<quote who="Pierangelo Masarati">
Gavin Henry wrote:
I will add the 'chain-return-error TRUE' as soon as it is available in the current 2.3 'stable' release ;-)
It's there since 2.3.33; only the man page slipped thru, sorry. Probably because man page updates were not considered a priority in re23 as it's feature frozen, while this was indeed a new feature.
Latest version of docs, with Jim's FAQ added:
http://suretec.org/our_docs/overlays.html#ChainingThanks Gavin. Quick note: probably in this case chain-idassert-authzFrom "*" is not appropriate, because the consumer should only return referrals on write, and the above statement would allow to chain anonymous modifications, which the provider will likely reject. Although this does not break security or anything like that, it seems to add a needless round trip for a definitely incorrect operation, unless someone explicitly allows anonymous modifications. I wouldn't put this in a (basic) example, though.
Removed and link above updated.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it
Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it