GIT Log for 2009-04-02 23:33 GMT

Alan DeKok aland at deployingradius.com
Fri Apr 3 13:13:24 CEST 2009


Arran Cudbard-Bell wrote:
> Does the OpenLDAP library explicitly support chase_referrals, or is
> there code already in rlm_ldap to do this ? In the past when i've had
> to use wrappers around OpenLDAP, you always had to specify a callback
> function that OpenLDAP called whenever it hit a referal.

  The documentation says that "chase referrals" is the default.
However, the callback is required if you want the referral to use the
same credentials as the original bind.  Because it just wouldn't make
sense for it to use the *same* credentials.

  Active Directory gets excited over this.  If you get a referral to the
same machine, it works.  If you get a referral to a different machine,
OpenLDAP binds anonymously, and therefore doesn't have the correct
permissions to do the search.

  Alan DeKok.



More information about the Freeradius-Devel mailing list