[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP Referrals

To: Mack Jenkins <mack.jenkins@gmail.com>
Subject: Re: OpenLDAP Referrals
From: Pierangelo Masarati <ando@sys-net.it>
Date: Tue, 26 Feb 2008 08:39:40 +0100
Cc: openldap-software@openldap.org
In-reply-to: <fcbf6b50802251140w3e60cc08u9ef943df70d182fa@mail.gmail.com>
References: <C88795AF-B702-4AD7-BA1D-A182EFD2AADC@gmail.com> <hbf.20080222upss@bombur.uio.no> <fcbf6b50802251140w3e60cc08u9ef943df70d182fa@mail.gmail.com>
User-agent: Mail/News 1.5.0.8 (X11/20061210)

Mack Jenkins wrote:
> What I am trying to do is this.  When my OpenLDAP server is queried
> for authentication, if the user id and password are not local to my
> OpenLDAP server, but they do exist on another OpenLDAP server, I want
> my OpenLDAP server to tell the application that sent the log in
> request, to go to that other OpenLDAP server for authentication.  I am
> hoping this can be done automatically without the user having to make
> another login attempt.

You can't, since out of scope binds do not return referrals (AFAIK).
You should rather look at gluing (see the "subordinate" directive in
slapd.conf(5)) your local database with a proxy (see slapd-ldap(5)) that
points to your other server.

p.



Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it
---------------------------------------

References:
- OpenLDAP Referrals
  - From: "Mack J. Jenkins, II" <mack.jenkins@gmail.com>
- Re: OpenLDAP Referrals
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: OpenLDAP Referrals
  - From: "Mack Jenkins" <mack.jenkins@gmail.com>

Prev by Date: Re: OpenLDAP Referrals
Next by Date: Re: OpenLDAP Referrals
Index(es):
- Chronological
- Thread