Thanks for the answer. I've modified my client with ldap_set_rebind_proc, and now it successfully rebinds to the referred server.
After it binds successfully and does a search, my client goes into a infinite loop. Looking with ethereal it looks like the loop is of search, server error, search, server error, etc. The server error I get each time is this (courtesy of ethereal)... Error Message: 0000202B: RefErr: DSID-12345678, data 0, 1 access points\n\tref 1: 'my.server.example.com'\n ERROR: Couldn't parse referral URL sequence header: Wrong type for that item ERROR: Couldn't parse LDAP Controls: Wrong type for that item Any ideas? Thanks, - Jeremiah On 9/14/06, Pierangelo Masarati <[EMAIL PROTECTED]> wrote:
Jeremiah Martell wrote: > Hello, > > I'm seeing something strange (or perfectly normal) with openldap in > regards to referrals. > > I set LDAP_OPT_REFERRALS to LDAP_OPT_ON, and LDAP_OPT_DEREF to > LDAP_DEREF_ALWAYS. When I do a search openldap successfully chases > down referrals, but when it binds to the referred server, it does so > anonymously. > > Is this expected? Should I be able to say to use the same creds as the > referring server? Is there something else I may be missing? OpenLDAP clients, by design, rebinds anonymously when automatically chase referrals. If you want a different behavior you should write your own client and use ldap_set_rebind_proc(3) to customize the way you want bind to be propagated when chasing referrals. A quick solution would be to customize existing clients, e.g. ldapsearch(1). The reason this is not automatically done has been discussed many times, so I suggest you search the archives. To make it short, it's insecure to give away credentials that way, unless you know you can trust the URI you are being referred to; and you may know only if you see it. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: [EMAIL PROTECTED] ------------------------------------------
