Hi:
I'm trying to migrate an old LDAP server (that holds an ldap tree for Open-Xchange) to a new installation of OpenLDAP 2.3.43.
A lot of users had configured their Outlook in a way that they make a base search for ou=Users,ou=OxObjects,dc=domain,dc=com in their LDAP address book. But my new LDAP tree won't have ou=OxObjects,dc=domain,dc=com entry, i'm creating a new ldap structure to be used with GOSA.
So I decide to create a referral like this:
dn: ou=Users,ou=OxObjects,dc=domain,dc=com ou: Users objectclass: referral objectclass: extensibleObject ref: ldap://HOSTNAME/ou=people,dc=domain,dc=com
This works fine, now Outlook users can find their contacts using the same base search (ou=Users,ou=OxObjects,dc=domain,dc=com) but now GOSA got in problems because it finds two administrator users (cn=System administrator,ou=people,dc=domain,dc=com) because of the referral. I just would like to GOSA doesn't follow referrals or just searches for users under ou=people,dc=domain,dc=com instead of the root dc=domain,dc=com, but it seem that GOSA isn't good enough to customize this yet.
So I think I could modify my referral to return not all attributes, just some of them (the attributes commonly used by an address book search) like this:
dn: ou=Users,ou=OxObjects,dc=domain,dc=com ou: Users objectclass: referral objectclass: extensibleObject ref: ldap://HOSTNAME/ou=people,dc=domain,dc=com?cn,sn,givenName,telephoneNumber,mail
After updating my referral and I make an ldapsearch:
# ldapsearch -xLLL "(uid=admin)"
I still get two entries (two administrators) and both of them returns all its attributes. Then I tried to modify my referral like this:
dn: ou=Users,ou=OxObjects,dc=domain,dc=com ou: Users objectclass: referral objectclass: extensibleObject ref: ldap://HOSTNAME/ou=people,dc=domain,dc=com??sub?(!(uid=admin))
And still get two entries (two administrators). So I suspect that my referral URI isn't working. Am using a wrong referral? Or maybe OpenLDAP always returns all entries ignoring attributes and filters in a URI referral (ldap://HOSTNAME/ou=people,dc=domain,dc=com?cn,sn,givenName,telephoneNumber,mail)?
I hope some one can help me because i'm stuck with this since two days ago. I just want to limit the entries returned by my referral.
Thanks