[Date Prev][Date Next]
Re: named referrals
At 09:14 AM 2002-02-12, Carl J Meyer wrote:
>Anyone have any wisdom on this one? Am I the only one trying to do this?
>I'm no openLDAP guru, so if I'm asking a dumb question here, do let me
>On Fri, 8 Feb 2002, Carl J Meyer wrote:
>> I'm having trouble getting named referrals to work properly with
>> OpenLDAP 2.0.21. Our new LDAP structure uses the dc
>> naming convention, but I've read that I can use a named referral to make
>> it backward compatible with some of our clients still using the X.500
>> naming style.
You might look into suffix aliases... (I wouldn't expect a
client unable to support arbitrary naming to support
>So my backend database has both of these lines:
>> suffix "dc=example,dc=com"
>> suffix "o=Example,c=US"
>> And I added the following entry to the database:
>> dn: o=Example,c=US
>> objectclass: referral
>> objectclass: extensibleObject
>> o: Example
>> ref: ldaps://ldap.example.com/dc=example,dc=com
>> Now, according to my reading of the namedref Internet Draft, the
>> server should be smart enough
Per namedref, that URI should be returned "as is" as it
is not an LDAP URL. Handling of ldaps:// is not well
defined (and likely will never be as its implementation
and use is deprecated in favor of Start TLS).
If you were using ldap:// instead, it should work... but
as 2.0 was designed against a much earlier version of
namedref and has a few bugs, so it doesn't. See outstanding
ITS for details <http://www.openldap.org/its/>.