Re: Referral chasing

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

An additional footnote, I suggest you get LDAPv3 referrals working
before attempting LDAPv2+ referrals/references.  LDAPv2+ have known
limitations (for example, a client cannot always distinguish the
difference between a search continuation and a search referral)
and are best not used.

At 01:25 PM 1/19/01 -0500, Mike Schiraldi wrote:
>I'm working on some code that looks up S/MIME certificates in LDAP
>databases. There are two servers, ldap.thecobblershoppe.com (which has the
>cert i'm looking up) and ldap.research.netsol.com (which knows to send out
>referrals to the other one).
>
>If i start my search at ldap.thecobblershoppe.com, it works. If i start my
>search at ldap.research.netsol.com, it doesn't. ldap_first_entry() returns
>NULL.
>
>I've looked at a TCP dump of the conversations, and when i start at
>ldap.research.netsol.com, OpenLDAP follows the referrals properly to get
>to ldap.thecobblershoppe.com, and strikes up a conversation with that
>server which matches exactly what it would have been if i had started at
>there to begin with. I can see the search entry packet, and it definitely
>contains the certificate.
>
>Any idea why OpenLDAP would ignore this packet, after going
>through the trouble of following the referrals and executing the search?
>
>To see what i'm talking about, compare
>
>ldapsearch -C -vvv -x -P2 -h ldap.thecobblershoppe.com -s sub -b
>"dc=thecobblershoppe,dc=com" "(mail=marilyn@thecobblershoppe.com)" 
>"usercertificate;binary"
>
>and the same thing but with -h ldap.research.netsol.com. The second time,
>the certificate won't be there. But look at a TCP dump, and you'll see
>that it's transmitted.
>
>Thanks for any help. If you need me, i'll be in gdb.