[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Referrals and Chasing Them



Hartman Joona <hartmanj@cs.tut.fi> writes:

> Is it the library or the server?

The library does, if you set option LDAP_OPT_REFERRALS like this:

	ldap_set_option( ld, LDAP_OPT_REFERRALS, LDAP_OPT_ON );

If the server does it, it is usually called "chaining" instead of
"chasing".

> And how does binding work? Does it use the same name and password?

Essentially yes.  We used to have a rebind callback that would be
called when needed to provide the new credential.  I think we no
longer have it and it was very fragile and dangerous.

In a nutshell, you should setup everything so that it does not matter:
only anonymous binds or portable authentication methods such as TLS
client-side certificates or GSSAPI/Kerberos.

> And if I use the rootdn, must the rootdn be the same in the serverB?

Unsure about this, can someone answer this?

Hope this helps,

Julio