Menu
▾
▴
python-ldap-dev
|
From: Konstantin C. <Kon...@da...> - 2001-07-12 09:56:07
|
Hi Michael and All, Michael Ströder wrote: > When using (patched) python-ldap with OpenLDAP 2.0.x libs and I'm > trying to access > ldap://ldap.surfnet.nl/c=BE > I get back the referral LDAP URL > ldap://tor.dante.org.uk:1389??base > > That's almost ok. But the slash after hostport is missing. Is that > intentional? IMHO it should be > ldap://tor.dante.org.uk:1389/??base > I had a talk with the ldap.surfnet.nl manager, Henny Bekker. There seems to be a bug in their directory server. Henny told me they put the correct data for referrals, but they get changed in LDAP responces. I wasn't entirely convinced in the fact, until you got the same results... Anyway, they are going to migrate from their old server. They are considering OpenLDAPv2. And here goes a question to the core OpenLDAP developers: At a national level, there is a need to build an LDAP server containing lots (hundreds) of referrals to organisation LDAP servers. We consider such a server for browsing purposes (one-level search) only. Now, if a client sends a one level search request, it will get lots (hundreds) of referrals. It can choke on them easily. The idea is to keep cached entries along with ref entries. What is needed here is the ability to switch the request to DSA IT control mode automatically for every one-level request, even if the client hasn't asked about it. The patch for it is quite easy. The question is: would it be possible to add this as a standard server's behaviour (switched by a configuration directive)? Regards, Konstantin. -- * * Konstantin Chuguev - Application Engineer * * Francis House, 112 Hills Road * Cambridge CB2 1PQ, United Kingdom D A N T E WWW: http://www.dante.net P.S. Michael, could you try ldap.nameflow.net (root NC) for your referral testing. |
|
From: Michael <mi...@st...> - 2001-07-12 10:23:40
|
Konstantin Chuguev wrote: > = > Hi Michael and All, > = > Michael Str=F6der wrote: > = > > When using (patched) python-ldap with OpenLDAP 2.0.x libs and I'm > > trying to access > > ldap://ldap.surfnet.nl/c=3DBE > > I get back the referral LDAP URL > > ldap://tor.dante.org.uk:1389??base > > > > That's almost ok. But the slash after hostport is missing. Is that > > intentional? IMHO it should be > > ldap://tor.dante.org.uk:1389/??base > > > = > I had a talk with the ldap.surfnet.nl manager, Henny Bekker. There seem= s > to be a bug in their directory server. Henny told me they put the > correct data for referrals, but they get changed in LDAP responces. I > wasn't entirely convinced in the fact, until you got the same results..= =2E > = > Anyway, they are going to migrate from their old server. They are > considering OpenLDAPv2. I've uploaded the root.ldif of the DIRECT project to my local OpenLDAP 2.0.11 as well and it seems to work right. Sorry, I did not expect the problem to be limited to ldap.surfnet.nl. (Since OpenLDAP 2 is not able to hold a root naming context I have suffix directives for all national referral entries in slapd.conf). > P.S. Michael, could you try ldap.nameflow.net (root NC) for your > referral testing. That also seems to work quite ok with python-ldap built against OpenLDAP 2. Ciao, Michael. |
|
From: Konstantin C. <Kon...@da...> - 2001-07-12 10:37:00
Attachments:
patch-backend
|
Michael Ströder wrote: > expect the problem to be limited to ldap.surfnet.nl. (Since OpenLDAP > 2 is not able to hold a root naming context I have suffix directives > for all national referral entries in slapd.conf). > The patch (attached) for 2.0.11 fixes the problem with root naming contexts. It is incorporated to the current version of OpenLDAP-2 in CVS. I like open source software! :-) -- * * Konstantin Chuguev - Application Engineer * * Francis House, 112 Hills Road * Cambridge CB2 1PQ, United Kingdom D A N T E WWW: http://www.dante.net |
|
From: Henny B. <Hen...@su...> - 2001-07-12 10:43:46
|
