Kurt Zeilenga wrote:
On Jun 3, 2010, at 11:17 AM, masarati@aero.polimi.it wrote:
Or maybe OpenLDAP always returns all entries ignoring attributes and filters in a URI referral (ldap://HOSTNAME/ou=people,dc=domain,dc=com?cn,sn,givenName,telephoneNumber,mail)?
That's what I would expect given RFC 3296 says servers are to strip out such information when returning referrals to clients. If the server chases it instead, the server should do it's best to provide what the client would have gotten if it had chased it itself. The client would not have gotten the extra stuff, so the server should not be using it in chaining.
With web2ldap I'm trying to enforce what the user interactively input as parameters for the search. So when (interactively) chasing the referral I only use the hostport and DN portion of the referral URL.
Try yourself with variations of this combined web2ldap/LDAP-URL:
http://demo.web2ldap.de:1760/web2ldap?ldap://ldap.uninett.no/dc=hio,dc=no
Ciao, Michael.