[Date Prev][Date Next] [Chronological] [Thread] [Top]

Alias dereferencing


I have a question regarding the way aliases are resolved. What I found from 
trying and looking at the code is that, when doing an ldapsearch on some dn:

- dereferencing of all subtree entries, which are aliases, works as expected 
when searching (using -a always)
- it even dereferences recursively when an alias points to another alias
- it also dereferences the base correctly in case the last part is an alias
  (e.g. dn: ou=alias,ou=entry,dc=de)

But what it apparently doesn't do is transparently resolving base DNs, which 
contain aliases at other places, like dn: ou=entry2,ou=alias,ou=entry1,dc=de.
However that's what I'd need. 

If I see it right, the entire DN is looked up in the database, but of course 
not found. Found is only the part up to the alias (i.e. 
ou=alias,ou=entry1,dc=de). And it doesn't retry from there, by resolving that 
matching part (suppose it points to ou=from_alias_resolved_entry,dc=de) and 
retry with it resolved (i.e. ou=entry2,ou=from_alias_resolved_entry,dc=de).

The other issue is, that it also doesn't seem possible to resolve aliases 
pointing at entries in a different backend (We use different DBs for 
different suffixes). The resolving code seems to operate only within the same 

Am I just missing something, or are these things really not possible? If so, 
why? Is it defined this way by some spec? Or it just not implemented? Is 
there anything planned (or maybe even in CVS already)?

I'm using OpenLDAP 2.3.4, with BDB backends.

Any help appreciated.