[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#5752) ldapadd/ldapmodify do not follow referrals
That's by design. Since following referrals non-anonymously is
inherently unsafe, automatically chasing referrals implies allowing the
user to either (a) acknowledge automatic chasing based on the referral's
value, or (b) be prompted for the correct credentials. I don't see too
much difference between this and requiring the user to manually chase
referrals.
The right solution to your problem consists in configuring your slapd
with slapo-chain(5) in order to delegate referral chasing to the DSA.
In that case, automatic chasing would be performed within a well-agreed
authentication/authorization pattern, and the client wouldn't even know
a referral was returned.
I'd consider this ITS closed, unless you intend to provide a patch that
(optionally) implements (a) and (b) above.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Fax: +39 0382 476497
Email: ando@sys-net.it
-----------------------------------