[Date Prev][Date Next] [Chronological] [Thread] [Top]

Referral Question



Hi,
I'm attempting to use subordinate referral with 2.1.21 on Redhat 9.0,
and ask your advice.  My "local" server is on port 3890,
and the "remote" one is on 3891.  My local .ldif file has:

dn: dc=someUniv,ou=remotes,dc=dlese,dc=org
objectclass: top
objectclass: referral
objectclass: extensibleObject
dc: someUniv
ou: remotes
ref: ldap://localhost:3891/dc=someUniv,ou=remotes,dc=dlese,dc=org

and my remote slapd.conf file has:
suffix		"dc=someUniv,ou=remotes,dc=dlese,dc=org"

But when I issue the query:

ldapsearch -P 3 -x -LLL -S "" -b 'dc=dlese,dc=org' -H 'ldap://localhost:3890'
-D 'cn=rootAdmin,ou=people,dc=dlese,dc=org' -w xxx -s sub '(dc=someUniv)' '*' '+'

I get back only the cryptic line:

# refldap://localhost:3891/dc=someUniv,ou=remotes,dc=dlese,dc=org??sub
 
I have both local and remote slapd servers running with "-d 1"
and it appears the request never gets to the remote server.

How can I get referral working?

Many thanks!

Steve


The debug log from the "local" server is ...

