[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
named referrals
I'm having trouble getting named referrals to work properly with
OpenLDAP 2.0.21. Our new LDAP structure uses the dc
naming convention, but I've read that I can use a named referral to make
it backward compatible with some of our clients still using the X.500
naming style. So my backend database has both of these lines:
suffix "dc=example,dc=com"
suffix "o=Example,c=US"
And I added the following entry to the database:
dn: o=Example,c=US
objectclass: referral
objectclass: extensibleObject
o: Example
ref: ldaps://ldap.example.com/dc=example,dc=com
Now, according to my reading of the namedref Internet Draft, the
server should be smart enough that if it gets a request to
search ou=users,o=Example,c=US with a scope of 'one' (for example) it
should return a reference that looks like
ldaps://ldap.example.com/ou=users,dc=example,dc=com??one
When I test it, my clients do get referred
to dc=example,dc=com - but the referral doesn't carry the rest
of the context info. The clients (I'm testing with both ldapsearch on the
command line and pam_ldap on my linux box) just get a referral
that looks like
ldaps://ldap.example.com/dc=example,dc=com
and then obviously they go searching in the wrong place in the hierarchy
when they follow the ref.
Anybody run into this? What's causing this behavior, and how can I fix it?
TIA for any help.
Carl