[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Automatic referral chasing



<quote who="Pierangelo Masarati">
> Gavin Henry wrote:
>
>>>> I will add the 'chain-return-error TRUE' as soon as it is available
>>>> in the current 2.3 'stable' release ;-)
>>> It's there since 2.3.33; only the man page slipped thru, sorry.
>>> Probably because man page updates were not considered a priority in
>>> re23
>>> as it's feature frozen, while this was indeed a new feature.
>>>
>>
>> Latest version of docs, with Jim's FAQ added:
>>
>>       http://suretec.org/our_docs/overlays.html#Chaining
>
> Thanks Gavin.  Quick note: probably in this case
> chain-idassert-authzFrom "*" is not appropriate, because the consumer
> should only return referrals on write, and the above statement would
> allow to chain anonymous modifications, which the provider will likely
> reject.  Although this does not break security or anything like that, it
> seems to add a needless round trip for a definitely incorrect operation,
> unless someone explicitly allows anonymous modifications.  I wouldn't
> put this in a (basic) example, though.

Removed and link above updated.

>
> p.
>
>
>
> Ing. Pierangelo Masarati
> OpenLDAP Core Team
>
> SysNet s.r.l.
> via Dossi, 8 - 27100 Pavia - ITALIA
> http://www.sys-net.it
> ---------------------------------------
> Office:  +39 02 23998309
> Mobile:  +39 333 4963172
> Email:   pierangelo.masarati@sys-net.it
> ---------------------------------------
>
>
>