Hi Michael, At 12:23 12-7-2001 +0200, Michael Str=F6der wrote: >Konstantin Chuguev wrote: > > Hi Michael and All, > > Michael Str=F6der wrote: > > > When using (patched) python-ldap with OpenLDAP 2.0.x libs and I'm > > > trying to access > > > ldap://ldap.surfnet.nl/c=3DBE > > > I get back the referral LDAP URL > > > ldap://tor.dante.org.uk:1389??base > > > > > > That's almost ok. But the slash after hostport is missing. Is that > > > intentional? IMHO it should be > > > ldap://tor.dante.org.uk:1389/??base > > > > I had a talk with the ldap.surfnet.nl manager, Henny Bekker. There seems > > to be a bug in their directory server. Henny told me they put the > > correct data for referrals, but they get changed in LDAP responces. I > > wasn't entirely convinced in the fact, until you got the same results... > > > > Anyway, they are going to migrate from their old server. They are > > considering OpenLDAPv2. > >I've uploaded the root.ldif of the DIRECT project to my local >OpenLDAP 2.0.11 as well and it seems to work right. Sorry, I did not >expect the problem to be limited to ldap.surfnet.nl. (Since OpenLDAP >2 is not able to hold a root naming context I have suffix directives >for all national referral entries in slapd.conf). > > > P.S. Michael, could you try ldap.nameflow.net (root NC) for your > > referral testing. > >That also seems to work quite ok with python-ldap built against >OpenLDAP 2. True.. But how about a 'one-level search' over all the defined countries (in the root.ldif of the DIRECT project).. If the server isn't doing any caching of that LDAPv3 referrals (with should take precedence over the info defined in the entries) a one-level search will go to the referred site to fetch the info. Thus a one-level search for e.g. the country-names will result into querying all referred LDAP-servers which will take to long (certainly when a country-level LDAP-server is unavailable) and in not scalable.. See also URL: http://www.terena.nl/libr/tech/2000/direct-fr.pdf Cheers, Henny --------------------------------------------------------------------- E-Mail: H.B...@SU... Voice: +31 30 2305305 Fax: +31 30 2305329 Web: http://www.surfnet.nl/surfnet/persons/henny/ o Paper: H.J.Bekker, SURFnet _ /- _ Po Box 19035, 3501 DA Utrecht, Nederland (_) > (_) ---------------------------------------------------------------------- |
|
From: Henny B. <Hen...@su...> - 2001-07-12 11:00:50
|
Hi Michael, At 12:23 12-7-2001 +0200, Michael Str=F6der wrote: >Konstantin Chuguev wrote: > > Hi Michael and All, > > Michael Str=F6der wrote: > > > When using (patched) python-ldap with OpenLDAP 2.0.x libs and I'm > > > trying to access > > > ldap://ldap.surfnet.nl/c=3DBE > > > I get back the referral LDAP URL > > > ldap://tor.dante.org.uk:1389??base > > > > > > That's almost ok. But the slash after hostport is missing. Is that > > > intentional? IMHO it should be > > > ldap://tor.dante.org.uk:1389/??base > > > > I had a talk with the ldap.surfnet.nl manager, Henny Bekker. There seems > > to be a bug in their directory server. Henny told me they put the > > correct data for referrals, but they get changed in LDAP responces. I > > wasn't entirely convinced in the fact, until you got the same results... > > > > Anyway, they are going to migrate from their old server. They are > > considering OpenLDAPv2. > >I've uploaded the root.ldif of the DIRECT project to my local >OpenLDAP 2.0.11 as well and it seems to work right. Sorry, I did not >expect the problem to be limited to ldap.surfnet.nl. (Since OpenLDAP >2 is not able to hold a root naming context I have suffix directives >for all national referral entries in slapd.conf). > > > P.S. Michael, could you try ldap.nameflow.net (root NC) for your > > referral testing. > >That also seems to work quite ok with python-ldap built against >OpenLDAP 2. True.. But how about a 'one-level search' over all the defined countries (in the root.ldif of the DIRECT project).. If the server isn't doing any caching of that LDAPv3 referrals (with should take precedence over the info defined in the entries) a one-level search will go to the referred site to fetch the info. Thus a one-level search for e.g. the country-names will result into querying all referred LDAP-servers which will take to long (certainly when a country-level LDAP-server is unavailable) and in not scalable.. See also URL: http://www.terena.nl/libr/tech/2000/direct-fr.pdf Cheers, Henny --------------------------------------------------------------------- E-Mail: H.B...@SU... Voice: +31 30 2305305 Fax: +31 30 2305329 Web: http://www.surfnet.nl/surfnet/persons/henny/ o Paper: H.J.Bekker, SURFnet _ /- _ Po Box 19035, 3501 DA Utrecht, Nederland (_) > (_) ---------------------------------------------------------------------- |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X