<quote who="Comisario, Alejandro"> > Hello everyone. > > I have an OpenLDAP 2.3.30 running on Debian Etch Stable in a DMZ, managing > external users for an application. > But at the same time i want this openLDAP to comunicate when given for a > specific DN with another directory service on my internal network. > The connection between the two machines passing thru the firewall is > correct. > > The reference are: > openLDAP machine : doldap.sc.com with domain dc=si,dc=com > the other directory : adldap.adsc.com with domain dc=adsc,dc=com > > I defined the referral like this: > dn: ou=test,dc=adsc,dc=com > objectClass: referral > objectClass: extensibleObject > dc: prueba > ref: ldap://adldap.adsc.com/ou=test,dc=adsc,dc=com > > So, when i query something like this (anonymous): > ldapsearch -b "ou=test,dc=adsc,dc=com" -H ldap://doldap.sc.com -x > > I get this response: > # extended LDIF > # > # LDAPv3 > # base <ou=prueba,dc=adsc,dc=com> with scope subtree # filter: > (objectclass=*) # requesting: ALL # > > # search result > search: 2 > result: 10 Referral > ref: ldap://adldap.adsc.com/ou=prueba,dc=adsc,dc=com??sub > > # numResponses: 1 > > So, apparently the referral for that query is found, next i tell > ldapsearch > to follow it: > ldapsearch -b "ou=test,dc=adsc,dc=com" -H ldap://doldap.sc.com -x -C > > The openLDAP try to follow the referral and get this response from the > other > service: > # extended LDIF > # > # LDAPv3 > # base <ou=prueba,dc=adsc,dc=com> with scope subtree # filter: > (objectclass=*) # requesting: ALL # > > # search result > search: 2 > result: 1 Operations error > text: 00000000: LdapErr: DSID-0C090627, comment: In order to perform this > operation a successful bind must be completed on the connection., data 0, > vece > > # numResponses: 1 > > So, How do I tell ldapsearch to authenticate to the referred to LDAP > server > when chasing a referral? > Hope someone can helpme.
You need to actually bind as a user, e.g.: ldapsearch -b "ou=test,dc=adsc,dc=com" -H ldap://doldap.sc.com -x -C -D "uid=blah,dc=adsc,dc=com" -W Gavin. > > Regards. > > .A l e j a n d r o. > > > >
