cowboy@linux.vnet.ibm.com writes:

Sorry for the noise - I would've started on the mailing list, but I was given erroneous advise on howto achive a goal - and after reading the relevant rfc - thought it might indeed do what I wanted.

Definitely take this to a mailinglist. openldap-technical, I guess.

It looks like to do what I want, I need in DIT referrals :(

I haven't tested, but the server shouldn't apply the filter to referral objects either. The referred-to server will apply the filter. As far as I understand, the baseDN and scope says what to search, while the filter is applied to candidate entries for being returned to the user.

My guess is you need another approach entirely. Keep the concepts separate - if something is called an "alias" in Samba or whatever,d that doesn't mean it makes sense to use an alias in LDAP.