ldap 3.3: Referral objectclasses *cannot* work

Ed Oskiewicz (eoskiewi@jungle.bt.co.uk)
Wed, 16 Oct 1996 15:18:44 +0100

Hi all

I've spent some more time debugging ldapsearch and slapd to find out why I
cannot crosslink directories using the referral objectclass. The conclusion
I have come to is that the functionality seems to be absent from the server.

To recap, I have two slapd daemons running on different machines, each has a
directory entry (added via ldif2ldbm) of the form:

dn: ref="ldap://other.host/o=other org, c=gb",o=my org, c=gb
objectclass: referral

In the test there is nothing in either machines config file referring to the
other machine and *there is no statically defined referral host*.

On the machine supporting "my org", queries of the form

ldapsearch -b "o=other org, c=gb" 'person in other org'
return a result of Partial result and referral received

queries of the form
ldapsearch -b "o=my org, c=gb" '&(o=other org)(c=gb)(sn=person in other org)'
return nothing at all

Look in file server/slapd/search.c, and just before the end there is a
comment "We could be serving multiple database backends..." it seems that
do_search only looks for base dns defined in the config file otherwise it
returns LDAP_PARTIAL_RESULTS. This explains why the first example returns
what it does, it means "no backend defined for this base, try your referral
server". From this I conclude that only the statically defined referral host
can be used and that chapter 10 of the slapd administrator's manual is
wholly fictitious.

Please someone prove me wrong as I have sold LDAP internally on the basis of
being able to 'mount' directories on each other in a fashion hinted at in
chapter 10 of the SAM. Failing that, when is this functionality likely to


Ed Oskiewicz

      B54/76, BT Labs, Martlesham Heath, Ipswich, Suffolk, UK, IP5 7RE
	  oskiewicz_e_p@bt-web.bt.co.uk, eoskiewi@jungle.bt.co.uk
		  Tel +44 1473 640896, Fax +44 1473 640929