referrals & 'no such object'

[Turbo Fredriksson <turbo@nocrew.org>]

When doing the search 

        ldapsearch -v -b 'ou=Users,o=Modular Telecom,c=SE' uid=turbo

I  get the  desired  result, my  entry  show up...  Then  I added  the
following LDIF:

----- s n i p -----
dn: ref="ldap://XXXXXXX/uid=turbo,ou=Routers,o=Modular Telecom,c=SE", uid=turbo, ou=Users, o=Modular Telecom, c=SE
objectclass: referral
ref: ldap://XXXXXXX/uid=turbo,ou=Routers,o=Modular Telecom,c=SE
----- s n i p -----

I then get (when I do the ldapsearch string above), my entry
BUT also a 

----- s n i p -----
ldap_search: No such object
ldap_search: matched: C=SE
ldap_init( <default>, 0 )
filter pattern: uid=turbo
returning: ALL
filter is: (uid=turbo)
uid=turbo,ou=Users,o=Modular Telecom,c=SE
uid=turbo
cn=Turbo Fredriksson
[the rest of my entry]
1 matches
----- s n i p -----

What I try to accomplish is a special tree for all the routers
we have. Specifying a special access tree for all the routers,
so the information don't have to be duplicated, just refer to the
users tree for account information. If the dn above is entered,
I can't login on the ldapserver (using PAM_LDAP), even though 
the searchdn is the correct 'ou=Users,o=Modular Telecom,c=SE'...

First question (I could look in the pam_ldap source, but since
we're on the subject :). Does pam_ldap follow referrals?

Second question. Why does ldapsearch/slapd try to follow the
referral (that's what I think is happening anyway) when the
search base is set 'so far away' from the referral dn, in a
totaly different organization/organizationunit? I tried to
change the organization to another org, but that didn't help
either...

-- 

DES strategic Legion of Doom Waco, Texas AK-47 Saddam Hussein Clinton
domestic disruption Rule Psix Ortega Kennedy quiche PLO Mossad radar