Re: Alias dereferencing

[Ryan Steele <ryans@aweber.com>]

Thanks for responding, Howard.  Responses below.

Howard Chu wrote:
> 
> Your problem has nothing to do with alias dereferencing.
> 


Yes, I have to agree now that I (think I) know more about how aliases work in OpenLDAP.

>> I can only obtain the expected results if I set the search base to the
>> *specific* entry I'm looking to dereference:
> 
> And that is clearly not the case, in fact.
> 
> Your last search is not equivalent to your previous searches, because
> the last time you omitted the **SEARCH FILTER**.
> 
> Think about it.
>


I actually believe it is the case, but only because the behavior I'm expecting is not orthogonal to how aliases appear
to work.  Using FAQ-O-Matic entry #1111 as an example, searching without a filter just returns the aliased entry without
any reference at all to the DN of the alias itself, which precludes me from being able to use the root of my DIT as the
search base, search for the alias's DN, and having the attributes from the object to which it points returned.  I
suppose I will just have to look for another solution to satisfy this particular need, perhaps an auxiliary objectclass
that will let me use a separate attribute for aesthetic display names.  I'm certainly open to other suggestions if there
is a more appropriate or fitting answer to this problem.  For reference, what I'm after is something similar to the
following behavior:

joe@ldap1:~# ldapsearch -x -ZZ -LLL -a always '(cn=Aliased Group Name)' member
dn: cn=realgroupname,ou=Groups,dc=example,dc=com
member: uid=john,ou=Users,dc=example,dc=com
member: uid=jane,ou=Users,dc=example,dc=com
member: uid=joe,ou=Users,dc=example,dc=com


Thanks for the advice/suggestions/cluebats!