[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Referrals and ACL

To: Jochen Witte <devnull@alpha-lab.net>
Subject: Re: Referrals and ACL
From: Pierangelo Masarati <ando@sys-net.it>
Date: Tue, 22 Mar 2005 14:37:12 +0100
Cc: openldap-software@OpenLDAP.org
In-reply-to: <1111496543.4792.21.camel@localhost.localdomain>
References: <1111496543.4792.21.camel@localhost.localdomain>
User-agent: Mozilla Thunderbird 1.0 (X11/20041206)

Jochen Witte wrote:

Hello,

I try to create a distributed ldap. Is it possible to bind as a user,
which is stored in a referred server, e.g.:

Server1:
--------
ou=unit1,dc=foo,dc=bar
uid=user,ou=corp1,dc=foo,dc=bar
(Subordinate info for Server2)

Server2:
--------
ou=subunit1,ou=unit1,dc=foo,dc=bar
(referral: ldap://Server1/)

I now want to use Server2 as "uid=user,ou=corp1,dc=foo,dc=bar" -- is this possible?

Yes and no. Binds cannot chase referrals (for obvious reasons); you could do something like that by adding a "chain" overlay to Server1 and use Server1 for all operations (assuming Server1 has a superior referral pointing to Server2). The chain overlay is available since 2.2, but I've never played with it. I'm pretty sure the version that comes with 2.3 behaves as described above (in some cases you may need to use the chain overlay as a global overlay, i.e. configure it at the frontend level, before any database definition).

p.


   SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

Follow-Ups:
- Re: Referrals and ACL
  - From: Howard Chu <hyc@symas.com>

References:
- Referrals and ACL
  - From: Jochen Witte <devnull@alpha-lab.net>

Prev by Date: Re: Uid with '+' sign ?
Next by Date: Re: search with negation of undefined objectClass returns nothing
Index(es):
- Chronological
- Thread