Re: Resolving aliasedobjectname(s)

25 Jan 2008


      Quanah Gibson-Mount wrote:
...
It took me a while to realize you actually had a question here, you 
might want to repost being a bit more explicit about what it is you are 
asking.
--Quanah
--On Tuesday, January 22, 2008 12:29 PM +0000 Dave Lewney 
d.m.lewney@sussex.ac.uk wrote:
...
Faq #1111 states that given ...
dn: uid=alias,ou=People,dc=example,dc=net
  objectclass: alias
  objectclass: extensibleObject
  uid: alias
  aliasedobjectname: uid=target,ou=Retired People,dc=example,dc=com
... then
ldapsearch -x -a always -b uid=alias,ou=People,dc=example,dc=net
'objectclass=*'
will return results from the "target" DN.
    Should the same results be expected from searching with ...
ldapsearch -x -a always -b ou=People,dc=example,dc=net uid=alias
... assuming uid was indexed for equality.
Dave
Dave Lewney
IT Services, University of Sussex, Brighton BN1 9QT
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc

Zimbra ::  the leader in open source messaging and collaboration
My intention is to have a tree of aliases which point to "real" 
posixaccount entries. A search such as ...
ldapsearch -x -a search -b 'ou=test,ou=Services,o=University of Sussex' 
uid=dml
*does* actually retrieve the posixaccount entry but this method will not 
scale. Instead of retrieving the aliasedobjectname and dereferencing, it 
appears to generate a search for every entry in the alias tree. With 
30,000+ entries this is effectively unworkable.
    So, my real question is why are all these searches being generated 
and am I correct in thinking that I have misunderstood alias dereferencing?
The alias tree, containing just 3 entries for testing ...
# dml, test, Services, University of Sussex
dn: uid=dml,ou=test,ou=Services,o=University of Sussex
objectClass: extensibleObject
objectClass: alias
aliasedObjectName: uid=dml,ou=unix,ou=uscs,o=University of Sussex
uid: dml
# dml24, test, Services, University of Sussex
dn: uid=dml24,ou=test,ou=Services,o=University of Sussex
objectClass: extensibleObject
objectClass: alias
aliasedObjectName: uid=dml24,ou=unix,ou=uscs,o=University of Sussex
uid: dml24
# dml25, test, Services, University of Sussex
dn: uid=dml25,ou=test,ou=Services,o=University of Sussex
objectClass: extensibleObject
objectClass: alias
aliasedObjectName: uid=dml25,ou=unix,ou=uscs,o=University of Sussex
uid: dml25
... and one of the posixaccount entries pointed to ...
# dml, unix, USCS, University of Sussex
dn: uid=dml,ou=unix,ou=USCS,o=University of Sussex
uid: dml
uidNumber: 24964
gidNumber: 100
homeDirectory: /home/csrv/dml
objectClass: uosUnixObject
objectClass: shadowAccount
objectClass: posixAccount
sn: Lewney
cn: Dave Lewney
gecos: Dave Lewney
loginShell: /bin/tcsh
... and the log - notice the search for dml, dml24 and dml25  ...
Jan 25 09:30:16 murray slapd[278]: bdb_db_open: "o=University of Sussex"\n
Jan 25 09:30:16 murray slapd[278]: => bdb_entry_get: ndn: "o=university 
of sussex"\n
Jan 25 09:30:16 murray slapd[278]: => bdb_entry_get: oc: "(null)", at: 
"contextCSN"\n
Jan 25 09:30:16 murray slapd[278]: bdb_idl_fetch_key: \n
Jan 25 09:30:16 murray slapd[278]: bdb_idl_fetch_key: \n
Jan 25 09:30:16 murray slapd[278]: send_ldap_result: err=0 matched="" 
text=""\n
Jan 25 09:30:16 murray slapd[278]: slapd starting\n
Jan 25 09:30:25 murray slapd[278]: conn=0 fd=13 ACCEPT from 
IP=139.184.134.180:61127 (IP=139.184.132.109:389)\n
Jan 25 09:30:25 murray slapd[278]: connection_get(13)\n
Jan 25 09:30:25 murray slapd[278]: conn=0 op=0 BIND dn="" method=128\n
Jan 25 09:30:25 murray slapd[278]: send_ldap_result: err=0 matched="" 
text=""\n
Jan 25 09:30:25 murray slapd[278]: conn=0 op=0 RESULT tag=97 err=0 text=\n
Jan 25 09:30:25 murray slapd[278]: connection_get(13)\n
Jan 25 09:30:25 murray slapd[278]: SRCH 
"ou=test,ou=services,o=university of sussex" 2 1
Jan 25 09:30:25 murray slapd[278]:     0 0 0\n
Jan 25 09:30:25 murray slapd[278]:     filter: (uid=dml)\n
Jan 25 09:30:25 murray slapd[278]:     attrs:
Jan 25 09:30:25 murray slapd[278]: \n
Jan 25 09:30:25 murray slapd[278]: conn=0 op=1 SRCH 
base="ou=test,ou=services,o=university of sussex" scope=2 deref=1 
filter="(uid=dml)"\n
Jan 25 09:30:25 murray slapd[278]: bdb_idl_fetch_key: [01872a84]\n
Jan 25 09:30:25 murray slapd[278]: bdb_idl_fetch_key: 
@ou=test,ou=services,o=university of sussex\n
Jan 25 09:30:25 murray slapd[278]: bdb_idl_fetch_key: 
@uid=dml,ou=unix,ou=uscs,o=university of sussex\n
Jan 25 09:30:25 murray slapd[278]: bdb_idl_fetch_key: 
@uid=dml24,ou=unix,ou=uscs,o=university of sussex\n
Jan 25 09:30:25 murray slapd[278]: bdb_idl_fetch_key: 
@uid=dml25,ou=unix,ou=uscs,o=university of sussex\n
Jan 25 09:30:25 murray slapd[278]: bdb_idl_fetch_key: [b49d1940]\n
Jan 25 09:30:25 murray slapd[278]: bdb_idl_fetch_key: [c49b2cb3]\n
Jan 25 09:30:25 murray slapd[278]: send_ldap_result: err=0 matched="" 
text=""\n
Jan 25 09:30:25 murray slapd[278]: conn=0 op=1 SEARCH RESULT tag=101 
err=0 nentries=1 text=\n
Jan 25 09:30:25 murray slapd[278]: connection_get(13)\n
Jan 25 09:30:25 murray slapd[278]: conn=0 op=2 UNBIND\n
Jan 25 09:30:25 murray slapd[278]: conn=0 fd=13 closed\n
Dave
---
Dave Lewney
IT Services, University of Sussex, Brighton BN1 9QT

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

Re: Resolving aliasedobjectname(s)

Dave