On Jun 3, 2010, at 11:17 AM, masarati@aero.polimi.it wrote:
Or maybe OpenLDAP always returns all entries ignoring attributes and filters in a URI referral (ldap://HOSTNAME/ou=people,dc=domain,dc=com?cn,sn,givenName,telephoneNumber,mail)?
That's what I would expect given RFC 3296 says servers are to strip out such information when returning referrals to clients. If the server chases it instead, the server should do it's best to provide what the client would have gotten if it had chased it itself. The client would not have gotten the extra stuff, so the server should not be using it in chaining.
-- Kurt