[Date Prev][Date Next] [Chronological] [Thread] [Top]

problems traversing a distributed tree

 I have built a distributed tree with the following structure:

server: mj.peelo.com:389
base: dc=peelo,dc=com

subordinate references:

ref: ldap://mj.peelo.com:391/ou=accounts,dc=peelo,dc=com
ref: ldap://mj.peelo.com:392/ou=devices,dc=peelo,dc=com
ref: ldap://mj.peelo.com:393/ou=locations,dc=peelo,dc=com

If I perform:

ldapsearch -C -H ldap://mj.peelo.com:389 -b "dc=peelo,dc=com" "cn=canon"

I receive the result:

# canon, devices, peelo, com
dn: cn=canon,ou=devices,dc=peelo,dc=com
objectClass: device
objectClass: top
cn: canon

If I perform:

ldapsearch -C -H ldap://mj.peelo.com:391 -b "dc=peelo,dc=com" "cn=canon"

I receive 0 results.

The slapd config files for all three of the subordinate trees contain
the global directive:

referral	ldap://mj.peelo.com/

So, as long as the top level tree is searched, the referrals work as
expected. The problems come when attempting to search a subordinate tree
for an entry which is in another subordinate tree.

Is it really true that OpenLDAP can not return referrals from one
subordinate to another? It would not seem to be proper to have to put
referall URLs for every other subordinate inside of each subordinate's
config file, thus defeating the purpose of referrals in the first place.