Details
-
Bug
-
Status: Closed
-
Minor
-
Resolution: Fixed
-
None
-
None
-
None
Description
In case we have a referral, and if the LdapURLs stored in the ref values refers to Ldap serve r(if they start by ldap://), RFC 3296 states that :
"If the URI contained in a ref attribute value refers to a LDAP
[RFC2251] server, it MUST be in the form of a LDAP URL [RFC2255].
The LDAP URL SHOULD NOT contain an explicit scope specifier, filter,
attribute description list, or any extensions. The LDAP URL SHOULD
contain a non-empty DN"
The current ReferralService code does not really implement those controls. We can have empty DNs, scope, filter ...