[Date Prev][Date Next] [Chronological] [Thread] [Top]

Can I bind to server with DN not on server ?

To: Openldap Software <openldap-software@OpenLDAP.org>
Subject: Can I bind to server with DN not on server ?
From: Tom Riddle <ftr@highstreetnetworks.com>
Date: Tue, 11 Nov 2003 13:18:00 -0500
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.3) Gecko/20030312

Is it possible to bind to an ldap server with a dn that is NOT in a naming context on that sever ?

For example I have 3 servers glued together with subordinate and superior referrals: server A: suffix "o=XYZ" contains ou=SFO,o=XYZ with subordinate referrals to servers B & C for ou=NYC,o=XYZ & ou=DCA,o=XYZ

server B:
suffix  "ou=NYC,o=XYZ"
superior referral to server A: referral ldap://serverA/
access to dn.children="ou=People,ou=NYC,o=XYZ"
   by dn.children="ou=People,ou=NYC,o=XYZ" write
   by dn.children="ou=People,ou=SFO,o=XYZ" write

server C:
suffix  "ou=DCA,o=XYZ"
superior referral to server A: referral ldap://serverA/
access to dn.children="ou=People,ou=DCA,o=XYZ"
   by dn.children="ou=People,ou=DCA,o=XYZ" write
   by dn.children="ou=People,ou=SFO,o=XYZ" write

Regardless of the bind method, and regardless of which server I bind to, I cannot seem to get the SFO people to see the entries on the other sites. Slapd does not seem to follow referrals when it trying to authenicate the user.

Is this even possible ? I can provide more details of course, but I have a sneaking suspicision that this is the intended behavior.

Is there a better approach ? I would prefer not to replicate the entire tree accross all sites if possible.

Thanks,
Tom

--
Tom Riddle
HighStreet Networks
www.highstreetnetworks.com

Follow-Ups:
- RE: Can I bind to server with DN not on server ?
  - From: "Howard Chu" <hyc@symas.com>

Prev by Date: Re: slapadd filching memory
Next by Date: Problems executing slapd on different box.
Index(es):
- Chronological
- Thread