That makes a lot more sense, thanks.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Paul Blondé -----Original Message----- From: Kurt Zeilenga [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 17, 2007 5:19 PM To: Paul Blondé Cc: [email protected] Subject: Re: How do I tell ldapsearch to authenticate to the referred to LDAPserver when chasing a referral? On Jul 17, 2007, at 2:37 PM, Paul Blondé wrote: > What? > > This directory protocol that so many people are using to > authenticate and > provide information throughout and between their networks has no > way to > perform authenticated queries across servers? LDAP is specified as a client/server protocol. When a server returns a referral to another server, it's completely up to the client to determine if and how to chase it, including whether to authenticate and how. A client which passes the user's password to a server just because it got a referral to it, well, would be quite naive. While it certainly possible to construct a client which authenticates to the referred to server some how when chasing a referral, ldapsearch(1), being unsophisticated (by design) doesn't. It takes a lot of sophistication to properly manage security contexts in a distributed environment.... (I note that -C is/was undocumented on purpose. I'm sure the reasons can be found in numerous places in the archives.) -- Kurt
