[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: referals in use

Csillag Tamas wrote:
I use openldap for a while, but I stuck with getting referrals to

I have to suffixes:

I store them in two diffent databases (yes I want to store them that way
if possible).
Several applications e.g. the mailserver need both databases.

I thought that referals is the solution to my problem so I created
and created referals:
root@host:/service/slapd # ldapsearch -v -x -b 'dc=top' ''
ldap_initialize( <DEFAULT> )
filter: (objectclass=*)
# extended LDIF
# LDAPv3
# base <dc=top> with scope subtree
# filter: (objectclass=*)
# requesting:

# top
dn: dc=top

# search reference
ref: ldap://ldap.itk.ppke.hu/dc=mkpk,dc=hu??sub

# search reference
ref: ldap://ldap.itk.ppke.hu/dc=itk,dc=ppke??sub

# search result
search: 2
result: 0 Success

# numResponses: 4
# numEntries: 1
# numReferences: 2

Now how can I issue searches which search under both tree?

ldapsearch -a always -v -x -b 'dc=top' '' returns the same answer.

ldapsearch -a always -v -x -b 'dc=top' 'uid=cstamas'
returns the "plain" referals while (see above)
ldapsearch -v -x -b 'dc=mkpk,dc=hu' 'uid=cstamas'
returns the desired answer.

Am I wrong here? what I'm missing?
"-a always" is not the right knob?
man ldapsearch(1) will tell you that "-a" has nothing to do with referrals, like any of the remaining switches. For the purpose you're trying to achieve, referrals might not be the best solution, because you delegate referral chasing to the client. OpenLDAP's ldapsearch(1), for example, doesn't chase referrals automatically; you need to add the (undocumented) "-C" switch. Many other clients (including, possibly, your mail-related application) will behave similarly, so you're better off pursuing a different solution. See "subordinate" in slapd.conf(5), for example.


Ing. Pierangelo Masarati
Responsabile Open Solution
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
Office: +39.02.23998309 Mobile: +39.333.4963172
Email: pierangelo.masarati@sys-net.it