[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Understanding referrals
Howdy.
I'm a new user of OpenLDAP. I've been learning about LDAP for a whole week
now,
so I'm so potentially dangerous it's a wonder I still have any toes left.
I've gotten slapd working on a couple of machines now. That is, I've
installed it.
[ okay, I cheated: I'm running RedHat Linux v. 6.1, which comes with
OpenLDAP 1.2.7 ]
I've configured slapd.conf reasonably. I've fired that puppy up, added a
few entries, and even
successfully searched for them using that ed of LDAP searching, ldapsearch.
At this point, I'm trying to really understand LDAP - especially referrals.
I've become convinced
that I need referrals. (Maybe you can redirect me.) Still, I'd like to
see them work.
The setup:
Two machines - one called rabbit, the other called chicken.
Each has the following slapd.conf:
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/slapd.at.conf
include /etc/openldap/slapd.oc.conf
schemacheck off
#referral ldap://ldap.itd.umich.edu
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
######################################################################
#
# ldbm database definitions
######################################################################
#
database ldbm
suffix "dc=autozone, dc=com"
#suffix "o=AutoZone, c=US"
directory /usr/tmp
rootdn "cn=Manager, dc=autozone, dc=com"
#rootdn "cn=root, o=Your Organization Name, c=US"
rootpw betchadontcare
# cleartext passwords, especially for the root
Salient points: suffix "dc=autozone, dc=com", rootdn "cn=Manager,
dc=autozone, dc=com", and
referral is commented out.
On rabbit I've created an Organizational Unit called GrandPoobahs:
dn: ou=GrandPoobahs, dc=autozone, dc=com
objectclass: top
objectclass: organizationalUnit
ou: GrandPoobahs
And added an entry:
dn: cn=Otto Zoner, ou=GrandPoobahs, dc=autozone, dc=com
objectclass: top
objectclass: person
objectclass: organizationalPerson
cn: Otto Zoner
ou: GrandPoobahs
sn: Zoner
telephoneNumber: (901)555-1212
userPassword: reallybig
On chicken, I've created what I think is a referral to that Organizational
Unit:
dn:
ref="ldap://rabbit.autozone.com:389/ou=GrandPoobahs,dc=autozone,dc=com";,
dc=autozone, dc=com
objectclass: top
objectclass: referral
ref:
"ldap://rabbit.autozone.com:389/ou=GrandPoobahs,dc=autozone,dc=com";
[ Why, yes, Chapter 10 of "The SLAPD and SLURPD Administrator's Guide" does
document this incorrectly. ]
[ Why, yes, it's ref=, not ref: on the first line, as indicated in an
answer on this list. ]
I perform the following search:
ldapsearch -d "dc=autozone, dc=com" -s sub -a search
"(&(ou=GrandPoobahs)(objectclass=*))"
which returns:
ldap_search: Partial results and referral received
ldap_search: additional info: Referral:
"ldap://rabbit.autozone.com:389/ou=Executives,dc=autozone,dc=com";
Hey! Some kinda referral magic is going on - I can *feel* it!
What I really want for Christmas, of course, is for Otto Zoner to show up
on this query.
Isn't ldapsearch supposed to follow referrals? That is, shouldn't it be
pulling info from rabbit.
Does "follow referral" mean "pull info from the server that's referred to"
(or keep following till you do,
or you discover there ain't no such animal)?
How can I test referrals more fully - do I have to use other tools besides
ldapsearch?
Do I really need to uncomment the referral line in the slapd.conf file for
chicken and an URL for rabbit there?
Am I on the right track?
The answer to these questions and others you find useful would be much
appreciated.
Thanks in advance,
Jim Greer
Jim.Greer@autozone.com