there is a product, that has a strange behaviour. Although I set the "never follow" option for aliases, it keeps following them, and this results in multiple hits for the same user object. I try to workaround this problem by modifying the ldap query on the LDAP Proxy side. I would like to force the dereference=never option to every ldap query. This is a simple policy that I wrote for this purpose:
Set deref alias to never
In a nutshell: if the search scope is sub-tree, then modify the derefalias to 0 which means never dereference. xml validation is fine, ldaproxy starts up. There is an ou=ASDF,o=TOP and an alias for ASDF: ou=QWER,o=TOP. When I do an ldapsearch for a user with "-b o=TOP -a always -s sub" then it returns two results for the same user. This means, that ldapproxy is not modifying the query. I tried many different conditions, none of them works, so I think that I am missing something. Maybe I misplace the policy in the xml? Is it even possible to do what i need?