masarati@aero.polimi.it wrote:

...

Full_Name: Ryan Steele Version: 2.4.18 OS: Ubuntu Server URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (207.106.239.81)

Per conversation on the #openldap IRC channel on Freenode with Howard Chu, it has been deemed appropriate to modify the behavior of updateref to answer referrals on the backend. This would allow one to use updateref to automatically chase referrals for individual backends, instead of it being all or nothing. Here is the tail end of the channel conversation:

<hyc> when you configure an updateref on a backend, that referral is only generated in the frontend so putting the overlay on the database, misses it...

<rgsteele> Well, I am intending to set an updateref on that backend

<hyc> then you have a problem

<rgsteele> Hm, so you can't do automatic referrals on individual backends then?

<rgsteele> That was my original question, or at least the intent of it.

<hyc> not using updateref, no

<rgsteele> Does your response imply there's another way?

<hyc> probably we should fix updateref to be generated at the backend level

<rgsteele> That would be good - I'd be happy to write tests or something to help with that.

<hyc> the "other way" is the normal referral mechanism - using referral entries inside a database

<hyc> but like I said, updateref is a relic, we've carried it forward without really adapting it

<hyc> probably should file an ITS about this

<rgsteele> Interesting, I wasn't aware of that method. I'll have to do some research on that - thanks! Also, is there anything I can do to help get the process of fixing updateref to generate referrals on the backend?

<rgsteele> I can file the ITS if you like?

<hyc> go ahead

It is correct that referrals are generated by the frontend, but the frontend uses information contained in the updateref of each database. The slapo-chain needs to be global, in order to intercept those referrals.

Although redesigning referral generation in slapd could streamline things, I don't quite see what issues can't be addressed using a global instance of slapo-chain. You can configure referral chasing differently for different domains using the chain-uri directive. I favor fixing only what's actually broken.

The request revolves around having different behavior for different databases. With a global slapo-chain you cannot turn off referral chasing; URIs that are not explicitly configured will still be chased.

Also in terms of logical abstraction the current behavior is wrong; the frontend should of course generate the default_referral responses but updateref is a per-backend item and should be generated at the backend layer. Ideally this would all have been fixed to behave correctly by moving all replication support into an overlay, where it properly belongs. As an interim step it would be trivial to write an updateref overlay that supersedes the current updateref behavior.