From Release 8.1.5, you can configure Avaya Aura® Device Services to discover LDAP server instances using DNS SRV records. With this functionality, you do not need to explicitly provide the IP address or the FQDN of an LDAP server. Instead, provide a domain name, and Avaya Aura® Device Services uses DNS SRV records to discover all LDAP server instances associated with this domain name. Avaya Aura® Device Services supports this functionality for both LDAP and LDAPS protocols.

The advantage of using DNS SRV records is that you can specify multiple LDAP server instances in SRV records, and Avaya Aura® Device Services discovers all these instances automatically. For example, if you use primary and backup LDAP servers, and the primary LDAP server instance goes offline, Avaya Aura® Device Services will automatically discover and connect to the secondary LDAP server. If you do not use DNS SRV records and explicitly specify the FQDN or IP address of the primary LDAP server, Avaya Aura® Device Services cannot discover the secondary LDAP server instance. You must manually update the LDAP server IP address or FQDN on the Avaya Aura® Device Services web administration portal.

The following is a high-level workflow that Avaya Aura® Device Services performs to discover LDAP servers using DNS SRV records:

1. Obtains the domain name from the LDAP server configuration.

2. Uses the /etc/resolv.conf file to determine which DNS servers listed in this file are associated with the domain name.

3. Obtains SRV records for all LDAP servers associated with the domain name and uses these records to obtain FQDNs and port numbers of the LDAP servers.

4. If a single SRV record is found, Avaya Aura® Device Services connects to the LDAP server specified in this record.

   If multiple SRV records are found, Avaya Aura® Device Services uses the priority and weight values specified in the SRV records to determine a LDAP server to connect. Avaya Aura® Device Services connects to a LDAP server with the lowest priority value. If multiple servers have the same priority, Avaya Aura® Device Services connects to a server with the higher weight value.

For information about the actions required to set up LDAP server discovery using DNS SRV records, see Checklist for configuring LDAP discovery using DNS SRV records.

DNS SRV record overview

DNS SRV record is a record on a DNS server that defines the location of a service, such as LDAP, for a specific domain. You must provide a separate DNS SRV record for each LDAP server instance that must be discoverable using SRV lookup. If you have multiple LDAP server instances, you must create a separate DNS SRV record for each instance.

A DNS SRV record for a LDAP server uses the following format:

_<SERVICE>._tcp.<DOMAIN_NAME> IN SRV <PRIORITY> <WEIGHT> <PORT> <LDAP_FQDN>

In this entry:

• SERVICE is one of the following symbolic names for the LDAP service:

  • If you use the standard LDAP connection: ldap

  • If you use the secure LDAP (LDAPS) connection: ldaps

• DOMAIN_NAME is the domain name for which this SRV record applies. The domain name must end with a dot.

• PRIORITY is the priority of the LDAP server. Lower the value means higher the priority.

• WEIGHT is the relative weight of the record. This parameter is used if two or more records have the same priority. Higher the value means higher the relative weight of the LDAP server.

• PORT is the port to access the LDAP server.

• LDAP_FQDN is the FQDN of the LDAP server. The FQDN must end with a dot.

If you use multiple DNS servers, each DNS server must have the same SRV records for LDAP server instances.

For example, if your domain name is example.com, and you have a primary LDAP server, which FQDN is primary_ldap.example.com, and a secondary LDAP server, which FQDN is backup_ldap.example.com, you can configure DNS SRV records on your DNS servers as follows:

_ldap._tcp.example.com. IN SRV 10 100 389 primary_ldap.example.com.

_ldap._tcp.example.com. IN SRV 20 100 389 backup_ldap.example.com.

For more information about configuring SRV records on a DNS server, see the documentation for the DNS server you use in your deployment.