[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Rép. : Re: Question about 'Chain' openLdap directory



Hi,
 
there is no way to specify the user and login to use to follow a
referral when I create a referral link ?
 
thx

>>> "Pierangelo Masarati" <ando@sys-net.it> 01/06 10:33  >>>
> Hi,
>
> For my test I have created two openLdap with the same base structure
>
> Server one:
> dc=XX,dc=YY
> cn=Manager,dc=XX,dc=YY
> o=service1
>
> Server two:
> dc=XX,dc=YY
> cn=Manager,dc=XX,dc=YY
> o=service2
>
> but they not contened the same datas.
>
> i have created a referral link between server 1 or server 2. it's
work
> fine.
>
> Now I have a third server like:
> o=XX
> ou=Admin,o=XX
> cn=Manager,ou=Admin,o=XX
>
> So I'm not able to make a referral link between server1 and server 3
>
> so I want to chain the two directories.
>
> is it possible ?

Yes.

In the first and in the second one, before any database, add

referral ldap://server3

in the third, add

referral ldap://server1

or

referral ldap://server2

or even both:

referral ldap://server1
referral ldap://server2

under the assumption your client can survive multiple referrals, and
it
can handle sequences of referrals (e.g. when searching server3 with the
DN
"o=service2,dc=XX,dcYY", it will return a referral to server1, which,
on
turn, will return a referral to server2).

However, if your client is configured to rebind with the same user to
chase referrals, there is no common user in the three referrals.  This
makes sense, and I don't see an obvious way of solving this.  It's
your
client that, upon receiving a referral, should determine if it knows
any
identity that can be used to chase it (based on the host name, the
requestDN and so) or, as a failover, prompt the user for one.

Since your client is not distributed by OpenLDAP, and since I'm not
familiar with it, I can't provide further help.  OpenLDAP tools do not
provide any of these features, as far as I know.

p.



Ing. Pierangelo Masarati
Responsabile Open Solution
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it 
------------------------------------------
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it 
------------------------------------------