?
... You are trying to performa LDAP queries anonymously, ... Setting Directory Permissions The following ... > user name and "use secure password authentication" in order to pull LDAP ...
(microsoft.public.win2000.security)
Re: Automatic Generation of Python Class Files
... This could be necessary if you have an existing API that used public attributes, but changes to your code require those attributes to do additional calculations now. ... There are cases where you *really* have - by 'design' I'd say - the semantic of a property, but know from the start you'll need computation (for whatever reason). ... I once wrote a small ORM-like wrapper for LDAP access, and, for reasons that might be obvious for anyone having worked with LDAP, I choosed to keep the record values in the format used by the lower level LDAP lib and let user code access them thru computed attributes. ...
(comp.lang.python)
Re: Access Control to LDAP on AD?
... I believe you can not realistically do that as an account will at times ... be issuing Ldap queries, behind the scenes, sometimes against ... the GCs, just to function as a domain client. ... Also, not all Ldap ...
(microsoft.public.platformsdk.security)
Re: Access Control to LDAP on AD?
... I believe you can not realistically do that as an account will at times ... be issuing Ldap queries, behind the scenes, sometimes against ... the GCs, just to function as a domain client. ... Also, not all Ldap ...
(microsoft.public.security)
Re: Access Control to LDAP on AD?
... I believe you can not realistically do that as an account will at times ... be issuing Ldap queries, behind the scenes, sometimes against ... the GCs, just to function as a domain client. ... Also, not all Ldap ...
(microsoft.public.win2000.security)