On 07/29, Pierangelo Masarati wrote: > Csillag Tamas wrote: > >I use openldap for a while, but I stuck with getting referrals to > >work. > > > >I have to suffixes: > >dc=mkpk,dc=hu > >dc=itk,ppke > > > >I store them in two diffent databases (yes I want to store them that way > >if possible). > >Several applications e.g. the mailserver need both databases. > > > >I thought that referrals is the solution to my problem so I created > >dc=top > >and created referrals: > >[EMAIL PROTECTED]:/service/slapd # ldapsearch -v -x -b 'dc=top' '' > >ldap_initialize( <DEFAULT> ) > >filter: (objectclass=*) > >requesting: > ># extended LDIF > ># > ># LDAPv3 > ># base <dc=top> with scope subtree > ># filter: (objectclass=*) > ># requesting: > ># > > > ># top > >dn: dc=top > > > ># search reference > >ref: ldap://ldap.itk.ppke.hu/dc=mkpk,dc=hu??sub > > > ># search reference > >ref: ldap://ldap.itk.ppke.hu/dc=itk,dc=ppke??sub > > > ># search result > >search: 2 > >result: 0 Success > > > ># numResponses: 4 > ># numEntries: 1 > ># numReferences: 2 > > > >Now how can I issue searches which search under both tree? > > > >ldapsearch -a always -v -x -b 'dc=top' '' returns the same answer. > > > >ldapsearch -a always -v -x -b 'dc=top' 'uid=cstamas' > >returns the "plain" referrals while (see above) > >ldapsearch -v -x -b 'dc=mkpk,dc=hu' 'uid=cstamas' > >returns the desired answer. > > > >Am I wrong here? what I'm missing? > >"-a always" is not the right knob? > > > man ldapsearch(1) will tell you that "-a" has nothing to do with > referrals, like any of the remaining switches. For the purpose you're > trying to achieve, referrals might not be the best solution, because you > delegate referral chasing to the client. OpenLDAP's ldapsearch(1), for > example, doesn't chase referrals automatically; you need to add the > (undocumented) "-C" switch.
After sending my first mail I found out that. (But did not know about the -C switch.) See my second mail which did not arrived yet. :-( > Many other clients (including, possibly, > your mail-related application) will behave similarly, so you're better > off pursuing a different solution. See "subordinate" in slapd.conf(5), > for example. Subordinate needs a common prefix for the two databases, do they? (If I understand correctly.) That's what I was trying to avoid, with referrals. I'm ready to go the way you suggest just want to make sure what and how to do it correctly. dc=itk,dc=ppke is in production, dc=mkpk,dc=hu is a new suffix, I do not want to make big changes in dc=itk,dc=ppke, but can move dc=mkpk,dc=hu to dc=mkpk,dc=ppke. So I need to create a dc=ppke root element to create a common root prefix. Then create dc=mkpk,dc=ppke and set the subordinate flag for this database. Both must have a same rootdn. If I start a search against dc=ppke I can search both databases. Please correct me if I wrong. Thanks for your time. CSILLAG Tamas. For the archive: Postfix knows how to chase referrals, Courier and Dovecot do not. As LDAP_OPT_REFERRALS is in the API it is not hard to add. -- Radioactive cats have 18 half-lives. CSILLAG Tamas (cstamas) - http://digitus.itk.ppke.hu/~cstamas
