Hello,

I have 2 LDAP servers:

-machine 1:” localserver.domain.com” : the DIT is

 

dn: dc=example

dc: bsr-ivv

objectClass: top

objectClass: dcObject

objectclass: organization

o: AAA

dn: ou=Users,dc=example

objectClass: top

objectClass: organizationalUnit

ou: Users

 

dn: ou=Groups,dc=example

objectClass: top

objectClass: organizationalUnit

ou: Groups

 

-machine 2:  “centralserver.domain.com”: the DIT is the SAME.

 

and i want that request not found on "localserver.domain.com"  should be delegated to  “centralserver.domain.com”

 

the configuration of "localserver.domain.com" is:

dn: cn=config

objectClass: olcGlobal

cn: config

olcArgsFile: /var/run/openldap/slapd.args

olcPidFile: /var/run/openldap/slapd.pid

olcTLSCACertificatePath: /etc/openldap/certs

olcTLSCertificateFile: "OpenLDAP Server"

olcTLSCertificateKeyFile: /etc/openldap/certs/password

structuralObjectClass: olcGlobal

creatorsName: cn=config

olcReferral: ldaps://centralserver.domain.com

olcLogLevel: -1

 

 

I use the command "ldapsearch" on “localserver” to request data about "admincentral1" that only exists on "centralserver.domain.com" machine:

>ldapsearch  -H ldaps://localserver.domain.com  -b ou=Users,dc=bsr-ivv    -w password   -D "cn=Admin,dc=example"  uid=admincentral1  mail -x -C   -d 129

 

But the client "ldapsearch" does not get the refferal of "centralserver" LDAP from  "localserver".

I look at slap logs and ldapsearch logs but the refferal is never received.

 

Shall i activate anything else?

NB: if i use referral Objects, this works fine: i found logs like :

"

Jan 13 13:44:55 m-deploy slapd[24898]: send_ldap_result: referral="ldaps://centralserver.external.domain.com/ou=Users,dc=example"

"

but with that configuration, no referral are received by client…

 

Best regards

Fabrice