directory-api mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Seelmann <>
Subject Re: Last needed feature for teh API : referral handling
Date Sat, 12 Nov 2016 12:00:02 GMT
On 11/12/2016 10:31 AM, Emmanuel L├ęcharny wrote:
> Hi guys,
> there is one last feature that is critical for the API, it's teh
> referral handling. Basically, we need to be able to automatically send a
> new request when we receive a Referal response. It's not that complex,
> we just need to pen a new onnection and send the request.
> There are a few things to take care of, naturally :
> - we should not end up hoping from referal to referal indefinitively. A
> limit has to be set
> - we must detect cycles (but that can be done using the above limit).
> - we need to distinguish between a referal we must follow from a referal
> we must treat as a value. Typically, the second form might be available
> for the user to edit it.

I think what is missing is what already Radovan mentioned [1]: different
connection parameter. For example: For the read-only LDAP slave one
browses without authentication and uses no encryption. But when
modifying an entry the referral to the LDAP master requires StartTLS and
GSSAPI authentication. Such a scenario requires user interaction.

What may also be possible is to configure the LdapConnection with
possible LdapConnectionConfig objects, and only thowse are considered
when following referrals.

Kind Regards,


View raw message