Filipe Brandenburger wrote:
So, my questions are:
How do I get ldapmodify, ldapdelete, ... to follow referrals?
Will pam_ldap (when changing passwords) follow referrals?
You shouldn't chase referrals at the client's side. Rather use slapo-chain to let the server chase the referral (chain the request to the master).
I will try to see if referrals will work first, then I'll start going down that route.
The LDAPv3 specification is incomplete regarding referrals since it does not specifiy what the client should do regarding binding to the referred server. So vendors implemented it differently.
Example: The rule within MS AD domains is to just use the domains credentials you used before.
But it's not implemented like this in OpenLDAP libs since not generally true.
In web2ldap I'm presenting a login form to the user letting him interactively decide what to do when chasing the referral.
Ciao, Michael.