Brian Reichert wrote:
On Tue, Sep 12, 2017 at 10:07:29PM +0100, Howard Chu wrote:
Brian Reichert wrote:
On Tue, Sep 12, 2017 at 01:00:25PM -0700, Ryan Tandy wrote:
On Tue, Sep 12, 2017 at 03:56:07PM -0400, Brian Reichert wrote:
Is this a supported option? Is it documented somewhere officially? I couldn't find it after a quick search...
According to http://www.openldap.org/its/?findid=7177 it is "deprecated and intentionally undocumented".
Helpful pointer, thanks!
If it's deprecated, what's the approved method of coercing ldapsearch to pursue referrals?
ldapsearch shouldn't pursue referrals. The directory server you're using should chain requests for you instead of ever returning referrals.
Regrettably, the directory server, in this case, is Active Directory.
https://technet.microsoft.com/en-us/library/cc978014.aspx
Active Directory returns referrals in accordance with RFC 2251.
https://social.technet.microsoft.com/Forums/ie/en-US/41d26e7a-a65c-47fe-b818...
I don't see Microsoft changing their tune anytime soon. :/
I have to admit, this is the first I've heard of chaining a request.
This might a way out for me:
http://blog.heeresonline.com/2014/04/activedirectory-ldap-referrals-chasing/
In any event, it's clear that directory servers _can_ return referrals, and as such, it surprises me that there isn't a supported way for OpenLDAP's tool to honor such a configuration.
I presume this has been discussed to death on this list, but I couldn't find any historical threads on the topic. Can you provide some references?
The option was removed from the documentation back in 2002. Most likely any discussion would have been on the openldap-software mailing list, which was used before openldap-technical was created.
I suggest you look at http://lmgtfy.com/?q=site:openldap.org+referral+ldapsearch
On Tue, Sep 12, 2017 at 11:15:58PM +0100, Howard Chu wrote:
The option was removed from the documentation back in 2002. Most likely any discussion would have been on the openldap-software mailing list, which was used before openldap-technical was created.
I suggest you look at http://lmgtfy.com/?q=site:openldap.org+referral+ldapsearch
Yes, very clever. Believe it or not, I am familiar with search engines.
I was looking for specific references surrounding the topic of removing the feature from ldapsearch.
You were at least kind enough to provide reference to a time frame and mailing list; perhaps I can find something informative in the archives there.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
openldap-technical@openldap.org
-
Brian Reichert -
Howard Chu