@(#) $OpenLDAP: slapd 2.1.21 (Jul 29 2003 12:41:19) $
	sullivan@helix:/home/ss/ftp/openldap/tda.2121/openldap-2.1.21/servers/slapd
daemon_init: listen on ldap://127.0.0.1:3890
daemon_init: 1 listeners to open...
ldap_url_parse_ext(ldap://127.0.0.1:3890)
daemon: initialized ldap://127.0.0.1:3890
daemon_init: 1 listeners opened
slapd init: initiated server.
slap_sasl_init: initialized!
>>> dnNormalize: <cn=Subschema>
=> ldap_bv2dn(cn=Subschema,0)
<= ldap_bv2dn(cn=Subschema,0)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=subschema,272)=0
<<< dnNormalize: <cn=subschema>
>>> dnPrettyNormal: <dc=dlese,dc=org>
=> ldap_bv2dn(dc=dlese,dc=org,0)
<= ldap_bv2dn(dc=dlese,dc=org,0)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=dlese,dc=org,272)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=dlese,dc=org,272)=0
<<< dnPrettyNormal: <dc=dlese,dc=org>, <dc=dlese,dc=org>
>>> dnPrettyNormal: <cn=rootAdmin,ou=people,dc=dlese,dc=org>
=> ldap_bv2dn(cn=rootAdmin,ou=people,dc=dlese,dc=org,0)
<= ldap_bv2dn(cn=rootAdmin,ou=people,dc=dlese,dc=org,0)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=rootAdmin,ou=people,dc=dlese,dc=org,272)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=rootadmin,ou=people,dc=dlese,dc=org,272)=0
<<< dnPrettyNormal: <cn=rootAdmin,ou=people,dc=dlese,dc=org>, <cn=rootadmin,ou=people,dc=dlese,dc=org>
matching_rule_use_init
    1.2.840.113556.1.4.804 (integerBitOrMatch): matchingRuleUse: ( 1.2.840.113556.1.4.804 NAME 'integerBitOrMatch' APPLIES ( mailPreferenceOption $ supportedLDAPVersion ) )
    1.2.840.113556.1.4.803 (integerBitAndMatch): matchingRuleUse: ( 1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' APPLIES ( mailPreferenceOption $ supportedLDAPVersion ) )
    1.3.6.1.4.1.1466.109.114.2 (caseIgnoreIA5Match): matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' APPLIES ( javaDoc $ javaCodebase $ janetMailbox $ cNAMERecord $ sOARecord $ nSRecord $ mXRecord $ mDRecord $ aRecord $ email $ associatedDomain $ dc $ mail $ altServer ) )
    1.3.6.1.4.1.1466.109.114.1 (caseExactIA5Match): matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' APPLIES ( javaDoc $ javaCodebase $ janetMailbox $ cNAMERecord $ sOARecord $ nSRecord $ mXRecord $ mDRecord $ aRecord $ email $ associatedDomain $ dc $ mail $ altServer ) )
    2.5.13.34 (certificateExactMatch): matchingRuleUse: ( 2.5.13.34 NAME 'certificateExactMatch' APPLIES ( cACertificate $ userCertificate ) )
    2.5.13.30 (objectIdentifierFirstComponentMatch): matchingRuleUse: ( 2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' APPLIES ( supportedApplicationContext $ ldapSyntaxes $ matchingRuleUse $ objectClasses $ attributeTypes $ matchingRules $ supportedFeatures $ supportedExtension $ supportedControl $ structuralObjectClass $ objectClass ) )
    2.5.13.29 (integerFirstComponentMatch): matchingRuleUse: ( 2.5.13.29 NAME 'integerFirstComponentMatch' APPLIES ( mailPreferenceOption $ supportedLDAPVersion ) )
    2.5.13.27 (generalizedTimeMatch): matchingRuleUse: ( 2.5.13.27 NAME 'generalizedTimeMatch' APPLIES ( modifyTimestamp $ createTimestamp ) )
    2.5.13.24 (protocolInformationMatch): matchingRuleUse: ( 2.5.13.24 NAME 'protocolInformationMatch' APPLIES protocolInformation )
