how to configure deref overlay

Sun, 04 Aug 2013 06:26:47 -0700
It seems few use deref overlay. This feature is mentioned on feature list†, but there is no manual for the overlay; only one line is about it in ldapsearch(1) manual. In the last years, only one person mentioned it in 2009 on this mailing list, and his question was unanswered. 

I observed this is the way it is supposed to work:

$ ldapsearch -E deref=secretary:sn

Would put the surname of the secretary as the value of 'secretary' attribute.


In reality this search extension complains the "control is unavailable in 
context". I am afraid loading the model is not enough, it has to be 
configured first, somewhere in cn=config, but couldn't find any document.


        $ ldapsearch -x -E '!deref=secretary:sn' cn=Betsy secretary
        # extended LDIF
        #
        # LDAPv3
        # base <dc=example,dc=com> (default) with scope subtree
        # filter: cn=Betsy
        # requesting: secretary with dereference critical control
        #

        # search result
        search: 2
        result: 12 Critical extension is unavailable
        text: critical control unavailable in context

        # numResponses: 1


This is how I loaded the module (slapd didn't produce error in log, thus I 
consider it is loaded):


        $ slapcat -s cn=config | grep -C 8 deref
        entryCSN: 20130803010832.965676Z#000000#000#000000
        modifiersName: cn=config
        modifyTimestamp: 20130803010832Z

        dn: cn=module{1},cn=config
        objectClass: olcModuleList
        cn: module{1}
        olcModulePath: /usr/lib/ldap
        olcModuleLoad: {0}deref
        structuralObjectClass: olcModuleList
        entryUUID: cdb88ba8-9131-1032-8334-7700fe3e5919
        creatorsName: cn=admin,cn=config
        createTimestamp: 20130804091300Z
        entryCSN: 20130804091300.138105Z#000000#000#000000
        modifiersName: cn=admin,cn=config
        modifyTimestamp: 20130804091300Z

Here is the data I am experimenting with, very minimalism:

        $ ldapsearch -x objectClass=pilotPerson
        # extended LDIF
        #
        # LDAPv3
        # base <dc=example,dc=com> (default) with scope subtree
        # filter: objectClass=pilotPerson
        # requesting: ALL
        #

        # David, editors
        dn: cn=David,ou=editors,dc=example,dc=com
        cn: David
        objectClass: pilotPerson
        objectClass: person
        objectClass: top
        sn: Jones

        # Betsy, editors
        dn: cn=Betsy,ou=editors,dc=example,dc=com
        cn: Betsy
        objectClass: pilotPerson
        objectClass: person
        objectClass: top
        sn: Shwan
        secretary: cn=David,ou=editors,dc=example,dc=com

        # search result
        search: 2
        result: 0 Success

        # numResponses: 3
        # numEntries: 2


Any hint on how to make it work? Or more importantly, was there anyone using 
the overlay at all??


Thanks.

P.S. the email subject intends to guide googlers to land in this discussion.

† http://www.openldap.org/faq/data/cache/645.html













    











					Reply via email to