[389-users] Referrals

[David Christensen]

Can referrals be used to reference a user or group in another branch of
the DIT?  I am using FDS for authentication, some basic authorization
and as a directory.  I have my DIT setup with three organizational
branches under a single root suffix.  Hosts are then setup with a base
DN based on the organization they belong to, so very few host's do a
search starting at the root suffix.  At the moment users are added to
the DIT based on their organization and OU within that organization.

If I wanted to have a user who is in org A and only org A to be able to
gain access to hosts in org B my initial thought was adding them in org
B, but this would create maintenance logistical nightmares so my thought
was using referrals so that a search by an org B host for a user who is
actually in org A would be referred to the user record in org A, but
would symbolically be in org B.  Would this work, or would it break
something, and is this the proper way to use a referral?  Is there
anyway of doing this on a group basis instead of by single user?

Thanks.