    2.5.13.23 (uniqueMemberMatch): matchingRuleUse: ( 2.5.13.23 NAME 'uniqueMemberMatch' APPLIES uniqueMember )
    2.5.13.22 (presentationAddressMatch): matchingRuleUse: ( 2.5.13.22 NAME 'presentationAddressMatch' APPLIES presentationAddress )
    2.5.13.20 (telephoneNumberMatch): matchingRuleUse: ( 2.5.13.20 NAME 'telephoneNumberMatch' APPLIES ( pager $ mobile $ homePhone $ telephoneNumber ) )
    2.5.13.17 (octetStringMatch): matchingRuleUse: ( 2.5.13.17 NAME 'octetStringMatch' APPLIES ( javaSerializedData $ userPassword ) )
    2.5.13.16 (bitStringMatch): matchingRuleUse: ( 2.5.13.16 NAME 'bitStringMatch' APPLIES x500UniqueIdentifier )
    2.5.13.14 (integerMatch): matchingRuleUse: ( 2.5.13.14 NAME 'integerMatch' APPLIES ( mailPreferenceOption $ supportedLDAPVersion ) )
    2.5.13.13 (booleanMatch): matchingRuleUse: ( 2.5.13.13 NAME 'booleanMatch' APPLIES hasSubordinates )
    2.5.13.11 (caseIgnoreListMatch): matchingRuleUse: ( 2.5.13.11 NAME 'caseIgnoreListMatch' APPLIES ( homePostalAddress $ registeredAddress $ postalAddress ) )
    2.5.13.8 (numericStringMatch): matchingRuleUse: ( 2.5.13.8 NAME 'numericStringMatch' APPLIES ( internationaliSDNNumber $ x121Address ) )
    2.5.13.7 (caseExactSubstringsMatch): matchingRuleUse: ( 2.5.13.7 NAME 'caseExactSubstringsMatch' APPLIES ( dnQualifier $ destinationIndicator $ serialNumber ) )
    2.5.13.6 (caseExactOrderingMatch): matchingRuleUse: ( 2.5.13.6 NAME 'caseExactOrderingMatch' APPLIES ( dnQualifier $ destinationIndicator $ serialNumber ) )
    2.5.13.5 (caseExactMatch): matchingRuleUse: ( 2.5.13.5 NAME 'caseExactMatch' APPLIES ( javaReferenceAddress $ javaFactory $ javaClassNames $ javaClassName $ preferredLanguage $ employeeType $ employeeNumber $ displayName $ departmentNumber $ carLicense $ documentPublisher $ buildingName $ organizationalStatus $ uniqueIdentifier $ co $ personalTitle $ documentLocation $ documentVersion $ documentTitle $ documentIdentifier $ host $ userClass $ roomNumber $ drink $ info $ textEncodedORAddress $ uid $ labeledURI $ dmdName $ houseIdentifier $ dnQualifier $ generationQualifier $ initials $ givenName $ destinationIndicator $ physicalDeliveryOfficeName $ postOfficeBox $ postalCode $ businessCategory $ description $ title $ ou $ o $ street $ st $ l $ c $ serialNumber $ sn $ knowledgeInformation $ cn $ name $ ref $ vendorVersion $ vendorName $ supportedSASLMechanisms ) )
    2.5.13.3 (caseIgnoreOrderingMatch): matchingRuleUse: ( 2.5.13.3 NAME 'caseIgnoreOrderingMatch' APPLIES ( dnQualifier $ destinationIndicator $ serialNumber ) )
    2.5.13.2 (caseIgnoreMatch): matchingRuleUse: ( 2.5.13.2 NAME 'caseIgnoreMatch' APPLIES ( javaReferenceAddress $ javaFactory $ javaClassNames $ javaClassName $ preferredLanguage $ employeeType $ employeeNumber $ displayName $ departmentNumber $ carLicense $ documentPublisher $ buildingName $ organizationalStatus $ uniqueIdentifier $ co $ personalTitle $ documentLocation $ documentVersion $ documentTitle $ documentIdentifier $ host $ userClass $ roomNumber $ drink $ info $ textEncodedORAddress $ uid $ labeledURI $ dmdName $ houseIdentifier $ dnQualifier $ generationQualifier $ initials $ givenName $ destinationIndicator $ physicalDeliveryOfficeName $ postOfficeBox $ postalCode $ businessCategory $ description $ title $ ou $ o $ street $ st $ l $ c $ serialNumber $ sn $ knowledgeInformation $ cn $ name $ ref $ vendorVersion $ vendorName $ supportedSASLMechanisms ) )
