# $OpenLDAP$
-# Copyright 1999-2000, The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 1999-2003, The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
H1: Constructing a Distributed Directory Service
and {{superior}} knowledge information.
!else
{{slapd}} supports {{subordinate}} and {{superior}} knowledge information.
+Subordinate knowledge information is held in {{EX:referral}}
+objects ({{REF:RFC3296}}).
!endif
as a special {{referral}} object at the delegate point.
The referral object acts as a delegation point, gluing two services
together.
-This mechanism allows for hierarchical directory services to to be
+This mechanism allows for hierarchical directory services to be
constructed.
A referral object has a structural object class of
to another server {{EX:b.example.net}}, the following named referral
object would be added to {{EX:a.example.net}}:
-> dn: dc=subtree, dc=example, dc=net
+> dn: dc=subtree,dc=example,dc=net
> objectClass: referral
> objectClass: extensibleObject
> dc: subtree
-> ref: ldap://b.example.net/dc=subtree,dc=example,dc=net/
+> ref: ldap://b.example.net/dc=subtree,dc=example,dc=net
The server uses this information to generate referrals and
search continuations to subordinate servers.
similar to an X.500 knowledge reference held in a {{subr}}
{{TERM:DSE}}.
+
!if 0
H2: Immediate Superior Knowledge Information
to the entry {{EX:dc=subtree,dc=example,dc=net}} in server B indicating
that A holds the immediate superior naming context.
-> dn: dc=subtree, dc=example, dc=net
+> dn: dc=subtree,dc=example,dc=net
> changetype: modify
> add: ref
> ref: ldap://a.example.net/
H2: Superior Knowledge Information
-Superior knowledge information may be specified using the
-{{EX:referral}} directive. The value is a list of {{TERM:URI}}s
-referring to superior directory services. For servers without
-immediate superiors, such as for {{EX:a.example.net}} in the example
-above, the server can be configured to use directory service with
-{{global knowledge}}, such as the {{OpenLDAP Root Service}}
+Superior knowledge information may be specified using the {{EX:referral}}
+directive. The value is a list of {{TERM:URI}}s referring to
+superior directory services. For servers without immediate superiors,
+such as for {{EX:a.example.net}} in the example above, the server
+can be configured to use a directory service with {{global knowledge}},
+such as the {{OpenLDAP Root Service}}
({{URL:http://www.openldap.org/faq/index.cgi?file=393}}).
> referral ldap://root.openldap.org/
However, as {{EX:a.example.net}} is the {{immediate superior}}
-to {{EX:b.example.net}}, {{a.example.net}} would be configured
+to {{EX:b.example.net}}, {{b.example.net}} would be configured
as follows:
> referral ldap://a.example.net/
-The server uses this information to generate referrals to
-operations acting upon operations not within or subordinate
+The server uses this information to generate referrals for
+operations acting upon entries not within or subordinate
to any of the naming contexts held by the server.
For those familiar with X.500, this use of the {{EX:ref}} attribute
is similar to an X.500 knowledge reference held in a
{{Supr}} {{TERM:DSE}}.
+
H2: The ManageDsaIT Control
Adding, modifying, and deleting referral objects is generally done
-using {{ldapmodify}}(1) or similar tools which support the
-ManageDsaIT control. The ManageDsaIT control informs the server
-that you intend to manage the referral object as a regular
-entry. This keeps the server from sending a referral result
-for requests which interrogate or update referral objects.
-The -M option of {{ldapmodify}}(1) (and other tools) enables
+using {{ldapmodify}}(1) or similar tools which support the ManageDsaIT
+control. The ManageDsaIT control informs the server that you intend
+to manage the referral object as a regular entry. This keeps the
+server from sending a referral result for requests which interrogate
+or update referral objects.
+
+The ManageDsaIT control should not be specified when managing regular
+entries.
+
+The {{EX:-M}} option of {{ldapmodify}}(1) (and other tools) enables
ManageDsaIT. For example:
> ldapmodify -M -f referral.ldif -x -D "cn=Manager,dc=example,dc=net" -W