[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Referral LDAP URL and slash after hostport

To: michael@stroeder.com
Subject: Re: Referral LDAP URL and slash after hostport
From: Henny Bekker <Henny.Bekker@surfnet.nl>
Date: Thu, 12 Jul 2001 13:00:43 +0200
Cc: openldap-software <openldap-software@OpenLDAP.org>, Python-LDAP Development list <python-ldap-dev@lists.sourceforge.net>, Henny Bekker <Henny.Bekker@surfnet.nl>

Hi Michael,

At 12:23 12-7-2001 +0200, Michael Ströder wrote:

Konstantin Chuguev wrote:
> Hi Michael and All,
> Michael Ströder wrote:
> > When using (patched) python-ldap with OpenLDAP 2.0.x libs and I'm
> > trying to access
> > ldap://ldap.surfnet.nl/c=BE
> > I get back the referral LDAP URL
> > ldap://tor.dante.org.uk:1389??base
> >
> > That's almost ok. But the slash after hostport is missing. Is that
> > intentional? IMHO it should be
> > ldap://tor.dante.org.uk:1389/??base
>
> I had a talk with the ldap.surfnet.nl manager, Henny Bekker. There seems
> to be a bug in their directory server. Henny told me they put the
> correct data for referrals, but they get changed in LDAP responces. I
> wasn't entirely convinced in the fact, until you got the same results...
>
> Anyway, they are going to migrate from their old server. They are
> considering OpenLDAPv2.

I've uploaded the root.ldif of the DIRECT project to my local
OpenLDAP 2.0.11 as well and it seems to work right. Sorry, I did not
expect the problem to be limited to ldap.surfnet.nl. (Since OpenLDAP
2 is not able to hold a root naming context I have suffix directives
for all national referral entries in slapd.conf).

> P.S. Michael, could you try ldap.nameflow.net (root NC) for your
> referral testing.

That also seems to work quite ok with python-ldap built against
OpenLDAP 2.

True..  But how about a 'one-level search' over all the defined
countries (in the root.ldif of the DIRECT project)..  If the
server isn't doing any caching of that LDAPv3 referrals (with
should take precedence over the info defined in the entries) a
one-level search will go to the referred site to fetch the info.
Thus a one-level search for e.g. the country-names will result
into querying all referred LDAP-servers which will take to long
(certainly when a country-level LDAP-server is unavailable) and
in not scalable..
See also URL: http://www.terena.nl/libr/tech/2000/direct-fr.pdf


Cheers, Henny

---------------------------------------------------------------------
E-Mail: H.Bekker@SURFnet.nl Voice: +31 30 2305305 Fax: +31 30 2305329
Web:    http://www.surfnet.nl/surfnet/persons/henny/              o
Paper:  H.J.Bekker, SURFnet                                   _  /- _
        Po Box 19035, 3501 DA Utrecht, Nederland             (_) > (_)
----------------------------------------------------------------------

Prev by Date: How to limit the attribute length?
Next by Date: [no subject]
Index(es):
- Chronological
- Thread