    2.5.13.1 (distinguishedNameMatch): matchingRuleUse: ( 2.5.13.1 NAME 'distinguishedNameMatch' APPLIES ( dITRedirect $ associatedName $ secretary $ documentAuthor $ manager $ seeAlso $ roleOccupant $ owner $ member $ distinguishedName $ aliasedObjectName $ namingContexts $ subschemaSubentry $ modifiersName $ creatorsName ) )
    2.5.13.0 (objectIdentifierMatch): matchingRuleUse: ( 2.5.13.0 NAME 'objectIdentifierMatch' APPLIES ( supportedApplicationContext $ supportedFeatures $ supportedExtension $ supportedControl $ structuralObjectClass $ objectClass ) )
slapd startup: initiated.
slapd starting
ldap_pvt_gethostbyname_a: host=helix, r=0
connection_get(7): got connid=0
connection_read(7): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 53 contents:
do_bind
ber_get_next
ber_get_next on fd 7 failed errno=11 (Resource temporarily unavailable)
ber_scanf fmt ({imt) ber:
ber_scanf fmt (m}) ber:
>>> dnPrettyNormal: <cn=rootAdmin,ou=people,dc=dlese,dc=org>
=> ldap_bv2dn(cn=rootAdmin,ou=people,dc=dlese,dc=org,0)
<= ldap_bv2dn(cn=rootAdmin,ou=people,dc=dlese,dc=org,0)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=rootAdmin,ou=people,dc=dlese,dc=org,272)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=rootadmin,ou=people,dc=dlese,dc=org,272)=0
<<< dnPrettyNormal: <cn=rootAdmin,ou=people,dc=dlese,dc=org>, <cn=rootadmin,ou=people,dc=dlese,dc=org>
do_bind: version=3 dn="cn=rootAdmin,ou=people,dc=dlese,dc=org" method=128
dn2entry_r: dn: "cn=rootadmin,ou=people,dc=dlese,dc=org"
=> dn2id( "cn=rootadmin,ou=people,dc=dlese,dc=org" )
=> ldbm_cache_open( "/home/ss/consult/ucar/src/ldap/tdlocal/dbmain/dn2id.gdbm", 34, 600 )
<= ldbm_cache_open (opened 0)
<= dn2id NOID
dn2entry_r: dn: "ou=people,dc=dlese,dc=org"
=> dn2id( "ou=people,dc=dlese,dc=org" )
=> ldbm_cache_open( "/home/ss/consult/ucar/src/ldap/tdlocal/dbmain/dn2id.gdbm", 34, 600 )
<= ldbm_cache_open (cache 0)
<= dn2id 2
=> id2entry_r( 2 )
=> ldbm_cache_open( "/home/ss/consult/ucar/src/ldap/tdlocal/dbmain/id2entry.gdbm", 34, 600 )
<= ldbm_cache_open (opened 1)
=> str2entry
>>> dnPrettyNormal: <ou=people,dc=dlese,dc=org>
=> ldap_bv2dn(ou=people,dc=dlese,dc=org,0)
<= ldap_bv2dn(ou=people,dc=dlese,dc=org,0)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(ou=people,dc=dlese,dc=org,272)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(ou=people,dc=dlese,dc=org,272)=0
<<< dnPrettyNormal: <ou=people,dc=dlese,dc=org>, <ou=people,dc=dlese,dc=org>
<= str2entry(ou=people,dc=dlese,dc=org) -> 0x8130b68
<= id2entry_r( 2 ) 0x8130b68 (disk)
====> cache_return_entry_r( 2 ): created (0)
do_bind: v3 bind: "cn=rootAdmin,ou=people,dc=dlese,dc=org" to "cn=rootAdmin,ou=people,dc=dlese,dc=org"
send_ldap_result: conn=0 op=0 p=3
send_ldap_response: msgid=1 tag=97 err=0
ber_flush: 14 bytes to sd 7
connection_get(7): got connid=0
connection_read(7): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 61 contents:
ber_get_next
ber_get_next on fd 7 failed errno=11 (Resource temporarily unavailable)
do_search
ber_scanf fmt ({miiiib) ber:
>>> dnPrettyNormal: <dc=dlese,dc=org>
=> ldap_bv2dn(dc=dlese,dc=org,0)
