Full_Name: Lars Christensen Version: All OS: Solaris URL: Submission from: (NULL) (130.225.194.133) OpenLDAP (slapd) does not handle referral objects correct. RFC1777 states that "protocol servers are expected to handle referrals without resorting to the return of such referrals to the client.". OpenLDAP-1.2.10 (and earlier) DOES incorrectly return referrals to the client. Tests performed with common LDAP clients have shown that they correctly, are not able to handle referrals. Netscape (unix) treat the the returned referral as an "error" but displays the result anyway, while Unux Pine and MSIE5.0 treat it as an error are reports that "no entries were found.". The error shown in netscape and unix pine is: "Partial results and referral received (0x09)".
OpenLDAP 1.x implements LDAPv2+. That is, LDAPv2 with experimental extensions to support LDAP referrals pioneered by the U-Mich LDAP team.. These are differnet from the "referrals" meantioned in RFC 1777. RFC 1777 was referring to X.500 referrals that an LDAP->X.500 gateway might receive from DAP. If you don't like LDAPv+ referrals, do not configure your server to return them. >Tests performed with common LDAP clients have shown that they correctly, >are not able to handle referrals. Many clients handle LDAPv2+ referrals (because widely available SDKs support LDAPv2+ referrals) and those that don't should degrade nicely (and treat the v2+ referral as an unknown error). We intend fully to maintain our U-Mich LDAPv2+ support. See http://www.umich.edu/~dirsvcs/ldap/doc/other/ldap-ref.html for details on this extension.
changed notes changed state Open to Closed
See text