[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: subtree referrals in OpenLDAP development code

To: Howard Chu <hyc@highlandsun.com>
Subject: Re: subtree referrals in OpenLDAP development code
From: Steven Augart <swa@ISI.EDU>
Date: Mon, 03 May 1999 01:13:03 -0700
Cc: openldap-devel@OpenLDAP.org
References: <000101be93aa$c4f70900$9e0915ac@hyc.la.platinum.com>

Thanks, Howard, that helps.  ldapsearch now recognizes that a referral has occurred.
I'm still encountering some trouble, though.

I had to add a dummy entry in the referring server's database for the head of the subtree I'm
delegating to another server.  (When I didn't, ldapadd complained that the "ref=...,hn=jupiter.isi.edu, ou= ..."
item I was trying to add didn't have a parent.  When I tried bypassing "ldapadd" by using ldif2ldbm,
ldapsearch complained "no such object", and that it could only go down as far as the OU.)

Performing "ldapsearch"  yields "Partial results and referral received".
I'd like to (1) not get results for the dummy entry that's the head of the subtree (I want to read it out of the
subordinate server's database instead) and (2) would like ldapsearch to follow the referral automatically,
instead of telling the user about it.

Here's the LDIF I'm using for the referral now:

> dn: hn=jupiter.isi.edu, ou=Information Sciences Institute,
>   o=University of Southern California, o=Globus, c=US
> objectclass: referral
>
> dn:  ref="ldap://mds.globus.org:389/hn=jupiter.isi.edu,
>  ou=Information Sciences Institute, o=University of Southern California,
>  o=Globus, c=US", hn=jupiter.isi.edu, ou=Information Sciences Institute,
>  o=University of Southern California, o=Globus, c=US
> objectclass: referral
> ref: "ldap://mds.globus.org:389/hn=jupiter.isi.edu, ou=Information Sciences
>  Institute, o=University of Southern California, o=Globus, c=US"
>

And here's the call to ldapsearch and its results:

> $ ldapsearch -p 1389 -b "hn=jupiter.isi.edu, ou=Information Sciences Institute, o=University of Southern California, \                                                                        o=Globus, c=US" '(objectclass=*)'
> hn=jupiter.isi.edu, ou=Information Sciences Institute, o=University of Southern California, o=Globus, c=US
> objectclass=referral
> creatorsname=cn=Directory Manager, o=University of Southern California, o=Globus, c=US
> createtimestamp=19990503075935Z
> ldap_search: Partial results and referral received
> ldap_search: additional info: Referral:
> "ldap://mds.globus.org:389/hn=jupiter.isi.edu, ou=Information Sciences Institute, o=University of Southern California, o=Globus, c=US"
>
Thanks,

--Steve Augart, Globus project


Howard Chu wrote:

> > I am experimenting with the development version of the OpenLDAP
> > server.  I am evaluating the OpenLDAP server to see if we could make
> > it the reocmmended LDAP server for the Globus project's Metacomputing
> > Directory Service.
> >
> > I have been having trouble making subordinate referrals work.  (Referrals
> > to the superior of the server's subtree work just fine.)   I have
> > tried two methods (one from the UMICH "SLAPD and SLURPD
> > Administrator's Guide", the other from Tim Howes's book,
> > "Understanding and Deploying LDAP directory services."
> >
> > Here's the LDIF I'm using for these two methods:
> >
> >   dn:  hn=jupiter.isi.edu, ou=Information Sciences Institute,
> > o=University of Southern California, o=Globus, c=US
> >   objectclass: referral
> >   ref: ldap://mds.globus.org:389/hn=jupiter.isi.edu,
> > ou=Information Sciences Institute, o=University of Southern
> > California, o=Globus, c=US
>
> This doesn't work. The LDBM backend only recognizes referrals if the RDN is
> ref=xxx.
> >
> >   dn:  ref="ldap://mds.globus.org:389/hn=jupiter.isi.edu,
> > ou=Information Sciences Institute, o=University of Southern
> > California, o=Globus, c=US", hn=jupiter.isi.edu, ou=Information
> > Sciences Institute, o=University of Southern California, o=Globus, c=US
> >   objectclass: referral
>
> This is an incomplete entry, you need a ref attribute in the entry as well,
> matching your RDN. Once you add that, this will work. i.e.
> dn: ref="ldap://mds.globus.org:389/hn=jupiter.isi.edu, ou=Information
> Sciences Institute, o=University of Southern California, o=Globus, c=US",
> hn=jupiter.isi.edu, ou=Information Sciences Institute, o=University of
> Southern California, o=Globus, c=US
> objectclass: referral
> ref: "ldap://mds.globus.org:389/hn=jupiter.isi.edu, ou=Information Sciences
> Institute, o=University of Southern California, o=Globus, c=US"
>   -- Howard

References:
- RE: subtree referrals in OpenLDAP development code
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: RE: searching multiple backends
Next by Date: Re: child modification
Index(es):
- Chronological
- Thread