[Date Prev][Date Next]
Re: referrals in use
On 07/29, Pierangelo Masarati wrote:
> Csillag Tamas wrote:
> >I use openldap for a while, but I stuck with getting referrals to
> >I have to suffixes:
> >I store them in two diffent databases (yes I want to store them that way
> >if possible).
> >Several applications e.g. the mailserver need both databases.
> >I thought that referrals is the solution to my problem so I created
> >and created referrals:
> >root@host:/service/slapd # ldapsearch -v -x -b 'dc=top' ''
> >ldap_initialize( <DEFAULT> )
> >filter: (objectclass=*)
> ># extended LDIF
> ># LDAPv3
> ># base <dc=top> with scope subtree
> ># filter: (objectclass=*)
> ># requesting:
> ># top
> >dn: dc=top
> ># search reference
> >ref: ldap://ldap.itk.ppke.hu/dc=mkpk,dc=hu??sub
> ># search reference
> >ref: ldap://ldap.itk.ppke.hu/dc=itk,dc=ppke??sub
> ># search result
> >search: 2
> >result: 0 Success
> ># numResponses: 4
> ># numEntries: 1
> ># numReferences: 2
> >Now how can I issue searches which search under both tree?
> >ldapsearch -a always -v -x -b 'dc=top' '' returns the same answer.
> >ldapsearch -a always -v -x -b 'dc=top' 'uid=cstamas'
> >returns the "plain" referrals while (see above)
> >ldapsearch -v -x -b 'dc=mkpk,dc=hu' 'uid=cstamas'
> >returns the desired answer.
> >Am I wrong here? what I'm missing?
> >"-a always" is not the right knob?
> man ldapsearch(1) will tell you that "-a" has nothing to do with
> referrals, like any of the remaining switches. For the purpose you're
> trying to achieve, referrals might not be the best solution, because you
> delegate referral chasing to the client. OpenLDAP's ldapsearch(1), for
> example, doesn't chase referrals automatically; you need to add the
> (undocumented) "-C" switch.
After sending my first mail I found out that. (But did not know about
the -C switch.) See my second mail which did not arrived yet. :-(
> Many other clients (including, possibly,
> your mail-related application) will behave similarly, so you're better
> off pursuing a different solution. See "subordinate" in slapd.conf(5),
> for example.
Subordinate needs a common prefix for the two databases, do they?
(If I understand correctly.)
That's what I was trying to avoid, with referrals. I'm ready to go the
way you suggest just want to make sure what and how to do it correctly.
dc=itk,dc=ppke is in production, dc=mkpk,dc=hu is a new suffix, I do not
want to make big changes in dc=itk,dc=ppke, but can move dc=mkpk,dc=hu
So I need to create a dc=ppke root element to create a common root
prefix. Then create dc=mkpk,dc=ppke and set the subordinate flag for
this database. Both must have a same rootdn.
If I start a search against dc=ppke I can search both databases.
Please correct me if I wrong.
Thanks for your time.
For the archive: Postfix knows how to chase referrals, Courier and
Dovecot do not. As LDAP_OPT_REFERRALS is in the API it is not hard to
Radioactive cats have 18 half-lives.
CSILLAG Tamas (cstamas) - http://digitus.itk.ppke.hu/~cstamas