Michael wrote: > Why do you want to enable referral chasing? I didn't want. But our printer provides the option to be enabled or disabled, and the customer found it doesn't work in an ADS, which is at the same time a DNS server.
> Yes, that's the default behaviour of most LDAP client libs > for automatic referral chasing. Obviously it's wrong. > > Letting the LDAP client chase referrals is a fundamentally > broken concept in LDAPv3 anyway because there is no clear > definition at all which credentials the client should use > when chasing the referral. Yes, it seems in chasing the referral, the printer doesn't know which credential to be used to bind to the referred servers (therefore the binding was anonymous in the trace). Hence, the error indicates a successful binding must be done beforehand. But I can't explain the intermittent success in LDAP search. Is it due to that sometimes, the DNS server can't find out the IP Address of the host name used in the referral URI? > Speaking of AD as a LDAPv3 implementation with a certain > profile or additional assumptions the client could use the > same credentials he used to bind to the originating server. I > think that's the way the AD developers thought about it in > the light of domain trusts etc. But again that's not a valid > assumption in general for a LDAP client application. > > In general the application has to be configured with a-priori > knowledge how to bind to the referral's target. So, can I say that this referral is not recommended in LDAPv3 implementation? Thanks a lot for your detailed explanation, Michael! Xu Qiang _______________________________________________ dev-tech-ldap mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-ldap
