[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP Referrals

To: "Hallvard B Furuseth" <h.b.furuseth@usit.uio.no>
Subject: Re: OpenLDAP Referrals
From: "Mack Jenkins" <mack.jenkins@gmail.com>
Date: Mon, 25 Feb 2008 14:40:16 -0500
Cc: openldap-software@openldap.org
Content-disposition: inline
In-reply-to: <hbf.20080222upss@bombur.uio.no>
References: <C88795AF-B702-4AD7-BA1D-A182EFD2AADC@gmail.com> <hbf.20080222upss@bombur.uio.no>

What I am trying to do is this.  When my OpenLDAP server is queried
for authentication, if the user id and password are not local to my
OpenLDAP server, but they do exist on another OpenLDAP server, I want
my OpenLDAP server to tell the application that sent the log in
request, to go to that other OpenLDAP server for authentication.  I am
hoping this can be done automatically without the user having to make
another login attempt.

Here is what I have in my slapd.conf file.  What what I have found, I
thought this would work, but the applicaiton trying to log in, is not
being passed off to the other OpenLDAP server.

database        bdb
suffix          "dc=ilsvpn,dc=ibm,dc=com"
rootdn          "cn=anubis,dc=ilsvpn,dc=ibm,dc=com"
rootpw          stuff here
directory       /var/lib/ldap/ilsvpn
mode            0600

dn: ou=bluepages,o=ibm.com
objectClass: referral
ref: ldaps://bluepages.ibm.com/ou=bluepages,o=ibm.com

Mack

On Fri, Feb 22, 2008 at 1:00 PM, Hallvard B Furuseth
<h.b.furuseth@usit.uio.no> wrote:
>
> Mack J. Jenkins, II writes:
>  > Does anyone have a good starting point for OpenLDAP and referrals?  I
>  > think I have it working, but I'm not 100% sure, and would like to know
>  > if I am on the right path.
>
>  If you mean to put referral objects in the directory: RFC 3296.
>  In your referral objects, don't use a different DN in the 'ref'
>  attribute than the referral object's DN.
>
>  If you want the server to follow the referrals instead of sending them
>  to the client, see man slapo-chain.
>
>  Unless you just mean the 'referral' directive described in man
>  slapd.conf - referrals for requests outside your "suffix" in slapd.conf.
>
>  --
>  Hallvard
>

-- 
Our mission is to go back, go back and educate those that are coming
behind us.  For is it our responsibility to make sure that they are
adequately prepared.  For those of you that it applies to, you know
who you are.  Those that it does not apply to, it should.

Mack J. Jenkins, II - 1996
http://www.amazon.com/gp/registry/wishlist/EQT97572P54V/

Follow-Ups:
- Re: OpenLDAP Referrals
  - From: Pierangelo Masarati <ando@sys-net.it>
- Re: OpenLDAP Referrals
  - From: "Dieter Kluenter" <dieter@dkluenter.de>

References:
- OpenLDAP Referrals
  - From: "Mack J. Jenkins, II" <mack.jenkins@gmail.com>
- Re: OpenLDAP Referrals
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: Re: gosa+samba3.schema and slapd.d-configuration-conversion
Next by Date: Re: OpenLDAP Referrals
Index(es):
- Chronological
- Thread