August 29th, 2003, 08:35 AM
openldap multiple alias deref
I have a small Problem with dereferencing LDAP Aliases:
The LDAP tree looks something like this:
| + alias_to_location1_users
| + alias_to_location2_users
| + ......
now i want so search basedn= ' ou=users, dc=mydomain,dc=com' .
the problem is, that i don't find any users, because openldap only returns the dereferenced aliases - of aliase_to_... and does not search these.
is there a way to search the user-database by just specifying ' ou=users, dc=mydomain,dc=com' as the basedn?
August 29th, 2003, 12:14 PM
Which client are you using? Normally (if your server supports it) there is an option called something like Dereference Aliases: this you would set to searching and then it should search the actual dns instead of just the aliased ones.
August 29th, 2003, 12:32 PM
I tried it with "ldapsearch" on redhat 9.0 and with php-ldap.
Both times i set dereference to always (as well als deref in ldaf.conf).
ah, yes jxplore showed the same behavior...
the strange thing is, that as search result i get the dn objects - i.e.
dn: ou=users,ou=location1, dc=.....
(if filter is objectclass=*)
could it be, that there is some kind of max_deref_depth=1?
and a small problem with the ascii tree: it should be
| + users
August 29th, 2003, 12:57 PM
Try setting search scope to sub (or in php it would be search) and also set deref to searching NOT always, I'm not sure why but I was never able to get always to work but searching and finding I would work.
August 29th, 2003, 01:29 PM
i tried the following:
ldapsearch -P 3 -v -x -s sub -a search -b 'ou=users,dc=mydomain,dc=com' objectclass=*
this once more only returns the resolved aliases, but not the leaves below.,
August 29th, 2003, 02:29 PM
ic I wasn't understanding correctly, I don't think there is a way to search below the alliesed item, unless you do it programmatically
August 29th, 2003, 02:49 PM
sorry for my bad english ;-)
thank you for your infos / time.
August 29th, 2003, 03:22 PM
no your english was fine , I just didn't read it well enough