[Date Prev][Date Next] [Chronological] [Thread] [Top]

Authenticating with distributed tree(?)


I'm not sure if what I'm doing is even possible (if it isn't, it would explain why it doesn't work) so I'm after an idea if I have any chance of succeeding as much as a solution.

I've got a distributed ldap tree running on 3 servers, with different parts of the tree as bases on different servers, and referrals pointing up to superior servers and references down to lower parts of the tree, to clarify, a low level dn looks like this:


Where server 3 holds has a base of: dc=wildern,dc=hants,dc=sch,dc=uk - and refers up to server 2..

Server 2 has a base of dc=hants,dc=sch,dc=uk - and refers up to server 1, and has an entry for dc=wildern as a reference.

Server 1 has a base of dc=sch,dc=uk - is the top level server, and has a reference entry for dc=hants.

I've setup a user on cn=administrator,dc=sch,dc=uk and set the user up with privileges via acls in all the slapd.conf(s) on the various servers so the user has write access to everything. If I bind to server one with cn=administrator,dc=sch,dc=uk I get write access with no problems, however, the problem comes in when I try to bind to one of the servers lower down the tree with the same credentials - it doesn't work at all - I thought it should refer the query upward, or, (more likely) have I got the entirely wrong idea here?

Thanks for any ideas,

Cheers, Jim.