[Date Prev][Date Next]
I have a question regarding the way aliases are resolved. What I found from
trying and looking at the code is that, when doing an ldapsearch on some dn:
- dereferencing of all subtree entries, which are aliases, works as expected
when searching (using -a always)
- it even dereferences recursively when an alias points to another alias
- it also dereferences the base correctly in case the last part is an alias
(e.g. dn: ou=alias,ou=entry,dc=de)
But what it apparently doesn't do is transparently resolving base DNs, which
contain aliases at other places, like dn: ou=entry2,ou=alias,ou=entry1,dc=de.
However that's what I'd need.
If I see it right, the entire DN is looked up in the database, but of course
not found. Found is only the part up to the alias (i.e.
ou=alias,ou=entry1,dc=de). And it doesn't retry from there, by resolving that
matching part (suppose it points to ou=from_alias_resolved_entry,dc=de) and
retry with it resolved (i.e. ou=entry2,ou=from_alias_resolved_entry,dc=de).
The other issue is, that it also doesn't seem possible to resolve aliases
pointing at entries in a different backend (We use different DBs for
different suffixes). The resolving code seems to operate only within the same
Am I just missing something, or are these things really not possible? If so,
why? Is it defined this way by some spec? Or it just not implemented? Is
there anything planned (or maybe even in CVS already)?
I'm using OpenLDAP 2.3.4, with BDB backends.
Any help appreciated.