[Date Prev][Date Next] [Chronological] [Thread] [Top]

'referral hop count exceeded' from Netscape Communicator 4.72 address book



This may be a bug in Netscape, but I can't be sure:

I set up a small server and created an address book entry in Netscape
that points to it.

If I set the directory to read permissions for anonymous it can search
the directory.

If I restrict permissions, and give anonymous permission to search *,
read entry, and auth on attr=userPassword, then it can still search the
directory by prompting for the email address,
doing the lookup, and binding as DN it discovers.

Enter SSL.  Use CA.pl to create a demoCA (CA.pl -newca).  Then created a
certificate request (CA.pl
-newreq).  Then signed the request myself (CA.pl -sign).  Split the
newcert.pem into servercert.pem and serverkey.pem.  Then added the
following lines into slapd.conf:

TLSCertificateFile /usr/local/etc/openldap/servercert.pem
TLSCertificateKeyFile /usr/local/etc/openldap/serverkey.pem
TLSCACertificateFile /usr/local/etc/openldap/demoCA/cacert.pem
TLSVerifyClient yes


Changed the properties to the address book to be secure, port changes to
636.  Roll back permissions to
allow anonymous read permission on everything, no login, and it can
search the directory just fine.

Last test (this phase anyway) was to secure the directory again, as I've
already demonstrated it works
without SSL, and then repeat the search.  This is the only case in which
I get "referral hop limit exceeded"
from Netscape.  Research at www.openldap.org says that this is caused by
an improper referral.  I don't have any, and nothing is mentioned in my
config file.  Furthermore, it works with anonymous/secure access.

Any solutions out there for this?

Thanks,
Randy