Shibboleth Developers

[Daniel Fisher <>]

On Wed, Jun 8, 2011 at 6:24 PM, Dan McLaughlin
<>
 wrote:
> I agree the old properties are valid, but there is some bug that is
> causing aliases to be dereference regardless.  I think you would agree
> the following two configuration examples should NEVER dereference
> aliases.  If  dereference aliases is set to never and I search the
> entire tree and I have one alias that points to one user, then only
> the one user should be returned.  Correct?

I would expect the user entry and the alias entry to be returned. To
confirm this try the following:
ldapsearch -H ldaps://ldap01:636 -x -b o=org -a never "(cn=jdoe-c)"

If an alias is not dereferenced, the alias entry is returned.

then try:
ldapsearch -H ldaps://ldap01:636 -x -b o=org -a never
"(&(cn=jdoe-c)(objectclass=person))"
and confirm only the user entry is returned.

--Daniel Fisher