Quanah Gibson-Mount wrote:
You fail to mention what version of OpenLDAP you are running, which would be useful information. But I would not that if you have a poorly designed DIT, this may be the expected behavior as the query will look at every entry in the scope.
It will look at every *alias* in the scope.
For the original question:
dn: uid=alias,ou=People,dc=example,dc=net objectclass: alias objectclass: extensibleObject uid: alias aliasedobjectname: uid=target,ou=Retired People,dc=example,dc=com
... then
ldapsearch -x -a always -b uid=alias,ou=People,dc=example,dc=net 'objectclass=*'
will return results from the "target" DN.
Yes, this would give the same result as a subtree search with a baseDN of uid=target,ou=Retired People,...
Should the same results be expected from searching with ...
ldapsearch -x -a always -b ou=People,dc=example,dc=net uid=alias
... assuming uid was indexed for equality.
Probably not, because the filters are not the same. This search would only return results that match the (uid=alias) filter. If all of the entries in the target branch have a matching uid attribute, then the result sets might look the same.