[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Help with a referral
- To: openldap-technical@openldap.org
- Subject: Re: Help with a referral
- From: Jason Voorhees <jvoorhees1@gmail.com>
- Date: Thu, 3 Jun 2010 14:51:36 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=K+iwuknqIgNYo5K+i2FUIWEXbtH7EaaiyE8RkkHbcsU=; b=hmyB181H/0FqKgOAMv24cRJcxpzbthmkDKRKlkY2XOhP5WlWGLxKhRXkDS2q5Bhkbs XtdKTRGSNEfihc6qRfrjRCsZBOlTOvUPu7XjagruRWImUThXmh5bCMUlCDxLRbaY3X2z vlJLyrvXXiTV2Jgpgd8Ky50JLD9GxDzusq+Ik=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=H7xmB4KMcwRXEUiz5tBXUmh5ZmAmLdT3Kn6sM5f5w7Xm1ywdmOKw9xvnnuZX2H16el TwY2+i3UpQKmNp6+URre1+TKKY3mJ0vsAQp2HXo6nE52s1Iv2acG7U9kmL1CuNRrun14 rPQqX8zKIGY1spgKpPWJvr8S7/72bgdgrK+TE=
- In-reply-to: <fa56c869438e441c89163bc599abd899.squirrel@www.aero.polimi.it>
- References: <AANLkTikGNsz4ryCNhzPX6KwY4Px9EvHboNWHM5d80a9z@mail.gmail.com> <fa56c869438e441c89163bc599abd899.squirrel@www.aero.polimi.it>
>
> Referrals don't work like that. Read RFC4511: the <attrs> field is not
> mentioned. It mentions, indeed, the <filter> field, but OpenLDAP does not
> handle this. The behavior you possibly expect is not strictly specified,
> AFAIK.
>
> I think you have a couple of options:
>
> 1) use ACLs to hide that entry to some specific clients
>
> 2) use a dummy proxy instead of a referral; the dummy proxy could massage
> the request/response DNs, and the original server could use ACLs to hide
> that entry from the results returned to the proxy.
>
I tought OpenLDAP could support that kind of referrals. Now I think
the best option is the best for my scenario.
Thanks a lot
> p.
>
>