Filipe Brandenburger wrote:
So, my questions are:
1. How do I get ldapmodify, ldapdelete, ... to follow referrals?
2. Will pam_ldap (when changing passwords) follow referrals?
You shouldn't chase referrals at the client's side. Rather use
slapo-chain to let the server chase the referral (chain the request to
I will try to see if referrals will work first, then I'll
start going down that route.
The LDAPv3 specification is incomplete regarding referrals since it does
not specifiy what the client should do regarding binding to the referred
server. So vendors implemented it differently.
Example: The rule within MS AD domains is to just use the domains
credentials you used before.
But it's not implemented like this in OpenLDAP libs since not generally
In web2ldap I'm presenting a login form to the user letting him
interactively decide what to do when chasing the referral.