[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Help with a referral
- To: openldap-technical@openldap.org
- Subject: Help with a referral
- From: Jason Voorhees <jvoorhees1@gmail.com>
- Date: Thu, 3 Jun 2010 11:11:03 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=12IBMe8ruZhRZ+eNvDxG1mWtW/VCCfJdCwLJokr+iN8=; b=hipIaO7/+0H4ib8IpPK3BXavCpkJKSd0aDYUnD8dKdN5WpqbkcwdHuyZZkDIOg4Dcx pS3cPxLZS1XAHyPm3DhmiOEtAQ+LR9bTZlzve/7V86ak9jhM72bARqeMLOcsEXgFNy0z NyCNLVsYbs0MsNYy9CfqfCKp/PZSLoV01f4Fo=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=kuXgC9HwPqkFQDQC1Bo6GPLjtKrNAC5FXUtFIrRK5oegcugBumozIE+j7A3PXtwGbC MQbvW5GhfHlZmlGUk71mVkf4p5D4lKFcW2gf+IsF82J+X1h2TIklJMIKRdLAt3Ug8Ll1 0orw+3gM5AnwF2X7a5EIgvwOEjgq1tZvyNTug=
Hi:
I'm trying to migrate an old LDAP server (that holds an ldap tree for
Open-Xchange) to a new installation of OpenLDAP 2.3.43.
A lot of users had configured their Outlook in a way that they make a
base search for ou=Users,ou=OxObjects,dc=domain,dc=com in their LDAP
address book. But my new LDAP tree won't have
ou=OxObjects,dc=domain,dc=com entry, i'm creating a new ldap structure
to be used with GOSA.
So I decide to create a referral like this:
dn: ou=Users,ou=OxObjects,dc=domain,dc=com
ou: Users
objectclass: referral
objectclass: extensibleObject
ref: ldap://HOSTNAME/ou=people,dc=domain,dc=com
This works fine, now Outlook users can find their contacts using the
same base search (ou=Users,ou=OxObjects,dc=domain,dc=com) but now GOSA
got in problems because it finds two administrator users (cn=System
administrator,ou=people,dc=domain,dc=com) because of the referral.
I just would like to GOSA doesn't follow referrals or just searches
for users under ou=people,dc=domain,dc=com instead of the root
dc=domain,dc=com, but it seem that GOSA isn't good enough to customize
this yet.
So I think I could modify my referral to return not all attributes,
just some of them (the attributes commonly used by an address book
search) like this:
dn: ou=Users,ou=OxObjects,dc=domain,dc=com
ou: Users
objectclass: referral
objectclass: extensibleObject
ref: ldap://HOSTNAME/ou=people,dc=domain,dc=com?cn,sn,givenName,telephoneNumber,mail
After updating my referral and I make an ldapsearch:
# ldapsearch -xLLL "(uid=admin)"
I still get two entries (two administrators) and both of them returns
all its attributes. Then I tried to modify my referral like this:
dn: ou=Users,ou=OxObjects,dc=domain,dc=com
ou: Users
objectclass: referral
objectclass: extensibleObject
ref: ldap://HOSTNAME/ou=people,dc=domain,dc=com??sub?(!(uid=admin))
And still get two entries (two administrators). So I suspect that my
referral URI isn't working. Am using a wrong referral? Or maybe
OpenLDAP always returns all entries ignoring attributes and filters in
a URI referral (ldap://HOSTNAME/ou=people,dc=domain,dc=com?cn,sn,givenName,telephoneNumber,mail)?
I hope some one can help me because i'm stuck with this since two days
ago. I just want to limit the entries returned by my referral.
Thanks