[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: referrals, do they work in 1.2.11



    Below I have included the slapd.conf of the server that I initally 
query(I'll call server1) followed by the slapd.conf of the server(server2) 
being referred to. 

Server2 has the data built with the DN suffix "Verison's LDAP Service" and
Server1 doesn't have any DN's with the suffix "Verison's LDAP Service". So
when I query Server1 for an entry that exists on server2 should the referral
work? I'm still getting Object not found. Are my suffixs setup correctly?

Thanks

-john

#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#

schemacheck	on
#loglevel        256

referral 	ldap://anpimg.ism.comversens.com:20911/
include		/usr/local/ldap/ANP20/slapd.at.conf
include		/usr/local/ldap/ANP20/slapd.oc.conf


pidfile		/usr/local/ldap/ANP20/slapd.pid
argsfile	/usr/local/ldap/ANP20/slapd.args

database	ldbm
suffix		"c=US"
suffix		"o=sbc,c=US"
suffix		"o=BellSouth's LDAP Service, c=US"
suffix		"o=Verizon's LDAP Service, c=US"
suffix		"dc=btrd.bostontechnology.com, dc=com"
index		dn,e164Digit,cn,Tnic   pres,eq,approx  

directory	/usr/local/ldap/ANP20/database
rootdn		"cn=Manager, dc=btrd.bostontechnology.com, dc=com"
rootpw		secret

dbcachenowsync
#dbcachesize     25000000
# cleartext passwords, especially for the rootdn, should
# be avoid.  See slapd.conf(5) for details.
########################### the end
############################################




#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#

schemacheck	on
#loglevel        256

include		/usr/local/ldap/ANP20/referral/slapd.at.conf
include		/usr/local/ldap/ANP20/referral/slapd.oc.conf


pidfile		/usr/local/ldap/ANP20/referral/slapd.pid
argsfile	/usr/local/ldap/ANP20/referral/slapd.args

database	ldbm
suffix		"c=US"
suffix		"o=sbc,c=us"
suffix		"o=Verizon's LDAP Service, c=US"
suffix		"o=BellSouth's LDAP Service, c=us"
suffix		"dc=btrd.bostontechnology.com, dc=com"
index		dn,e164Digit,cn,Tnic   pres,eq,approx  

directory	/usr/local/ldap/ANP20/referral/database
rootdn		"cn=Manager, dc=btrd.bostontechnology.com, dc=com"
rootpw		secret

dbcachenowsync
#dbcachesize     25000000
# cleartext passwords, especially for the rootdn, should
# be avoid.  See slapd.conf(5) for details.
########################### the end
############################################
-----Original Message-----
From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org]
Sent: Thursday, October 12, 2000 11:17 AM
To: Downs, John
Cc: 'openldap-software@openldap.org'
Subject: Re: referrals, do they work in 1.2.11


At 10:17 AM 10/12/00 -0400, Downs, John wrote:
>We are having no luck getting referrals to work in OpenLDAP 1.2.11.
>Does it work?

Other than the known limitations (see list for details)
of U-Mich LDAPv2+ referrals, they work just fine.

>        Is there a special trick to getting it to work.

No special tricks... other than proper configuration.  See
the U-Mich guide here for details.
  http://www.openldap.org/faq/index.cgi?file=106

>I have the  referral
>line set in the slapd.conf
>file. When I try to query that server for a non-existent DN it promptly
>returns "object no found"
>and shows no sign of following the referral.

The default referral (slapd.conf/referral) is should be returned
to the client if the requested DN is under any of the configured
suffixes (naming contexts).  That is, the default referral holds
the a reference to the superior service.  Note that the server
doesn't "follow" the referral itself, it returns the referral to
the client so the client can follow it.

Subordinate referrals are held in the directory (as referral
entries) and these will be returned to the client only(*) as
search continuations  [* this is one of the above mentioned
limitations].

>Is there a relationship between searchbasedn and
>referrals? What is it?

Yes.   If the requested search base is not below any of the
services suffixes, the default (superior) referral is returned
if provided in slapd.conf else noSuchObject.  If the requested
search base is below a service suffix but is not held by the
backend, noSuchObject is returned.  If the requested search base
is below a service suffix, but is held by the backend, all
referrals within scope are returned.  These are referred to as
"search continuations" or "search references".