[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Automatic referral chasing

To: Gavin Henry <ghenry@suretecsystems.com>
Subject: Re: Automatic referral chasing
From: Pierangelo Masarati <ando@sys-net.it>
Date: Thu, 06 Sep 2007 21:33:20 +0200
Cc: openldap-software@openldap.org, Jim Schultz <james.schultz@gwl.com>
In-reply-to: <49168.212.159.59.85.1189106615.squirrel@webmail.suretecsystems.com>
References: <46DCF836.3070403@tedata.net> <20070906155814.GA8537@is-triton.gwl.com> <46E02BE6.4070708@sys-net.it> <20070906175739.GA11145@is-triton.gwl.com> <46E0449B.5040807@sys-net.it> <49168.212.159.59.85.1189106615.squirrel@webmail.suretecsystems.com>
User-agent: Mail/News 1.5.0.8 (X11/20061210)

Gavin Henry wrote:

>>> I will add the 'chain-return-error TRUE' as soon as it is available
>>> in the current 2.3 'stable' release ;-)
>> It's there since 2.3.33; only the man page slipped thru, sorry.
>> Probably because man page updates were not considered a priority in re23
>> as it's feature frozen, while this was indeed a new feature.
>>
> 
> Latest version of docs, with Jim's FAQ added:
> 
>       http://suretec.org/our_docs/overlays.html#Chaining

Thanks Gavin.  Quick note: probably in this case
chain-idassert-authzFrom "*" is not appropriate, because the consumer
should only return referrals on write, and the above statement would
allow to chain anonymous modifications, which the provider will likely
reject.  Although this does not break security or anything like that, it
seems to add a needless round trip for a definitely incorrect operation,
unless someone explicitly allows anonymous modifications.  I wouldn't
put this in a (basic) example, though.

p.

Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it
---------------------------------------

Follow-Ups:
- Re: Automatic referral chasing
  - From: "Gavin Henry" <ghenry@suretecsystems.com>

References:
- Automatic referral chasing
  - From: "Taymour A. El Erian" <taymour.elerian@tedata.net>
- Re: Automatic referral chasing
  - From: Jim Schultz <james.schultz@gwl.com>
- Re: Automatic referral chasing
  - From: Pierangelo Masarati <ando@sys-net.it>
- Re: Automatic referral chasing
  - From: Jim Schultz <james.schultz@gwl.com>
- Re: Automatic referral chasing
  - From: Pierangelo Masarati <ando@sys-net.it>
- Re: Automatic referral chasing
  - From: "Gavin Henry" <ghenry@suretecsystems.com>

Prev by Date: Re: Automatic referral chasing
Next by Date: Re: Automatic referral chasing
Index(es):
- Chronological
- Thread