by set.exact="this/frESPCImail & ([ldap:///]+(([ldap:///dc=espci,dc=fr??one? (frESPCImanager=]+user+[)])/entryDN+[??one])/entryDN)/rfc822mailbox"
I'm trying to understand that set. There is a first step: ldap:///dc=espci,dc=fr??one?(frESPCImanager=]+user+[)])/entryDN
That retreive the ou's DN for which the user is a manager. Why can't we write it that way? ([frESPCImanager=]+user)
Let's call OU_MANAGER the result of the above query. We are left with that second step:
[ldap:///]+OU_MANAGER+[??one])/entryDN)/rfc822mailbox"
We so perform a query for all users' rfc822mailbox within OU_MANAGER. Again, why the following would be wrong? ([ou=]+OU_MANAGER+[,dc=espci,dc=fr])/rfc822mailbox
Let's call MANAGED_MAILADDR the result of the above operation, the last operation is this/frESPCImail & MANAGED_MAILADDR
That one is obvious to understand, no problem.