[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How do I tell ldapsearch to authenticate to the referred to LDAPserver when chasing a referral?

On Jul 17, 2007, at 2:37 PM, Paul Blondé wrote:


This directory protocol that so many people are using to authenticate and
provide information throughout and between their networks has no way to
perform authenticated queries across servers?

LDAP is specified as a client/server protocol. When a server returns a
referral to another server, it's completely up to the client to determine
if and how to chase it, including whether to authenticate and how. A
client which passes the user's password to a server just because it got
a referral to it, well, would be quite naive.

While it certainly possible to construct a client which authenticates to
the referred to server some how when chasing a referral, ldapsearch(1),
being unsophisticated (by design) doesn't. It takes a lot of sophistication
to properly manage security contexts in a distributed environment....

(I note that -C is/was undocumented on purpose.   I'm sure the reasons
can be found in numerous places in the archives.)

-- Kurt