[Date Prev][Date Next] [Chronological] [Thread] [Top]

named referrals



I'm having trouble getting named referrals to work properly with
OpenLDAP 2.0.21.  Our new LDAP structure uses the dc
naming convention, but I've read that I can use a named referral to make
it backward compatible with some of our clients still using the X.500
naming style.  So my backend database has both of these lines:

suffix	"dc=example,dc=com"
suffix	"o=Example,c=US"

And I added the following entry to the database:

dn: o=Example,c=US
objectclass: referral
objectclass: extensibleObject
o: Example
ref: ldaps://ldap.example.com/dc=example,dc=com

Now, according to my reading of the namedref Internet Draft, the
server should be smart enough that if it gets a request to
search ou=users,o=Example,c=US with a scope of 'one' (for example) it
should return a reference that looks like

ldaps://ldap.example.com/ou=users,dc=example,dc=com??one

When I test it, my clients do get referred
to dc=example,dc=com - but the referral doesn't carry the rest
of the context info.  The clients (I'm testing with both ldapsearch on the
command line and pam_ldap on my linux box) just get a referral
that looks like

ldaps://ldap.example.com/dc=example,dc=com

and then obviously they go searching in the wrong place in the hierarchy
when they follow the ref.

Anybody run into this?  What's causing this behavior, and how can I fix it?

TIA for any help.

Carl