Using DNS to implement a meta-domain scheme
Original Publication Date: 2001-Apr-01
Included in the Prior Art Database: 2003-Jun-19
Disclosed is a technique for publishing and categorizing information about LDAP servers in the Domain Name System (DNS). This invention makes it possible to locate an LDAP server, using DNS, that meets the specific needs of the application. For example, a user might need to authenticate to a particular security domain, using the LDAP server that supports the user's security domain. IBM* has implemented an LDAP service locator function that uses information stored in DNS to locate LDAP servers. Essentially, the application looks for SRV records tagged with "ldap.tcp" to easily identify a set of LDAP servers, along with their associated host names, IP addresses and other interesting information. The invention described here is an extension that permits groups of LDAP servers to be categorized into "security domains", also called "enetwork domains". This is perform by simply adding the name of the enetwork domain to the search tag, as follows, where we want to group a set of servers together. The technique described here can also be used for other types of services, not just LDAP. The following DNS record depicts the information that must be added to DNS to simply find an LDAP server.