[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Referrals and Chasing Them
Hartman Joona <hartmanj@cs.tut.fi> writes:
> Is it the library or the server?
The library does, if you set option LDAP_OPT_REFERRALS like this:
ldap_set_option( ld, LDAP_OPT_REFERRALS, LDAP_OPT_ON );
If the server does it, it is usually called "chaining" instead of
"chasing".
> And how does binding work? Does it use the same name and password?
Essentially yes. We used to have a rebind callback that would be
called when needed to provide the new credential. I think we no
longer have it and it was very fragile and dangerous.
In a nutshell, you should setup everything so that it does not matter:
only anonymous binds or portable authentication methods such as TLS
client-side certificates or GSSAPI/Kerberos.
> And if I use the rootdn, must the rootdn be the same in the serverB?
Unsure about this, can someone answer this?
Hope this helps,
Julio