Shibboleth Developers

[Dan McLaughlin <>]

Correct.

ldapsearch -H ldaps://ldap01:636 -x -b o=org -a never "(cn=jdoe-c)"
returned the alias entry and the user entry

ldapsearch -H ldaps://ldap01:636 -x -b o=org -a never
"(&(cn=jdoe-c)(objectclass=person))" returned only the user entry

ldapsearch -H ldaps://ldap01:636 -x -b o=org -a always "(cn=jdoe-c)"
returned two identical user entries

ldapsearch -H ldaps://ldap01:636 -x -b o=org -a always
"(&(cn=jdoe-c)(objectclass=person))" returned two identical user
entries


--

Thanks,

Dan McLaughlin


NOTICE: This e-mail message and all attachments transmitted with it
are for the sole use of the intended recipient(s) and may contain
confidential and privileged information. Any unauthorized review, use,
disclosure or distribution is strictly prohibited. The contents of
this e-mail are confidential and may be subject to work product
privileges. If you are not the intended recipient, please contact the
sender by reply e-mail and destroy all copies of the original message.



On Thu, Jun 9, 2011 at 8:03 AM, Daniel Fisher 
<>
 wrote:
>
> On Wed, Jun 8, 2011 at 6:24 PM, Dan McLaughlin
> <>
>  wrote:
> > I agree the old properties are valid, but there is some bug that is
> > causing aliases to be dereference regardless.  I think you would agree
> > the following two configuration examples should NEVER dereference
> > aliases.  If  dereference aliases is set to never and I search the
> > entire tree and I have one alias that points to one user, then only
> > the one user should be returned.  Correct?
>
> I would expect the user entry and the alias entry to be returned. To
> confirm this try the following:
> ldapsearch -H ldaps://ldap01:636 -x -b o=org -a never "(cn=jdoe-c)"
>
> If an alias is not dereferenced, the alias entry is returned.
>
> then try:
> ldapsearch -H ldaps://ldap01:636 -x -b o=org -a never
> "(&(cn=jdoe-c)(objectclass=person))"
> and confirm only the user entry is returned.
>
> --Daniel Fisher