Hello Community,
there is a product, that has a strange behaviour. Although I set the "never follow" option for aliases, it keeps following them, and this results in multiple hits for the same user object. I try to workaround this problem by modifying the ldap query on the LDAP Proxy side. I would like to force the dereference=never option to every ldap query. This is a simple policy that I wrote for this purpose:
<policy-search-request id-policy="derefalias-never">
<rule>
<comment>
Set deref alias to never
</comment>
<conditions>
<if-srch-scope op="equal">sub-tree</if-srch-scope>
</conditions>
<actions>
<do-modify-search>
<derefalias-reset>0</derefalias-reset>
</do-modify-search>
</actions>
<actions-default>
<do-allow/>
</actions-default>
</rule>
</policy-search-request>
In a nutshell: if the search scope is sub-tree, then modify the derefalias to 0 which means never dereference. xml validation is fine, ldaproxy starts up. There is an ou=ASDF,o=TOP and an alias for ASDF: ou=QWER,o=TOP. When I do an ldapsearch for a user with "-b o=TOP -a always -s sub" then it returns two results for the same user. This means, that ldapproxy is not modifying the query. I tried many different conditions, none of them works, so I think that I am missing something. Maybe I misplace the policy in the xml? Is it even possible to do what i need?
Thanks,
Gellert