directory-api mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Seelmann <m...@stefan-seelmann.de>
Subject Re: Last needed feature for teh API : referral handling
Date Sat, 12 Nov 2016 12:00:02 GMT
On 11/12/2016 10:31 AM, Emmanuel L├ęcharny wrote:
> Hi guys,
> 
> 
> there is one last feature that is critical for the API, it's teh
> referral handling. Basically, we need to be able to automatically send a
> new request when we receive a Referal response. It's not that complex,
> we just need to pen a new onnection and send the request.
> 
> 
> There are a few things to take care of, naturally :
> - we should not end up hoping from referal to referal indefinitively. A
> limit has to be set
> - we must detect cycles (but that can be done using the above limit).
> - we need to distinguish between a referal we must follow from a referal
> we must treat as a value. Typically, the second form might be available
> for the user to edit it.

I think what is missing is what already Radovan mentioned [1]: different
connection parameter. For example: For the read-only LDAP slave one
browses without authentication and uses no encryption. But when
modifying an entry the referral to the LDAP master requires StartTLS and
GSSAPI authentication. Such a scenario requires user interaction.

What may also be possible is to configure the LdapConnection with
possible LdapConnectionConfig objects, and only thowse are considered
when following referrals.

Kind Regards,
Stefan

[1]
https://mail-archives.apache.org/mod_mbox/directory-api/201603.mbox/%3C56D95944.5090703%40evolveum.com%3E


Mime
View raw message