[Date Prev][Date Next] [Chronological] [Thread] [Top]

named referrals

I'm having trouble getting named referrals to work properly with
OpenLDAP 2.0.21.  Our new LDAP structure uses the dc
naming convention, but I've read that I can use a named referral to make
it backward compatible with some of our clients still using the X.500
naming style.  So my backend database has both of these lines:

suffix	"dc=example,dc=com"
suffix	"o=Example,c=US"

And I added the following entry to the database:

dn: o=Example,c=US
objectclass: referral
objectclass: extensibleObject
o: Example
ref: ldaps://ldap.example.com/dc=example,dc=com

Now, according to my reading of the namedref Internet Draft, the
server should be smart enough that if it gets a request to
search ou=users,o=Example,c=US with a scope of 'one' (for example) it
should return a reference that looks like


When I test it, my clients do get referred
to dc=example,dc=com - but the referral doesn't carry the rest
of the context info.  The clients (I'm testing with both ldapsearch on the
command line and pam_ldap on my linux box) just get a referral
that looks like


and then obviously they go searching in the wrong place in the hierarchy
when they follow the ref.

Anybody run into this?  What's causing this behavior, and how can I fix it?

TIA for any help.