What I am trying to do is this. When my OpenLDAP server is queried for authentication, if the user id and password are not local to my OpenLDAP server, but they do exist on another OpenLDAP server, I want my OpenLDAP server to tell the application that sent the log in request, to go to that other OpenLDAP server for authentication. I am hoping this can be done automatically without the user having to make another login attempt.
Here is what I have in my slapd.conf file. What what I have found, I thought this would work, but the applicaiton trying to log in, is not being passed off to the other OpenLDAP server.
database bdb suffix "dc=ilsvpn,dc=ibm,dc=com" rootdn "cn=anubis,dc=ilsvpn,dc=ibm,dc=com" rootpw stuff here directory /var/lib/ldap/ilsvpn mode 0600
dn: ou=bluepages,o=ibm.com objectClass: referral ref: ldaps://bluepages.ibm.com/ou=bluepages,o=ibm.com
Mack
On Fri, Feb 22, 2008 at 1:00 PM, Hallvard B Furuseth h.b.furuseth@usit.uio.no wrote:
Mack J. Jenkins, II writes:
Does anyone have a good starting point for OpenLDAP and referrals? I think I have it working, but I'm not 100% sure, and would like to know if I am on the right path.
If you mean to put referral objects in the directory: RFC 3296. In your referral objects, don't use a different DN in the 'ref' attribute than the referral object's DN.
If you want the server to follow the referrals instead of sending them to the client, see man slapo-chain.
Unless you just mean the 'referral' directive described in man slapd.conf - referrals for requests outside your "suffix" in slapd.conf.
-- Hallvard