So in my example, I am using Avential To authenticate against my OPENLdap server. If that account is not on the local OpenLDAP server, but on another OpenLDAP server, referrals will not pass along the request? I will have to look up X.500 DAP services and go that route? Just want to clarify before I abandon the referral route.
Mack
On Feb 26, 2008, at 6:07 AM, Howard Chu wrote:
Dieter Kluenter wrote:
"Mack Jenkins"mack.jenkins@gmail.com writes:
What I am trying to do is this. When my OpenLDAP server is queried for authentication, if the user id and password are not local to my OpenLDAP server, but they do exist on another OpenLDAP server, I want my OpenLDAP server to tell the application that sent the log in request, to go to that other OpenLDAP server for authentication. I am hoping this can be done automatically without the user having to make another login attempt.
Your are requesting X.500 DAP services. LDAP only supports referrals. If uid is part of the DN, you may create a named referral locally and have the client to follow this referral and rebind to the remot server.
As Ando already pointed out, referrals are not the answer here, and OpenLDAP already provides other alternatives that will work.
-- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/