I am about sick to death of running into LDAP apps that need hardcoded host names. What the hell is wrong with you people? There is a perfectly good RFC out there for locating LDAP Services (as well as other services) that works quite well and you still refuse to use it. FYI, if you don’t know about it, it is RFC 2782 – A DNS RR for specifying the location of services (DNSSRV) – http://www.ietf.org/rfc/rfc2782.txt
All you are doing is making your apps susceptible to single server failure and requiring businesses to try to solve issues with failover for you. You look like a bunch of schmucks, stop that shit. I know it can be done, I saw people doing it on UNIX more than five years ago.
Amen my brother!!!
Do we still live in the world where enterprises have only 1 LDAP server? Application developers seem to think we do..
We recently just had IBM in to troubleshoot their Websphere portal crashing over and over. They had made a stink that we didn’t have redundant LDAP servers, when in fact we have hundreds of replicas, but they can only use one of them in their configuration.
So the problem is surely not just the smaller development houses…
Jef: Oh yes, IBM and WebSphere, boy do I have some “memories” from that product from about 2002/3 time frame. You will note I didn’t mention any specific company names… In actual fact some of the worst AD “integrated” programs I have had to deal have come out of some of those places like IBM and EMC and others…
I know ONE company that has Websphere, among others, and the EAs/DAs, per their mgr., have to KEEP TRACK of what apps have hardcoded to which DC. I’m glad I don’t work there anymore. 🙂
Anybody try sticking a bundle of DCs behind a CSM ? I’ve often thought about writing some middle-ware for serving up LDAP but never do because it creates a single-point-of-failure. May be relegated to sticking ADAM (with a read-only partition) on every application server that performs LDAP queries.
Mike: I recall someone doing that and running into issues with it, I don’t recall the details though.
As for ADAM read-only partitions… how will you accomplish that? I have some theories but there is no way to guarantee the read only nature.
Hi Joe,
Long time no talk. I totally agree about hardcoding hostnames. However, in some situations locating the closest DC is an expensive operation. For non-Windows based systems that aren’t site aware, finding a “close” DC can involve several LDAP and DNS queries. If the app is attempting to provide authentication capabilities with AD on the backend, doing all of these queries can impact performance. The alternative is to use non-site based SRV records with a single query, but then you might end up with a DC on the other side of the world.