On Thu, Jul 3, 2008 at 9:12 AM, Volker Lendecke <[EMAIL PROTECTED]> wrote: > > Can you send sample code how this should be done. AFAIK the > LDAP libs should take care of this. That's the whole point > of having the rebind_proc stuff around.
I believe that the OpenLDAP libraries have been able to chase referrals and failovers and deal with heavily paged search results for many years now. In the case of searching, programmers must use the API correctly (in other words, don't ignore just it when the libs return a "more results pending" flag) but in the case of referrals LDAP_OPT_REFERRALS is by default set to LDAP_OPT_ON, so it should be reasonably transparent to the programmer. Authoritative information should be easily available from the OpenLDAP.org site, so don't take my word for it! The most common problem I see with busted referrals is when someone sets up a program (such as samba) to use the local replica's rootdn/rootpw as defined in /etc/slapd.conf (which allows bypassing ACLs and whatnot) but does not define that dn and password to have appropriate access on the master server. If the admindn that samba is using does not have the ability to write the master slapd, it won't matter if it has unrestricted access to the slave. --Charlie -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba