[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Alias dereferencing

Michael Reiher wrote:


I have a question regarding the way aliases are resolved. What I found from trying and looking at the code is that, when doing an ldapsearch on some dn:

- dereferencing of all subtree entries, which are aliases, works as expected when searching (using -a always)
- it even dereferences recursively when an alias points to another alias
- it also dereferences the base correctly in case the last part is an alias
(e.g. dn: ou=alias,ou=entry,dc=de)

But what it apparently doesn't do is transparently resolving base DNs, which contain aliases at other places, like dn: ou=entry2,ou=alias,ou=entry1,dc=de.
However that's what I'd need.

If I see it right, the entire DN is looked up in the database, but of course not found. Found is only the part up to the alias (i.e. ou=alias,ou=entry1,dc=de). And it doesn't retry from there, by resolving that matching part (suppose it points to ou=from_alias_resolved_entry,dc=de) and retry with it resolved (i.e. ou=entry2,ou=from_alias_resolved_entry,dc=de).

The other issue is, that it also doesn't seem possible to resolve aliases pointing at entries in a different backend (We use different DBs for different suffixes). The resolving code seems to operate only within the same backend.

Am I just missing something,

Apparently, yes:
<draft-ietf-ldapbis-models, section 2.6>
     An alias entry shall have no subordinates, so that an alias entry
     is always a leaf entry.
</draft-ietf-ldapbis-models, section 2.6>

or are these things really not possible? If so, why? Is it defined this way by some spec? Or it just not implemented? Is there anything planned (or maybe even in CVS already)?

I'm using OpenLDAP 2.3.4, with BDB backends.

Any help appreciated.



SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497