[python3-ldap] R: What's the best way to deal with continuationreferrals?
Michael Ströder
michael at stroeder.com
Sat Nov 1 13:29:04 CET 2014
Python3-ldap wrote:
> I've set up an infrastructure for testing different LDAP servers, I think I
> should be able to include automatic continuation referral resolution in
> one of the next releases of python3-ldap.
Note that in general LDAPv3 referrals are a broken concept anyway and not
used. Especially since there's no standard defining e.g. which authentication
to use when following a referral.
So IMO it's ok at the API level to just return the referral LDAP URLs and let
the LDAP client application deal with it because the app has more knowledge
about the context.
With MS AD I wildly guess that "the concept" was to let the client simply
re-use the Windows logon identity. But even with MS AD you won't need chasing
referrals. Everybody who thinks so should have a closer look what's really
referenced by the referrals.
In my web2ldap I simply present an input form to the user interactively asking
for the authc information to using when chasing the referral. BTW: This
functionality was implemented for an academic approach ~14 years ago. Chasing
referrals has never been required since then. Referrals e.g. returned for
write requests should also be handled by the LDAP server with chaining.
Ciao, Michael.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4252 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.python.org/pipermail/python3-ldap/attachments/20141101/152c38a6/attachment.bin>
More information about the python3-ldap
mailing list