[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: How do I tell ldapsearch to authenticate to the referred to LDAPserver when chasing a referral?



What?

This directory protocol that so many people are using to authenticate and
provide information throughout and between their networks has no way to
perform authenticated queries across servers?



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Paul Blondé


-----Original Message-----
From: openldap-software-bounces+jpb=entel.ca@openldap.org
[mailto:openldap-software-bounces+jpb=entel.ca@openldap.org] On Behalf Of
Kurt Zeilenga
Sent: Tuesday, July 17, 2007 11:50 AM
To: Comisario, Alejandro
Cc: openldap-software@openldap.org
Subject: Re: How do I tell ldapsearch to authenticate to the referred to
LDAPserver when chasing a referral?


You cannot.  ldapsearch(1) can only chase referrals anonymously.

On Jul 17, 2007, at 7:53 AM, Comisario, Alejandro wrote:

> Hello everyone.
>
> I have an OpenLDAP 2.3.30 running on Debian Etch Stable in a DMZ,  
> managing
> external users for an application.
> But at the same time i want this openLDAP to comunicate when given  
> for a
> specific DN with another directory service on my internal network.
> The connection between the two machines passing thru the firewall is
> correct.
>
> The reference are:
> openLDAP machine    : doldap.sc.com with domain dc=si,dc=com
> the other directory : adldap.adsc.com with domain dc=adsc,dc=com
>
> I defined the referral like this:
> dn: ou=test,dc=adsc,dc=com
> objectClass: referral
> objectClass: extensibleObject
> dc: prueba
> ref: ldap://adldap.adsc.com/ou=test,dc=adsc,dc=com
>
> So, when i query something like this (anonymous):
> ldapsearch -b "ou=test,dc=adsc,dc=com" -H ldap://doldap.sc.com -x
>
> I get this response:
> # extended LDIF
> #
> # LDAPv3
> # base <ou=prueba,dc=adsc,dc=com> with scope subtree # filter:
> (objectclass=*) # requesting: ALL #
>
> # search result
> search: 2
> result: 10 Referral
> ref: ldap://adldap.adsc.com/ou=prueba,dc=adsc,dc=com??sub
>
> # numResponses: 1
>
> So, apparently the referral for that query is found, next i tell  
> ldapsearch
> to follow it:
> ldapsearch -b "ou=test,dc=adsc,dc=com" -H ldap://doldap.sc.com -x -C
>
> The openLDAP try to follow the referral and get this response from  
> the other
> service:
> # extended LDIF
> #
> # LDAPv3
> # base <ou=prueba,dc=adsc,dc=com> with scope subtree # filter:
> (objectclass=*) # requesting: ALL #
>
> # search result
> search: 2
> result: 1 Operations error
> text: 00000000: LdapErr: DSID-0C090627, comment: In order to  
> perform this
> operation a successful bind must be completed on the connection.,  
> data 0,
> vece
>
> # numResponses: 1
>
> So, How do I tell ldapsearch to authenticate to the referred to  
> LDAP server
> when chasing a referral?
> Hope someone can helpme.
>
> Regards.
>
> .A l e j a n d r o.
>
>
>