[Date Prev][Date Next]
Re: How to make binding on downward referral possible.
I am through my requirement with only slapd-ldap.
If you know how your client should rebind, I suggest you write your own
tool, or modify OpenLDAP's, to work according to your needs. Otherwise,
if you want the server to do that for you, i.e. no referral gets back to
the client, but the server directly chases the referral, you need to use
the slapo-chain(5) overlay (OpenLDAP 2.3 and above). In that case,
look at the idassert directive of the underlying slapd-ldap(5), you can
also define very effective rebind strategies.
That tool is not so easy to use and configure; I suggest you read very
carefully the documentation you've been pointed to, and you play with
related tests (test007, test018, test032) and the configuration they use
before you try to setup your own system.
Ie my backend ldap is forwarding the bind request to the other server
and authenticating the user with out the slapo-chain.
So what else slapo-chain do more ?.
Also the man page of slapo-chain says: <sniped >It is useless in
conjunction with the slapd-ldap and
slapd-meta backends because they already exploit the
specific referral chase feature. [Note: this may change
future, as the ldap(5) and meta(5) backends might no
chase referrals on their own.
Is it going to change in future release ?