Le 12/11/16 à 13:00, Stefan Seelmann a écrit : > On 11/12/2016 10:31 AM, Emmanuel Lécharny wrote: >> Hi guys, >> >> >> there is one last feature that is critical for the API, it's teh >> referral handling. Basically, we need to be able to automatically send a >> new request when we receive a Referal response. It's not that complex, >> we just need to pen a new onnection and send the request. >> >> >> There are a few things to take care of, naturally : >> - we should not end up hoping from referal to referal indefinitively. A >> limit has to be set >> - we must detect cycles (but that can be done using the above limit). >> - we need to distinguish between a referal we must follow from a referal >> we must treat as a value. Typically, the second form might be available >> for the user to edit it. > I think what is missing is what already Radovan mentioned [1]: different > connection parameter. For example: For the read-only LDAP slave one > browses without authentication and uses no encryption. But when > modifying an entry the referral to the LDAP master requires StartTLS and > GSSAPI authentication. Such a scenario requires user interaction.
Indeed. AFAICT, there is nothing specific in any RFC about the 'follow' option, except that we implicitely reuse the same credentials, which is clearly a limitation. Now, we have two options here : - we let the user take care of the credentials, and that means 'follow' is not an option. - we add some configuration in the conection to let the API creating a connection using distinguished credentials based on the targetted serv IMO, the second option, while ideal, would add some increased complexity. I would really favor the first solution atm, at least for 1.0 -- Emmanuel Lecharny Symas.com directory.apache.org
