[Date Prev][Date Next]
Re: A New Question about Referrals.
At 03:26 PM 2001-09-05, Mark Diggory wrote:
>When OpenLDAP (2.0.11) returns a continuation reference for a referral. Should that reference be transformed acording to the dn that was originally searched for?
>I'm trying to get the attributes of the dn <ldap://server1/ou=aaa,ou=bbb,o=ccc>ldap://server1/ou=aaa,ou=bbb,o=ccc where <ldap://server1/ou=bbb,o=ccc>ldap://server1/ou=bbb,o=ccc is a referral entry to <ldap://server2/ou=xxx,o=yyy>ldap://server2/ou=xxx,o=yyy
>Now <ldap://server2/ou=aaa,ou=xxx,o=yyy>ldap://server2/ou=aaa,ou=xxx,o=yyy is the actual entry that has the attributes I want and it is on server 2.
>Should server one transform the continuation reference gotten from the referral <ldap://server1/ou=bbb,o=ccc>l<ldap://server2/ou=xxx,o=yyy>dap://server2/ou=xxx,o=yyy<ldap://server1/ou=bbb,o=ccc> so that the client following the cont. ref. tries to go to <ldap://server2/ou=aaa,ou=xxx,o=yyy>ldap://server2/ou=aaa,ou=xxx,o=yyy and not to <ldap://server2/ou=xxx,o=yyy>ldap://server2/ou=xxx,o=yyy to get the attributes.
>The behavior of Sun's JNDI and LDAP service provider suggests that this is the job of the server to do this.
>Yet, I'm looking for something in the LDAP v3 spec that suggests this. Does anyone have any references?
RFC 2251 details the syntax and semantics of a referral result
and a search reference. It, however, does not detail how subordinate
and other knowledge is actually held in the directory. This was
left to future specifications.
OpenLDAP 2.0 implements an earlier version of the named ref I-D,
a work in progress:
Named Subordinate References in LDAP Directories
2.0 code needs to be updated here and there based upon latest
IIRC, most namedref revisions requires the server to rewrite
the DN as clearly the client should not.
Of course, if you are actually using LDAPv2++ referrals, things
gets quite messy. Your mileage may vary here.