[Date Prev][Date Next] [Chronological] [Thread] [Top]

referrals and one level searches (ITS#818)

Full_Name: Mark Whitehouse
Version: 2.0.6
OS: Linux RH 6.2
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (


LDAP one level searches do not seem to work correctly when a referral is
involved in the result set.

As an example, I have an LDAP server with the following referral:

  dn: ou=devices,dc=foo,dc=com
  ou: devices
  ref: ldap://host/ou=devices,dc=foo,dc=com
  objectclass: referral
  objectclass: extensibleObject

If I issue the following ldapsearch:

  ldapsearch -b 'dc=foo,do=com' -s one -P 3 -a always -C -x '(objectclass=*)'

The search returns the entries below dc=foo,dc=com and the entries *below*
ou=devices,dc=foo,dc=com.  This seems to be incorrect as a one level search
should return the entries directly below dc=foo,dc=com including the one
dreferenced referral entry.

My guess is that the slapd code, on encoutering a referral is passing the search
onto the referral server without modifying the scope of the search.  i.e. a one
level search should be translated to a base level search to be sent to the
referral server.