[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5752) ldapadd/ldapmodify do not follow referrals

That's by design.  Since following referrals non-anonymously is 
inherently unsafe, automatically chasing referrals implies allowing the 
user to either (a) acknowledge automatic chasing based on the referral's 
value, or (b) be prompted for the correct credentials.  I don't see too 
much difference between this and requiring the user to manually chase 

The right solution to your problem consists in configuring your slapd 
with slapo-chain(5) in order to delegate referral chasing to the DSA. 
In that case, automatic chasing would be performed within a well-agreed 
authentication/authorization pattern, and the client wouldn't even know 
a referral was returned.

I'd consider this ITS closed, unless you intend to provide a patch that 
(optionally) implements (a) and (b) above.


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Fax:     +39 0382 476497
Email:   ando@sys-net.it