[Date Prev][Date Next]
Re: difference between referral, glue and chain
In referral chasing, it's up to the client to use appropriate
credentials in authenticating to each server it contacts.
Nothing in LDAP nor slapd(8) controls the client behavior.
If you want the client to use different credentials at each
server, then you need to configure/code the client to do
that (few off-the-shelf clients will support this).
If you want the client to use the same credentials at
each server, you need to configure each server such that
those credentials are valid. There are a number of ways
to do this, such as replicating the credentials (e.g., syncrepl),
or chaining authentication requests (e.g., back-ldap/meta).
Or, you can avoid client referral chasing by configuring
(e.g., back-ldap/chain overlay) the servers to chain the
requests on behalf of the client instead.
At 08:04 AM 1/10/2006, Eudes LEDUCQ wrote:
>My question is simply. I have two openLdap directories A et B both
>with an Berkeley DB. There are strictly different. I have a subtree in
>the second directory what I want to add to the second directory.
>I know that it's possible to create a referral link between the two
>directories. But when I use a referral link , It's need what the user
>use to connect be on the both directories, like
>cn=Manager,dc=monAnnuaire,dc=fr (A) and cn=Manager,dc=monAnnuaire,dc=fr
>But it's not my case. I have cn=Manager,dc=monAnnuaire,dc=fr (A) and
>I have a problem with the user not found. I need to re entrer the
>second user manually (and refeeral work fine). So I search an over way
>to link my two directories without need to re entrer user/password.
>it seam to be possible to chain openLdap directories or glue ?
>is some one can explain me in what chain or glue consist of ? and how
>I can do it with openLdap ?