Hi,
On Sat, Feb 28, 2009 at 8:37 PM, Pierangelo Masarati ando@sys-net.itwrote:
Rakesh Yadav wrote:
I want to establish communication between two ldap servers at different
machines. For this i have used "ref attribute of ldap" by using this attribute, i am
Not sure what you mean, but I presume you're using the LDAP referral mechanism.
*If the server *a.example.net* holds *dc=example,dc=net* and wished to delegate the subtree *ou=subtree,dc=example,dc=net* to another server * b.example.net*, the following named referral object would be added to * a.example.net*:*
* dn: dc=subtree,dc=example,dc=net objectClass: referral objectClass: extensibleObject dc: subtree ref: ldap://b.example.net/dc=subtree,dc=example,dc=net *
*The server uses this information to generate referrals and search continuations to subordinate servers.* I think now u have understood what i want to explain.
able to retrieve
entries of second ldap server. Means i can read or search entries of second server from first ldap server.
But the problem comes when i want to modify any attribute of an entry of second server from the first server.
Definitely i am having some access permissions related error.
Here i am attaching slapd.conf files of both ldap servers.
*First Server* *slapd.conf:*
(snip)
*access to * by * write*
^^^ not a wise policy, I hope it's just for testing. In any case you can't have any access privilege issue with it. Granted.
Actually this is just for testing purpose.
*Second server's slapd.conf:*
(snip)
*access to * by * write*
^^^ same as above
*FIRST LADP SERVER DN*:
fn=test_ref,fn=bioinfo,fn=gstorage,fn=gfs,dc=cdac,dc=in
where *test_ref* is having *ref* attribute
dn: fn=test_ref,fn=bioinfo,fn=gstorage,fn=gfs,dc=cdac,dc=in objectClass: referral objectClass: extensibleObject fn: test_ref ref: ldap://192.168.5.243/fn=test_ref,dc=cdac,dc=in
*NOW SECOND LDAP SERVER is having DN*:
dn: fn=test1,fn=test_ref,dc=cdac,dc=in
Now i want to delete "*fn=test1,fn=test_ref,dc=cdac,dc=in*" this entry. I have used ldap command line tool "*ldapdelete*" and executed this tool on *first LDAP machine*.
Then the result of command is:
**[root@tapti LDIF]# ldapdelete -x -h "tapti" -D "cn=Manager,dc=cdac,dc=in" "fn=test1,fn=test_ref,fn=bioinfo,fn=gstorage,fn=gfs,dc=cdac,dc=in" -w "secret" ldap_delete: Referral (10) matched DN: fn=test_ref,fn=bioinfo,fn=gstorage,fn=gfs,dc=cdac,dc=in referrals: ldap://
192.168.5.243/fn=test1,fn=test_ref,fn=bioinfo,fn=gstorage,fn=gfs,dc=cdac,dc=in
This is the expected behavior: ldapdelete provides no means to automatically chase referrals.
actually i m using ldap_delete_ext_s() for deleting an entry. *Can this ldap api be used for deleting referral entries?*
One more thing *Can this ldap api ldap_modify_ext_s() be used for updating referral entries ?*
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it
Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it