[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Multiple search bases against iPlanet LDAP for Apache 2
There's a difference between referrals and continuation references. OpenLDAP
supports both when you're using LDAPv3. If mod_auth_ldap is not explicitly
setting the protocol to version 3 then you only get referral support.
It sounds to me like mod_auth_ldap needs to be patched.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Nigel Cole
> Sent: Tuesday, October 08, 2002 4:46 AM
> To: OpenLDAP-software@OpenLDAP.org
> Subject: Multiple search bases against iPlanet LDAP for Apache 2
>
>
> What is the recommended way of searching multiple search bases?
>
> Situation: I run an Apache web server that authenticates against an
> iPlanet directory server holding several disjoint search bases (c=gb,
> c=de, etc). The server also has a single search base that
> also acts as a
> referrer for the others; unfortunately, this doesn't work
> with OpenLDAP,
> because the bases are disjoint and OpenLDAP expects referrals to be
> across identical databases (which is what the RFC says). I believe the
> iPlanet server is running LDAP v3, but I don't have access to its
> configuration and I'm unlikely to be able to get any changes
> made to it.
>
> I currently use a heavily-modified mod_ldap to search each search base
> in turn. However, I'd like to move to Apache 2 and use its
> mod_auth_ldap, which only uses a single search base. Is there
> any way of
> searching multiple disjoint search bases from a single search base?
>
> (I've asked this on the Apache users mailing list, but they
> suggested I
> ask here instead.)
> --
> Dr. Nigel Cole
>
>