5.1. Named reference ...
If the ref attribute is multi-valued all the DNs in the values of the ref attribute SHOULD have the same value.
Why this restriction? Also, this implies that the host or
port field (or both) of the attribute must differ (to avoid duplicate values);
perhaps that should be spelled out (if the restriction is not removed altogether).
If the type of operation requested is not a search and the URI contained in the ref attribute of the requested target object is an LDAP URI [RFC2255], the server should return a modified form of this URL. The returned URL must have only the protocol, host, port, and trailing "/" portion of the URL contained in the ref attribute. The server should strip any dn, attributes, scope, and filter parts of the URL.
Example: If the client issues a modify request for the target object of "o=abc,c=us", server A will return ModifyResponse "referral" { ldap://hostB/ ldap://hostC/ }
That complicates things for the client. Shouldn't the URI be rewritten to fully qualify the referred-to entry in this case? So:
ModifyResponse "referral"
{
ldap://hostB/o=abc,c=us
ldap://hostC/o=abc,c=us
}
...If a client requests an operation for which the base or target object is not held by the server, but is subordinate to one or more objects with a ref attribute held by the server, the server must return the referral from the superior held object nearest to the requested base or target object. Nearest superior object with a referral, in this document, means an object superior to the base or target object with the DN that has the most attribute values in common with the DN of the base or target object and contains a ref attribute.
If the client issues an add request where the target object has a DN of "cn=Chris Lukas,o=abc,c=us", server A will return AddResponse "referral" { ldap://hostB/ ldap://hostC/ }
Same thing here. Shouldn't the server return:
AddResponse "referral" {
ldap://hostB/cn=Chris
Lukas,o=abc,c=us
ldap://hostC/cn=Chris
Lukas,o=abc,c=us
}
???
Rob
Internet-Drafts@ietf.org wrote:
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the LDAP Extension Working Group of the IETF.Title : Named Referrals in LDAP Directories
Author(s) : C. Lukas, T. Howes, M. Roszkowski, M. Smith, M. Wahl
Filename : draft-ietf-ldapext-namedref-00.txt
Pages : 13
Date : 09-Jun-99This document defines a 'ref' attribute and associated 'referral' object
class for representing generic knowledge information in LDAP directories
[RFC2251]. The attribute uses URIs [RFC1738] to represent knowledge,
enabling LDAP and non-LDAP services alike to be referenced. The object
class can be used to construct entries in an LDAP directory containing
references to other directories or services. This document also defines
procedures directory servers should follow when supporting these schema
elements and when responding to requests for which the directory server
does not contain the requested object but may contain some knowledge of
the location of the requested object.A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-ldapext-namedref-00.txtInternet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
"get draft-ietf-ldapext-namedref-00.txt".A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txtInternet-Drafts can also be obtained by e-mail.
Send a message to:
mailserv@ietf.org.
In the body type:
"FILE /internet-drafts/draft-ietf-ldapext-namedref-00.txt".NOTE: The mail server at ietf.org can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.----------------------------------------------------------------------
Content-Type: text/plain
Content-ID: <19990609121212.I-D@ietf.org>