Hi !

   I think I have found a a bug in openLDAP 2.4.6 (maybe I am misunderstanding RFC4511 …). I explain
the test case where (maybe) I found it:

   I have created an alias (alias_entry) which points to another created entry (pointed_entry). I have
not created any subordinate entry under "alias_entry" nor under "pointed_entry.

   Using always the "alias_entry" as the "searchRequest.baseObject" I have been checking the answers
obtained from an slapd/back-bdb as I change the values of "searchRequest.scope" and "searchRequest.derefAliases"
fields (I am checking -and assuring- with "wireShark" that the LDAP searchRequest messages being sent to the slapd
process are the desired ones).

   I found the expected behaviour (according to RFC4511) in all cases except for the following one:

- searchRequest.scope: wholeSubtree
- searchRequest.derefAliases: derefInSearching

   I received two LDAP searchResEntry messages (instead of the single one expected) !!!

(1) One for the "alias_entry" (where I can see the "aliasedObjectName" attribute set to the pointed_entry's dn) ==> OK
(2) One for the "pointed_entry" ==> ???????

  As far as I understand RFC4511 the second entry should NOT be returned from the LDAP server !!!!

BR / Antonio

Antonio Alonso Alarcón
CUDB System Engineer


Ericsson España, S.A.           Phone: +34 91339 3085
Via de los Poblados 13          Mobile: +34 609640579 (66215)
28033 Madrid, Spain                           Fax: +34 91339 1636
E-mail: Antonio.Alonso@ericsson.com