Quanah Gibson-Mount wrote:
You fail to mention what version of OpenLDAP you are running, which would be useful information. But I would not that if you have a poorly designed DIT, this may be the expected behavior as the query will look at every entry in the scope.
It will look at every *alias* in the scope. For the original question:
dn: uid=alias,ou=People,dc=example,dc=net objectclass: alias objectclass: extensibleObject uid: alias aliasedobjectname: uid=target,ou=Retired People,dc=example,dc=com ... then ldapsearch -x -a always -b uid=alias,ou=People,dc=example,dc=net 'objectclass=*' will return results from the "target" DN.
Yes, this would give the same result as a subtree search with a baseDN of uid=target,ou=Retired People,...
Should the same results be expected from searching with ...
ldapsearch -x -a always -b ou=People,dc=example,dc=net uid=alias
... assuming uid was indexed for equality.
Probably not, because the filters are not the same. This search would only return results that match the (uid=alias) filter. If all of the entries in the target branch have a matching uid attribute, then the result sets might look the same.
-- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
