[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldbm and deref aliases

Christian Gellweiler writes:
> In the ou=people tree are all persons in a given company. They are
> organized in groups listed in the ou=groups tree stored as aliases to
> the ou=people tree.

Note that this means a search operation inside ou=groups with
LDAP_DEREF_ALWAYS will not make use of indices, since it much follow
each alias to examine the aliased entry, and indexing is not done
"through" aliases.

At least that was the situation some years ago when we got rid of our
aliases, and finally got rid of the complaints about timeouts from
people whose clients searched with LDAP_DEREF_ALWAYS.

> if i search all members of uid=group1 i want to find tom and jerry
> the problem now is, if i want all members of a group ( including the
> members of the subgroups) all members of the subgroups are not found.

Hard to tell without more info.  Possibilities I can think of:
- the search hits a limit and fails, e.g. with timeLimitExceeded,
- your filter matches the alias entry under ou=groups instead of
  the object it points at under ou=people.

Otherwise, I suggest you show us the exact search operation, search
result, the alias entry and DN pointing to an entry which should be
found but isn't, and that missing entry and DN.