[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: syncrepl in OpenLDAP 2.3.x and updating on a replica

To: openldap-software@OpenLDAP.org
Subject: Re: syncrepl in OpenLDAP 2.3.x and updating on a replica
From: Michael Ströder <michael@stroeder.com>
Date: Tue, 17 Jun 2008 00:27:37 +0200
In-reply-to: <4856A8D2.7010309@idilia.com>
References: <48566965.5080905@idilia.com> <C9DEA52B456EC083D6E57954@[192.168.1.199]> <4856A8D2.7010309@idilia.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.13) Gecko/20080313 SeaMonkey/1.1.9

Filipe Brandenburger wrote:

So, my questions are:
1. How do I get ldapmodify, ldapdelete, ... to follow referrals?
2. Will pam_ldap (when changing passwords) follow referrals?


You shouldn't chase referrals at the client's side. Rather use
slapo-chain to let the server chase the referral (chain the request to
the master).

I will try to see if referrals will work first, then I'll
start going down that route.


The LDAPv3 specification is incomplete regarding referrals since it does
not specifiy what the client should do regarding binding to the referred
server. So vendors implemented it differently.

Example: The rule within MS AD domains is to just use the domains
credentials you used before.

But it's not implemented like this in OpenLDAP libs since not generally
true.

In web2ldap I'm presenting a login form to the user letting him
interactively decide what to do when chasing the referral.

Ciao, Michael.

Prev by Date: reverse membership and permissions
Next by Date: Re: ppolicy by group
Index(es):
- Chronological
- Thread