<= ldap_bv2dn(dc=dlese,dc=org,0)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=dlese,dc=org,272)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=dlese,dc=org,272)=0
<<< dnPrettyNormal: <dc=dlese,dc=org>, <dc=dlese,dc=org>
ber_scanf fmt ({mm}) ber:
ber_scanf fmt ({M}}) ber:
=> ldbm_back_search
dn2entry_r: dn: "dc=dlese,dc=org"
=> dn2id( "dc=dlese,dc=org" )
=> ldbm_cache_open( "/home/ss/consult/ucar/src/ldap/tdlocal/dbmain/dn2id.gdbm", 34, 600 )
<= ldbm_cache_open (cache 0)
<= dn2id 1
=> id2entry_r( 1 )
=> ldbm_cache_open( "/home/ss/consult/ucar/src/ldap/tdlocal/dbmain/id2entry.gdbm", 34, 600 )
<= ldbm_cache_open (cache 1)
=> str2entry
>>> dnPrettyNormal: <dc=dlese,dc=org>
=> ldap_bv2dn(dc=dlese,dc=org,0)
<= ldap_bv2dn(dc=dlese,dc=org,0)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=dlese,dc=org,272)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=dlese,dc=org,272)=0
<<< dnPrettyNormal: <dc=dlese,dc=org>, <dc=dlese,dc=org>
<= str2entry(dc=dlese,dc=org) -> 0x81302d8
<= id2entry_r( 1 ) 0x81302d8 (disk)
search_candidates: base="dc=dlese,dc=org" s=2 d=0
=> filter_candidates
=> list_candidates 0xa0
=> filter_candidates
=> dn2idl( "@dc=dlese,dc=org" )
=> ldbm_cache_open( "/home/ss/consult/ucar/src/ldap/tdlocal/dbmain/nextid.gdbm", 34, 600 )
<= ldbm_cache_open (opened 2)
<= filter_candidates 6
=> filter_candidates
=> list_candidates 0xa1
=> filter_candidates
=> equality_candidates
=> ldbm_cache_open( "/home/ss/consult/ucar/src/ldap/tdlocal/dbmain/objectClass.gdbm", 34, 600 )
<= ldbm_cache_open (opened 3)
=> key_read
<= index_read 1 candidates
<= equality_candidates 1
<= filter_candidates 1
=> filter_candidates
=> equality_candidates
<= equality_candidates: index_param returned=18
<= filter_candidates 6
<= list_candidates 6
<= filter_candidates 6
<= list_candidates 6
<= filter_candidates 6
====> cache_return_entry_r( 1 ): created (0)
=> id2entry_r( 1 )
====> cache_find_entry_id( 1 ) "dc=dlese,dc=org" (found) (1 tries)
<= id2entry_r( 1 ) 0x81302d8 (cache)
ldbm_search: candidate entry 1 does not match filter
====> cache_return_entry_r( 1 ): returned (0)
=> id2entry_r( 2 )
====> cache_find_entry_id( 2 ) "ou=people,dc=dlese,dc=org" (found) (1 tries)
<= id2entry_r( 2 ) 0x8130b68 (cache)
ldbm_search: candidate entry 2 does not match filter
====> cache_return_entry_r( 2 ): returned (0)
=> id2entry_r( 3 )
=> ldbm_cache_open( "/home/ss/consult/ucar/src/ldap/tdlocal/dbmain/id2entry.gdbm", 34, 600 )
<= ldbm_cache_open (cache 1)
=> str2entry
>>> dnPrettyNormal: <cn=mainAdmin,ou=people,dc=dlese,dc=org>
=> ldap_bv2dn(cn=mainAdmin,ou=people,dc=dlese,dc=org,0)
<= ldap_bv2dn(cn=mainAdmin,ou=people,dc=dlese,dc=org,0)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=mainAdmin,ou=people,dc=dlese,dc=org,272)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=mainadmin,ou=people,dc=dlese,dc=org,272)=0
<<< dnPrettyNormal: <cn=mainAdmin,ou=people,dc=dlese,dc=org>, <cn=mainadmin,ou=people,dc=dlese,dc=org>
<= str2entry(cn=mainAdmin,ou=people,dc=dlese,dc=org) -> 0x8130208
<= id2entry_r( 3 ) 0x8130208 (disk)
ldbm_search: candidate entry 3 does not match filter
====> cache_return_entry_r( 3 ): created (0)
=> id2entry_r( 4 )
=> ldbm_cache_open( "/home/ss/consult/ucar/src/ldap/tdlocal/dbmain/id2entry.gdbm", 34, 600 )
<= ldbm_cache_open (cache 1)
