[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Can I bind to server with DN not on server ?
Is it possible to bind to an ldap server with a dn that is NOT in a
naming context on that sever ?
For example I have 3 servers glued together with subordinate and
superior referrals:
server A:
suffix "o=XYZ"
contains ou=SFO,o=XYZ
with subordinate referrals to servers B & C for ou=NYC,o=XYZ & ou=DCA,o=XYZ
server B:
suffix "ou=NYC,o=XYZ"
superior referral to server A: referral ldap://serverA/
access to dn.children="ou=People,ou=NYC,o=XYZ"
by dn.children="ou=People,ou=NYC,o=XYZ" write
by dn.children="ou=People,ou=SFO,o=XYZ" write
server C:
suffix "ou=DCA,o=XYZ"
superior referral to server A: referral ldap://serverA/
access to dn.children="ou=People,ou=DCA,o=XYZ"
by dn.children="ou=People,ou=DCA,o=XYZ" write
by dn.children="ou=People,ou=SFO,o=XYZ" write
Regardless of the bind method, and regardless of which server I bind
to, I cannot seem to get the SFO people to see the entries on the other
sites. Slapd does not seem to follow referrals when it trying to
authenicate the user.
Is this even possible ? I can provide more details of course, but I
have a sneaking suspicision that this is the intended behavior.
Is there a better approach ? I would prefer not to replicate the entire
tree accross all sites if possible.
Thanks,
Tom
--
Tom Riddle
HighStreet Networks
www.highstreetnetworks.com