RE: referrals

["Howard Chu" <hyc@highlandsun.com>]

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Igor Brezac

> Is it possible for a slave(replica) slapd server to chase referrals?
> This was not possible in 2.1, but I was wondering if this can be done in
> 2.2.  I would like for an ldap client to be able to send modify/add
> queries to slave slapd servers which in turn update the master.

Yes, if you build slapd with back-ldap you can configure a chaining overlay
that will chase referrals.

	database bdb
	suffix o=foo
	<back-bdb config directives>
	updateref ldap://master
	overlay chain
	back-ldap config directives:
	uri ldap://master
	binddn ...
	bindpw ...

Note that since back-ldap only knows how to deal with a single target URI,
(unlike back-meta, which handles multiple targets) this will only work if all
your referrals point to the same server. At some point we'll overhaul
back-ldap and add multiple target functionality to it...

There is no documentation for this feature yet, the code is probably not in
its final form.  At present, the way it works is by opening a session to the
remote server, binding with the binddn/bindpw, and executing the operation
with a proxyAuthz control set to the original user's DN. No DN mapping is
performed on the user's DN - in this context, the master and slave server are
supposed to have identical DITs so mapping should not be needed. Obviously
the binddn must have proxy privileges on the master server.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support