> Full_Name: Ryan Steele > Version: 2.4.18 > OS: Ubuntu Server > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (207.106.239.81) > > > Per conversation on the #openldap IRC channel on Freenode with Howard Chu, > it > has been deemed appropriate to modify the behavior of updateref to answer > referrals on the backend. This would allow one to use updateref to > automatically chase referrals for individual backends, instead of it being > all > or nothing. Here is the tail end of the channel conversation: > > > <hyc> when you configure an updateref on a backend, that referral is only > generated in the frontend so putting the overlay on the database, misses > it... > > <rgsteele> Well, I am intending to set an updateref on that backend > > <hyc> then you have a problem > > <rgsteele> Hm, so you can't do automatic referrals on individual backends > then? > > <rgsteele> That was my original question, or at least the intent of it. > > <hyc> not using updateref, no > > <rgsteele> Does your response imply there's another way? > > <hyc> probably we should fix updateref to be generated at the backend > level > > <rgsteele> That would be good - I'd be happy to write tests or something > to help > with that. > > <hyc> the "other way" is the normal referral mechanism - using referral > entries > inside a database > > <hyc> but like I said, updateref is a relic, we've carried it forward > without > really adapting it > > <hyc> probably should file an ITS about this > > <rgsteele> Interesting, I wasn't aware of that method. I'll have to do > some > research on that - thanks! Also, is there anything I can do to help get > the > process of fixing updateref to generate referrals on the backend? > > <rgsteele> I can file the ITS if you like? > > <hyc> go ahead
It is correct that referrals are generated by the frontend, but the frontend uses information contained in the updateref of each database. The slapo-chain needs to be global, in order to intercept those referrals. Although redesigning referral generation in slapd could streamline things, I don't quite see what issues can't be addressed using a global instance of slapo-chain. You can configure referral chasing differently for different domains using the chain-uri directive. I favor fixing only what's actually broken. p.
