Re: named referrals

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 09:14 AM 2002-02-12, Carl J Meyer wrote:
>Anyone have any wisdom on this one?  Am I the only one trying to do this?
>I'm no openLDAP guru, so if I'm asking a dumb question here, do let me
>know.
>
>Carl
>
>On Fri, 8 Feb 2002, Carl J Meyer wrote:
>
>> I'm having trouble getting named referrals to work properly with
>> OpenLDAP 2.0.21.  Our new LDAP structure uses the dc
>> naming convention, but I've read that I can use a named referral to make
>> it backward compatible with some of our clients still using the X.500
>> naming style.

You might look into suffix aliases...  (I wouldn't expect a
client unable to support arbitrary naming to support
referrals correctly).

>So my backend database has both of these lines:
>> 
>> suffix        "dc=example,dc=com"
>> suffix        "o=Example,c=US"
>> 
>> And I added the following entry to the database:
>> 
>> dn: o=Example,c=US
>> objectclass: referral
>> objectclass: extensibleObject
>> o: Example
>> ref: ldaps://ldap.example.com/dc=example,dc=com
>> 
>> Now, according to my reading of the namedref Internet Draft, the
>> server should be smart enough

Per namedref, that URI should be returned "as is" as it
is not an LDAP URL.  Handling of ldaps:// is not well
defined (and likely will never be as its implementation
and use is deprecated in favor of Start TLS).

If you were using ldap:// instead, it should work... but
as 2.0 was designed against a much earlier version of
namedref and has a few bugs, so it doesn't.  See outstanding
ITS for details <http://www.openldap.org/its/>.