I've been using ldp.exe to guide development of some ldap code for Active Directory. I'm using the win32 API (wldap32). ldp.exe has been extremely helpful in this regard, because in the right pane of the program it shows (more or less) the actual win32 API functions and arguments used to carry out the commands. I find this particularly helpful when crafting calls for ldap_search. If I can get the search to work in ldp.exe, I can directly translate the search to ldap_search.
This was all working as expected until I tried to query a trusted, linked base domain. For example, I login and authenticate to x.net. But I am trying to query the domain y.net which is trusted from x.net.
A search query like (SAMAccountName=mylogin) with BaseDN DC=x,DC=net works in ldp.exe immediately. If I change the BaseDN to DC=y,DC=net it will not work. However, if go to Search Options in ldp.exe and check the box for 'Chase Referrals', the query will work.
Here is the problem. I don't know what checking that box does in terms of win32 API calls. When I query BaseDN DC=y,DC=net with ldap_search directly the return code is LDAP_REFERRAL.
At first, I thought fixing it would be as simple as calling ldap_set_option with LDAP_OPT_REFERRALS, but that doesn't seem to be enough. I've tried settings various other referral related flags like LDAP_OPT_REFERRAL_HOP_LIMIT to larger numbers hoping that is my problem, but nothing seems to work.
I suppose that one possibility is that ldp.exe is actually following those referrals manually with additional function calls (but not actually showing it on the GUI). However, I have not found any good examples of how to do that. If anyone has an example of that, it would be greatly appreciated.
Additionally, I know this query can work because I have access to C# code using DirectoryEntry and DirectorySearcher that works fine in this case.
Does anyone know what is going on in ldp.exe 'Chase Referrals' and how to translate it to the win32 API?
