[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Rép. : Re: Question about 'Chain' openLdap directory

so if i understand I need to parametre the attribute referral in
slapd.conf ?

>>> "Pierangelo Masarati" <ando@sys-net.it> 01/06 10:33  >>>
> Hi,
> For my test I have created two openLdap with the same base structure
> Server one:
> dc=XX,dc=YY
> cn=Manager,dc=XX,dc=YY
> o=service1
> Server two:
> dc=XX,dc=YY
> cn=Manager,dc=XX,dc=YY
> o=service2
> but they not contened the same datas.
> i have created a referral link between server 1 or server 2. it's
> fine.
> Now I have a third server like:
> o=XX
> ou=Admin,o=XX
> cn=Manager,ou=Admin,o=XX
> So I'm not able to make a referral link between server1 and server 3
> so I want to chain the two directories.
> is it possible ?


In the first and in the second one, before any database, add

referral ldap://server3

in the third, add

referral ldap://server1


referral ldap://server2

or even both:

referral ldap://server1
referral ldap://server2

under the assumption your client can survive multiple referrals, and
can handle sequences of referrals (e.g. when searching server3 with the
"o=service2,dc=XX,dcYY", it will return a referral to server1, which,
turn, will return a referral to server2).

However, if your client is configured to rebind with the same user to
chase referrals, there is no common user in the three referrals.  This
makes sense, and I don't see an obvious way of solving this.  It's
client that, upon receiving a referral, should determine if it knows
identity that can be used to chase it (based on the host name, the
requestDN and so) or, as a failover, prompt the user for one.

Since your client is not distributed by OpenLDAP, and since I'm not
familiar with it, I can't provide further help.  OpenLDAP tools do not
provide any of these features, as far as I know.


Ing. Pierangelo Masarati
Responsabile Open Solution
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it