[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How do I tell ldapsearch to authenticate to the referred to LDAPserver when chasing a referral?

To: Paul Blondé <jpb@entel.ca>
Subject: Re: How do I tell ldapsearch to authenticate to the referred to LDAPserver when chasing a referral?
From: Kurt Zeilenga <kurt@OpenLDAP.org>
Date: Tue, 17 Jul 2007 17:18:54 -0700
Cc: openldap-software@OpenLDAP.org
In-reply-to: <000001c7c8ba$b891e5b0$5a05a8c0@nisgaa.net>
References: <000001c7c8ba$b891e5b0$5a05a8c0@nisgaa.net>


On Jul 17, 2007, at 2:37 PM, Paul Blondé wrote:

What?
This directory protocol that so many people are using to authenticate and provide information throughout and between their networks has no way to perform authenticated queries across servers?

LDAP is specified as a client/server protocol. When a server returns a referral to another server, it's completely up to the client to determine if and how to chase it, including whether to authenticate and how. A client which passes the user's password to a server just because it got a referral to it, well, would be quite naive.

While it certainly possible to construct a client which authenticates to the referred to server some how when chasing a referral, ldapsearch(1), being unsophisticated (by design) doesn't. It takes a lot of sophistication to properly manage security contexts in a distributed environment....

(I note that -C is/was undocumented on purpose.   I'm sure the reasons
can be found in numerous places in the archives.)

-- Kurt

Follow-Ups:
- RE: How do I tell ldapsearch to authenticate to the referred to LDAPserver when chasing a referral?
  - From: Paul Blondé <jpb@entel.ca>

References:
- RE: How do I tell ldapsearch to authenticate to the referred to LDAPserver when chasing a referral?
  - From: Paul Blondé <jpb@entel.ca>

Prev by Date: Re: slapd slave becoming a master
Next by Date: Re: [SOLVED] Re: multiple servers in DNS and TLS
Index(es):
- Chronological
- Thread