[Date Prev][Date Next]
Re: OpenLDAP v3 and Referrals
Chaging the suffix doesn't work better.
the answer is in a great document i found here :
with LDAPv3, clients using simple or "plain text" bind can't chase referrals.
So i have to use OpenLDAP with a "strong" authentication mechanism.
As i don't really want to set up a complex SASL + kerberosV ... i have to use LDAPv2 :((
However, i'm asking if setting up "SASL+PAM" will be easier than SASL + kerberos
and if "SASL+PAM" bind method is sufficient to allow automatic chasing ...
Concerning the DEREF directive, you're right. This deals with ALIAS and not REFERRALS.
> > slapd.conf file looks like this on each server :
> I think the suffix for server B should be:
> suffix: o=subtree,o=top
> Another question:
> DEREF always
> only has to do with aliases, and NOT with referrals, is my
> understanding correct ?