This is how filters work in LDAP. It sounds to me like things are
working correctly. I.e., if I search for "objectClass=joe" objectClass,
it will return every entry that has an objectClass value of joe, and all
the values for objectClass.
If I search for "(member=uid=user1,ou=users,dc=example,dc=com)", it will
return to me every group that has a member attribute matching that value.
I see nothing wrong in the behavior here, just in the understanding of
how filters work. Let me know if you have further questions.
To expand on this a little bit more:
LDAP filters are used to limit the number of entries returned. They do not
limit attr=value pairs.
Generally, with groups, the most common operation is the ldapcompare
operation. It lets you "ask" whether or not a given value is assigned to
an attribute in a specific entry.
I.e., I can ask "Is uid=user1,ou=users,dc=example,dc=com a value for the
member attribute in the group cn=testgroup ou=Groups,dc=example,dc=com"
using the ldapcompare operation. It will answer one of three ways: TRUE,
FALSE, or UNDEFINED.
<http://www.openldap.org/software/man.cgi?query=ldapcompare&apropos=0&sektion=0&manpath=OpenLDAP+2.4-Release&format=html>
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration