Re: named referrals

["Carl J Meyer" <carljm@goshen.edu>]

Anyone have any wisdom on this one?  Am I the only one trying to do this?
I'm no openLDAP guru, so if I'm asking a dumb question here, do let me
know.

Carl

On Fri, 8 Feb 2002, Carl J Meyer wrote:

> I'm having trouble getting named referrals to work properly with
> OpenLDAP 2.0.21.  Our new LDAP structure uses the dc
> naming convention, but I've read that I can use a named referral to make
> it backward compatible with some of our clients still using the X.500
> naming style.  So my backend database has both of these lines:
> 
> suffix	"dc=example,dc=com"
> suffix	"o=Example,c=US"
> 
> And I added the following entry to the database:
> 
> dn: o=Example,c=US
> objectclass: referral
> objectclass: extensibleObject
> o: Example
> ref: ldaps://ldap.example.com/dc=example,dc=com
> 
> Now, according to my reading of the namedref Internet Draft, the
> server should be smart enough that if it gets a request to
> search ou=users,o=Example,c=US with a scope of 'one' (for example) it
> should return a reference that looks like
> 
> ldaps://ldap.example.com/ou=users,dc=example,dc=com??one
> 
> When I test it, my clients do get referred
> to dc=example,dc=com - but the referral doesn't carry the rest
> of the context info.  The clients (I'm testing with both ldapsearch on the
> command line and pam_ldap on my linux box) just get a referral
> that looks like
> 
> ldaps://ldap.example.com/dc=example,dc=com
> 
> and then obviously they go searching in the wrong place in the hierarchy
> when they follow the ref.
> 
> Anybody run into this?  What's causing this behavior, and how can I fix it?
> 
> TIA for any help.
> 
> Carl
>