Hi, first of all thanks for the answer, and sorry that I haven't replied earlier. Lots of reasons not really interesting for anybody and a bit of good ol' laziness, of course ;)
>> Which ldapsearch tool are you talking about? OpenLDAP's command-line >> tool ldapsearch does not have an option -C. Do you have several >> implementations of ldapsearch on your system? That's true, if you consider the latest version(s?) of ldapsearch. There used to be a -C option for client-chasing referals. I'm not sure exactly when or why this was taken out, but even after it was removed from the documentation it lingered as an "undocumented feature" for while, meaning you could use it if you happened to know about it. The guys here at work also tells me that before it got removed completely it remained in some broken kind of way, that is, you could still use the option, but it wouldn't quite work. I've never seen this myself though. By the way (looking now), where I sit, "man ldapsearch" gives me, among other things: -C Chase referrals (anonymously) This is OpenLDAP 2.3.37. >>Are you talking about client-chasing of LDAPv3 referrals? Yes, you can >>do it by processing the LDAP URLs returned in search continuations >>yourself. You have to check the result type to be >>ldap.RES_SEARCH_REFERENCE. You can then use module 'ldapurl' to parse >>the referral URL in the result. Yes, that's what I'm talking about. Since my question we've also decided to do things this way, and parse the replies manually instead of trying to make the server do anything for us. >>Note that the concept of client-chasing referral chasing is seriously >>broken since the LDAPv3 standard does not specify which credentials to >>use when connecting to the server specified in the referral URL. My >>web2ldap therefore raises a bind form to interactively ask the user >>what >>to do in this case. So I'd rather recommend to configure your LDAP >>server to chase the referral with well-defined credentials if it >>supports chaining or however it's called in your LDAP server (which >>one?). That's some useful information. Our server is OpenLDAP. Not sure which version right now, though. Think I've got the hang of it now. I will simply check the type of the reply manually and keep requesting around 'til I don't get another reference. Thanks again! Greetings, Fredrik
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensign option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects
_______________________________________________ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
