[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: referrals in use

On 07/29, Pierangelo Masarati wrote:
> Csillag Tamas wrote:
> >I use openldap for a while, but I stuck with getting referrals to
> >work.
> >
> >I have to suffixes:
> >dc=mkpk,dc=hu
> >dc=itk,ppke
> >
> >I store them in two diffent databases (yes I want to store them that way
> >if possible).
> >Several applications e.g. the mailserver need both databases.
> >
> >I thought that referrals is the solution to my problem so I created
> >dc=top
> >and created referrals:
> >root@host:/service/slapd # ldapsearch -v -x -b 'dc=top' ''
> >ldap_initialize( <DEFAULT> )
> >filter: (objectclass=*)
> >requesting:
> ># extended LDIF
> >#
> ># LDAPv3
> ># base <dc=top> with scope subtree
> ># filter: (objectclass=*)
> ># requesting:
> >#
> >
> ># top
> >dn: dc=top
> >
> ># search reference
> >ref: ldap://ldap.itk.ppke.hu/dc=mkpk,dc=hu??sub
> >
> ># search reference
> >ref: ldap://ldap.itk.ppke.hu/dc=itk,dc=ppke??sub
> >
> ># search result
> >search: 2
> >result: 0 Success
> >
> ># numResponses: 4
> ># numEntries: 1
> ># numReferences: 2
> >
> >Now how can I issue searches which search under both tree?
> >
> >ldapsearch -a always -v -x -b 'dc=top' '' returns the same answer.
> >
> >ldapsearch -a always -v -x -b 'dc=top' 'uid=cstamas'
> >returns the "plain" referrals while (see above)
> >ldapsearch -v -x -b 'dc=mkpk,dc=hu' 'uid=cstamas'
> >returns the desired answer.
> >
> >Am I wrong here? what I'm missing?
> >"-a always" is not the right knob?
> >  
> man ldapsearch(1) will tell you that "-a" has nothing to do with 
> referrals, like any of the remaining switches.  For the purpose you're 
> trying to achieve, referrals might not be the best solution, because you 
> delegate referral chasing to the client.  OpenLDAP's ldapsearch(1), for 
> example, doesn't chase referrals automatically; you need to add the 
> (undocumented) "-C" switch.

After sending my first mail I found out that. (But did not know about
the -C switch.) See my second mail which did not arrived yet. :-(

> Many other clients (including, possibly, 
> your mail-related application) will behave similarly, so you're better 
> off pursuing a different solution.  See "subordinate" in slapd.conf(5), 
> for example.
Subordinate needs a common prefix for the two databases, do they?
(If I understand correctly.)
That's what I was trying to avoid, with referrals.  I'm ready to go the
way you suggest just want to make sure what and how to do it correctly.
dc=itk,dc=ppke is in production, dc=mkpk,dc=hu is a new suffix, I do not
want to make big changes in dc=itk,dc=ppke, but can move dc=mkpk,dc=hu
to dc=mkpk,dc=ppke.

So I need to create a dc=ppke root element to create a common root
prefix. Then create dc=mkpk,dc=ppke and set the subordinate flag for
this database. Both must have a same rootdn.
If I start a search against dc=ppke I can search both databases.
Please correct me if I wrong.

Thanks for your time.


For the archive: Postfix knows how to chase referrals, Courier and
Dovecot do not.  As LDAP_OPT_REFERRALS is in the API it is not hard to
Radioactive cats have 18 half-lives.

CSILLAG Tamas (cstamas) - http://digitus.itk.ppke.hu/~cstamas