Authenticating with distributed tree(?)

[James Yale <james.yale@cyberadmin.org>]

Hi,

I'm not sure if what I'm doing is even possible (if it isn't, it would 
explain why it doesn't work) so I'm after an idea if I have any chance 
of succeeding as much as a solution.

I've got a distributed ldap tree running on 3 servers, with different 
parts of the tree as bases on different servers, and referrals pointing 
up to superior servers and references down to lower parts of the tree, 
to clarify, a low level dn looks like this:

dc=wildern,dc=hants,dc=sch,dc=uk

Where server 3 holds has a base of: dc=wildern,dc=hants,dc=sch,dc=uk - 
and refers up to server 2..

Server 2 has a base of dc=hants,dc=sch,dc=uk - and refers up to server 
1, and has an entry for dc=wildern as a reference.

Server 1 has a base of dc=sch,dc=uk - is the top level server, and has a 
reference entry for dc=hants.


I've setup a user on cn=administrator,dc=sch,dc=uk and set the user up 
with privileges via acls in all the slapd.conf(s) on the various servers 
so the user has write access to everything. If I bind to server one with 
cn=administrator,dc=sch,dc=uk I get write access with no problems, 
however, the problem comes in when I try to bind to one of the servers 
lower down the tree with the same credentials - it doesn't work at all - 
I thought it should refer the query upward, or, (more likely) have I got 
the entirely wrong idea here?

Thanks for any ideas,


Cheers, Jim.