[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Referrals and Chasing Them

To: Hartman Joona <hartmanj@cs.tut.fi>
Subject: Re: Referrals and Chasing Them
From: jsanchez@OpenLDAP.org (Julio Sánchez Fernández)
Date: Wed, 28 Nov 2001 18:56:50 +0100
Cc: <OpenLDAP-software@OpenLDAP.org>
In-reply-to: <Pine.SOL.4.30.0111281228030.28505-100000@naakka.cs.tut.fi> (Hartman Joona's message of "Wed, 28 Nov 2001 13:00:16 +0200 (EET)")
Organization: OpenLDAP
References: <Pine.SOL.4.30.0111281228030.28505-100000@naakka.cs.tut.fi>
User-agent: Gnus/5.090004 (Oort Gnus v0.04) Emacs/21.1

Hartman Joona <hartmanj@cs.tut.fi> writes:

> Is it the library or the server?

The library does, if you set option LDAP_OPT_REFERRALS like this:

	ldap_set_option( ld, LDAP_OPT_REFERRALS, LDAP_OPT_ON );

If the server does it, it is usually called "chaining" instead of
"chasing".

> And how does binding work? Does it use the same name and password?

Essentially yes.  We used to have a rebind callback that would be
called when needed to provide the new credential.  I think we no
longer have it and it was very fragile and dangerous.

In a nutshell, you should setup everything so that it does not matter:
only anonymous binds or portable authentication methods such as TLS
client-side certificates or GSSAPI/Kerberos.

> And if I use the rootdn, must the rootdn be the same in the serverB?

Unsure about this, can someone answer this?

Hope this helps,

Julio

Follow-Ups:
- Re: Referrals and Chasing Them
  - From: Stig Venaas <Stig@OpenLDAP.org>

References:
- Referrals and Chasing Them
  - From: Hartman Joona <hartmanj@cs.tut.fi>

Prev by Date: Re: still seeing slow downs on group searching
Next by Date: Re: LDAP authentication from Windows (newbie questions)
Index(es):
- Chronological
- Thread