[Date Prev][Date Next]
referral with authentication
- To: firstname.lastname@example.org
- Subject: referral with authentication
- From: "Sabine Hanß" <email@example.com>
- Date: Mon, 18 Jan 2010 08:36:26 +0100
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=charite.de; h= content-transfer-encoding:content-type:content-type:mime-version :user-agent:from:from:subject:subject:date:date:message-id :received:received:received:received; s=default; t=1263800188; bh=rO7BnIbqY6ALaZ+SEJL4dpjLQ0RYd4Rvpm2hSYT9kfM=; b=qNxMh8Bl86Vt lexwcgBKzOXL7Hna96cvd5tdQbHmMXRg76WyEhh7AlzGs/SBnrK0p2vOPaO7N/7u bpkGmA9fXWgYTsVZgXrGQwBpKjlJoUZMAcqmQXFGsTeYsOEJZS3z1yilkg+QFzr7 s2v4iY3OjiTMrstJsl2f9bvkygceyYQ=
- User-agent: SquirrelMail/1.4.20RC1
I'm having some problems getting referrals working at the moment. I have a
situation where not all user data is stored on one server, but distributed
over two servers. Server A is always asked for user authentication, however
in some cases that information wont be stored there but on server B instead.
In fact with some users, absolutely no information will be stored about them
at all on Server A. In these cases, server A has to refer to server B.
There are in my opinion two patterns to do the referral:
1. Server A sends only the referral back to the client and the client
itself asks Server B for authentication.
2. Through the configuration option overlay chain the server A sends the
authentication to server B, which should then provide the validation, and
then pass it back to the client.
In my scenario the client (liferay portal - http://www.liferay.com) the
client should do the referral.
So I have tried using the Subordinate Knowledge style, which as I
understand is the correct method for this type of authentication.
I have checked also to see if any data at all is passed from server A to
server B, but none at all is passed.
When I search (with ldapsearch) users stored in server B I get as result
# search reference
When I try to authenticate via a user stored in server B I get this error
bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30989)
The referral object I created on Server A was from the following ldif file:
and I also set the ACLs to
access to * by * read
access to attrs=userPassword by anonymous auth
I also tried the overlay chain, but I doubt if this is the right way to
solve my problem. To except the case that the client does something wrong
I'm looking for a client to simply test my scenario.
ldapsearch can't test the authentication, I think.
I now find myself quite lost as to what is going on and appreciate with some
help from someone.
Thank you and best regards
Sabine Hanß *** email firstname.lastname@example.org