On 11/12/2016 10:31 AM, Emmanuel Lécharny wrote: > Hi guys, > > > there is one last feature that is critical for the API, it's teh > referral handling. Basically, we need to be able to automatically send a > new request when we receive a Referal response. It's not that complex, > we just need to pen a new onnection and send the request. > > > There are a few things to take care of, naturally : > - we should not end up hoping from referal to referal indefinitively. A > limit has to be set > - we must detect cycles (but that can be done using the above limit). > - we need to distinguish between a referal we must follow from a referal > we must treat as a value. Typically, the second form might be available > for the user to edit it.
I think what is missing is what already Radovan mentioned [1]: different connection parameter. For example: For the read-only LDAP slave one browses without authentication and uses no encryption. But when modifying an entry the referral to the LDAP master requires StartTLS and GSSAPI authentication. Such a scenario requires user interaction. What may also be possible is to configure the LdapConnection with possible LdapConnectionConfig objects, and only thowse are considered when following referrals. Kind Regards, Stefan [1] https://mail-archives.apache.org/mod_mbox/directory-api/201603.mbox/%3C56D95944.5090703%40evolveum.com%3E
