Referrals
A referral system ensures that if an entry cannot be found locally, the directory server can pass a referral back to the client with a request to contact another directory server. Most LDAP client libraries automatically follow referrals and resubmit the user's original request.
There are two ways of defining referrals in Sun Directory Services:
-
Default referral for the directory server
-
Referral entries
The default referral is a parameter that you configure for each directory server. It is a pointer to another directory server. Usually, the referral server holds a higher node in the DIT than the one held by the current server, in order to widen the scope of the search.
A referral entry can be created at any level in the DIT to point to any subtree of the DIT held on a different data store. The value of a referral entry is a URL.
Note -
Do not create referrals from LDAP v3 servers to LDAP v2 servers. Most client libraries cannot follow a referral to an LDAP v2 server when the initial request was submitted to an LDAP v3 server.
Referral entries can be used to overcome the one million entry limit for a data store. It is possible to create a data store that holds referral entries directly under the root entry. These entries point to subtrees of the global DIT held on different data stores on the same server, or on different servers.
This principle is illustrated in Figure 3-4.
Figure 3-4 Referrals in a Multi-Million Entry Directory
The newyork, london and paris servers have a default referral to the o=XYZ, c=US data store held on the boston server. The boston server contains the following three referral entries:
-
l=New-York, ou=XYZ, c=US
-
l=London, ou=XYZ, c=US
-
l=Paris, ou=XYZ, c=US
A referral entry contains the following attributes:
-
objectClass = referral
-
ref = "ldap://hostname[:port]/DN"
-
The naming attribute of the referenced data store, also used to name the referral entry, to avoid using the ref attribute as the naming attribute
For example, the l=New-York, ou=XYZ, c=US referral entry contains:
DN: l=New-York,ou=xyz,c=US objectClass: referral ref: ldap://newyork/ou=New-York,ou=XYZ,c=US l: New-York
If a search operation in the l=New-York, ou=XYZ, c=US tree fails, the LDAP protocol follows the default referral and searches the ou=XYZ, c=US tree. If a search is started on the ou=XYZ, c=US tree, the LDAP protocol follows the URLs provided in the referral entries to search all referenced data stores.
- © 2010, Oracle Corporation and/or its affiliates