#1 domain naming scheme questions

open
None
2
2012-10-03
2001-10-10
No

First, I set up a directory with the classical C, O, OU
structure. Web500GW displayed i.e. for C=DE "Germany"
or "Deutschland" (correctly).

Now I set on openldap suffix to "dc=company, dc=de" and
got some strange behaivior. I set:

homedn: dc=company,dc=de
rootishome: on

When I browse "/", I get my "root", anythink works
nicely. But it's possible to browse up (!) to country
and world - but "homedn" is my root. By this, i.e.
"world" is "empty" (openLDAP refuses searchs without my
dc's).

Additonally, the ldapfriendly for i.e.
c=DE,dc=company,dc=de is not used; it's displayed as
"DE" only.

What did I wrong?

Discussion

  • Karl Dietz

    Karl Dietz - 2001-10-20

    Logged In: YES
    user_id=79369

    If I understand correctly you want your LDAP server root as
    root for the LDAP tree. This does not work by design.

    Browsing "/" is a shortcut to homedn. You will go
    to "/dc=de/dc=company/ou=someunit" from there
    not "/ou=someunit".

    Being able to browse up is a feature. You need it to query
    foreign LDAP servers, too. (look at some german university
    gateway, you can browse lot's of LDAP trees from there)

    I think "country" is designed as top level dn only.

    To sum it up: you did nothing wrong.

     
  • Steffen Dettmer

    Steffen Dettmer - 2001-10-21

    Logged In: YES
    user_id=22327

    I'll try to clarify a little.

    The LDAP Server's root is at dc/dc. I set up a referral, to. Anything below dc/dc works (except ldapfriendly
    for dc/dc/c=XX - it just displays XX, not the country name). But it's possible to go up (from root or
    homedn). The Server refuses the request (since it serves only the dc/dc thing, nothing up). Of course I
    would prefere if going up from dc/dc "world" (homedn) would produce a useful result, but I don't know how
    should I set up this. I use openLDAP.

    I though the simples way is to say root is dc/dc (homedn). Below homeds (dc/dc) there are countries (c=DE
    and so on), below that organisations. So browseing up from dc/dc makes no sense I though. Of course the
    users happily press the go up button, and receive an empty "list", and cannot go back (without changing
    the URL manually). So I think that button is wrong.

    Going up to some other LDAP server (I've read that some orgs are serving countries) in that servers our
    organisation is not avialable of course. Well, in short, I don't know how this could work at all.

    Maybe you have some RTFM pointer for me or similar?

    Thank you!

     
  • Karl Dietz

    Karl Dietz - 2001-10-26

    Logged In: YES
    user_id=79369

    for the browse up: you did set homedn and rootishome in the
    config file, right?
    BTW: what version are you using? (I'm asking because I can't
    reproduce the "browse up" problem)

     
  • Steffen Dettmer

    Steffen Dettmer - 2001-10-26

    Logged In: YES
    user_id=22327

    web500gw.conf:
    homedn: dc=company,dc=de
    rootishome: on

    I get the right when doing http://host/ - it's the same as
    http://host/dc=company,dc=DE.

    But in both cases on the HTML page there is the button
    "browse up to (Germany|World)".

    When I go to world I get URL %2f?=root and HTML:
    DNS SRV operation upon null (empty) DN disallowed

    And when I go up to Germany I get URL %2f?=dc%253dde and
    HTML
    World
    (nothing more).

    According to LDAP server log, it requested "dc=DE", which is
    out of the scope, since dc=de,dc=company is the root.

    Version is "2.1b3"

    Thank you.

     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks