[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to make binding on downward referral possible.

If you know how your client should rebind, I suggest you write your own
tool, or modify OpenLDAP's, to work according to your needs. Otherwise,
if you want the server to do that for you, i.e. no referral gets back to
the client, but the server directly chases the referral, you need to use
the slapo-chain(5) overlay (OpenLDAP 2.3 and above). In that case, if you
look at the idassert directive of the underlying slapd-ldap(5), you can
also define very effective rebind strategies.

That tool is not so easy to use and configure; I suggest you read very
carefully the documentation you've been pointed to, and you play with the
related tests (test007, test018, test032) and the configuration they use
before you try to setup your own system.

I am through my requirement with only slapd-ldap.
Ie my backend ldap is forwarding the bind request to the other server
and authenticating the user with out the slapo-chain.
So what else slapo-chain do more ?.
Also the man page of slapo-chain says: <sniped >It is useless in conjunction with the slapd-ldap and
slapd-meta backends because they already exploit the libldap
specific referral chase feature. [Note: this may change in the
future, as the ldap(5) and meta(5) backends might no longer
chase referrals on their own.
Is it going to change in future release ?