Re: Referral LDAP URL and slash after hostport

[Konstantin Chuguev <Konstantin.Chuguev@dante.org.uk>]

Hi Michael and All,

Michael Ströder wrote:

> When using (patched) python-ldap with OpenLDAP 2.0.x libs and I'm
> trying to access
> ldap://ldap.surfnet.nl/c=BE
> I get back the referral LDAP URL
> ldap://tor.dante.org.uk:1389??base
>
> That's almost ok. But the slash after hostport is missing. Is that
> intentional? IMHO it should be
> ldap://tor.dante.org.uk:1389/??base
>

I had a talk with the ldap.surfnet.nl manager, Henny Bekker. There seems
to be a bug in their directory server. Henny told me they put the
correct data for referrals, but they get changed in LDAP responces. I
wasn't entirely convinced in the fact, until you got the same results...

Anyway, they are going to migrate from their old server. They are
considering OpenLDAPv2. And here goes a question to the core OpenLDAP
developers:

At a national level, there is a need to build an LDAP server containing
lots (hundreds) of referrals to organisation LDAP servers. We consider
such a server for browsing purposes (one-level search) only. Now, if a
client sends a one level search request, it will get lots (hundreds) of
referrals. It can choke on them easily. The idea is to keep cached
entries along with ref entries. What is needed here is the ability to
switch the request to DSA IT control mode automatically for every
one-level request, even if the client hasn't asked about it.
The patch for it is quite easy. The question is: would it be possible to
add this as a standard server's behaviour (switched by a configuration
directive)?

Regards,
    Konstantin.

--
          * *        Konstantin Chuguev - Application Engineer
       *      *              Francis House, 112 Hills Road
     *                       Cambridge CB2 1PQ, United Kingdom
 D  A  N  T  E       WWW:    http://www.dante.net

P.S. Michael, could you try ldap.nameflow.net (root NC) for your
referral testing.