RE: How do I tell ldapsearch to authenticate to the referred to LDAPserver when chasing a referral?

What?

This directory protocol that so many people are using to authenticate and provide information throughout and between their networks has no way to perform authenticated queries across servers?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Paul Blondé

-----Original Message----- From: openldap-software-bounces+jpb=entel.ca@openldap.org [mailto:openldap-software-bounces+jpb=entel.ca@openldap.org] On Behalf Of Kurt Zeilenga Sent: Tuesday, July 17, 2007 11:50 AM To: Comisario, Alejandro Cc: openldap-software@openldap.org Subject: Re: How do I tell ldapsearch to authenticate to the referred to LDAPserver when chasing a referral?

You cannot. ldapsearch(1) can only chase referrals anonymously.

On Jul 17, 2007, at 7:53 AM, Comisario, Alejandro wrote:

Hello everyone.

I have an OpenLDAP 2.3.30 running on Debian Etch Stable in a DMZ, managing external users for an application. But at the same time i want this openLDAP to comunicate when given for a specific DN with another directory service on my internal network. The connection between the two machines passing thru the firewall is correct.

The reference are: openLDAP machine : doldap.sc.com with domain dc=si,dc=com the other directory : adldap.adsc.com with domain dc=adsc,dc=com

I defined the referral like this: dn: ou=test,dc=adsc,dc=com objectClass: referral objectClass: extensibleObject dc: prueba ref: ldap://adldap.adsc.com/ou=test,dc=adsc,dc=com

So, when i query something like this (anonymous): ldapsearch -b "ou=test,dc=adsc,dc=com" -H ldap://doldap.sc.com -x

I get this response: # extended LDIF # # LDAPv3 # base <ou=prueba,dc=adsc,dc=com> with scope subtree # filter: (objectclass=*) # requesting: ALL #

# search result search: 2 result: 10 Referral ref: ldap://adldap.adsc.com/ou=prueba,dc=adsc,dc=com??sub

# numResponses: 1

So, apparently the referral for that query is found, next i tell ldapsearch to follow it: ldapsearch -b "ou=test,dc=adsc,dc=com" -H ldap://doldap.sc.com -x -C

The openLDAP try to follow the referral and get this response from the other service: # extended LDIF # # LDAPv3 # base <ou=prueba,dc=adsc,dc=com> with scope subtree # filter: (objectclass=*) # requesting: ALL #

# search result search: 2 result: 1 Operations error text: 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece

# numResponses: 1

So, How do I tell ldapsearch to authenticate to the referred to LDAP server when chasing a referral? Hope someone can helpme.

Regards.

.A l e j a n d r o.