=> str2entry
>>> dnPrettyNormal: <ou=remotes,dc=dlese,dc=org>
=> ldap_bv2dn(ou=remotes,dc=dlese,dc=org,0)
<= ldap_bv2dn(ou=remotes,dc=dlese,dc=org,0)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(ou=remotes,dc=dlese,dc=org,272)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(ou=remotes,dc=dlese,dc=org,272)=0
<<< dnPrettyNormal: <ou=remotes,dc=dlese,dc=org>, <ou=remotes,dc=dlese,dc=org>
<= str2entry(ou=remotes,dc=dlese,dc=org) -> 0x819a018
<= id2entry_r( 4 ) 0x819a018 (disk)
ldbm_search: candidate entry 4 does not match filter
====> cache_return_entry_r( 4 ): created (0)
=> id2entry_r( 5 )
=> ldbm_cache_open( "/home/ss/consult/ucar/src/ldap/tdlocal/dbmain/id2entry.gdbm", 34, 600 )
<= ldbm_cache_open (cache 1)
=> str2entry
>>> dnPrettyNormal: <dc=someUniv,ou=remotes,dc=dlese,dc=org>
=> ldap_bv2dn(dc=someUniv,ou=remotes,dc=dlese,dc=org,0)
<= ldap_bv2dn(dc=someUniv,ou=remotes,dc=dlese,dc=org,0)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=someUniv,ou=remotes,dc=dlese,dc=org,272)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=someuniv,ou=remotes,dc=dlese,dc=org,272)=0
<<< dnPrettyNormal: <dc=someUniv,ou=remotes,dc=dlese,dc=org>, <dc=someuniv,ou=remotes,dc=dlese,dc=org>
<= str2entry(dc=someUniv,ou=remotes,dc=dlese,dc=org) -> 0x819a208
<= id2entry_r( 5 ) 0x819a208 (disk)
ldap_url_parse_ext(ldap://localhost:3891/dc=someUniv,ou=remotes,dc=dlese,dc=org)
>>> dnPretty: <dc=someUniv,ou=remotes,dc=dlese,dc=org>
=> ldap_bv2dn(dc=someUniv,ou=remotes,dc=dlese,dc=org,0)
<= ldap_bv2dn(dc=someUniv,ou=remotes,dc=dlese,dc=org,0)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=someUniv,ou=remotes,dc=dlese,dc=org,272)=0
<<< dnPretty: <dc=someUniv,ou=remotes,dc=dlese,dc=org>
=> send_search_reference: dn="dc=someUniv,ou=remotes,dc=dlese,dc=org"
ber_flush: 74 bytes to sd 7
<= send_search_reference
====> cache_return_entry_r( 5 ): created (0)
send_search_result: err=0 matched="" text=""
send_ldap_response: msgid=2 tag=101 err=0
ber_flush: 14 bytes to sd 7
connection_get(7): got connid=0
connection_read(7): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 5 contents:
ber_get_next
ber_get_next on fd 7 failed errno=0 (Success)
connection_read(7): input error=-2 id=0, closing.
connection_closing: readying conn=0 sd=7 for close
connection_close: deferring conn=0 sd=7
do_unbind
connection_resched: attempting closing conn=0 sd=7
connection_close: conn=0 sd=7
daemon: shutdown requested and initiated.
slapd shutdown: waiting for 0 threads to terminate
slapd shutdown: initiated
ldbm backend syncing
ldbm flushing db (/home/ss/consult/ucar/src/ldap/tdlocal/dbmain/dn2id.gdbm)
ldbm closing db (/home/ss/consult/ucar/src/ldap/tdlocal/dbmain/dn2id.gdbm)
ldbm flushing db (/home/ss/consult/ucar/src/ldap/tdlocal/dbmain/id2entry.gdbm)
ldbm closing db (/home/ss/consult/ucar/src/ldap/tdlocal/dbmain/id2entry.gdbm)
ldbm flushing db (/home/ss/consult/ucar/src/ldap/tdlocal/dbmain/nextid.gdbm)
ldbm closing db (/home/ss/consult/ucar/src/ldap/tdlocal/dbmain/nextid.gdbm)
ldbm flushing db (/home/ss/consult/ucar/src/ldap/tdlocal/dbmain/objectClass.gdbm)
ldbm closing db (/home/ss/consult/ucar/src/ldap/tdlocal/dbmain/objectClass.gdbm)
ldbm backend done syncing
====> cache_release_all
slapd shutdown: freeing system resources.
slapd stopped.