Greetings.

If I have a server which manages a tree split into two databases, one covering o=top, and one ou=sub,o=top, then a query against base o=top with subtree scope returns only objects within the first database, and not the second.

Should I have expected that? (I didn't)

[ This is a for-interest question. This isn't really a practical problem for me: I'm encountering it because I have a situation where I'm searching objects in ou=sub,o=top and in o=top, which would be on different servers in the real case, but which are in the same server as part of a test harness. Of course, I doubt it would be a good production design to have a tree split into multiple databases like this. ]

That makes sense if the semantics of a search are that it searches a _database_, but it conflicts with the intuition that a search is of a _tree_, where I'd expect a search of o=top to implicitly include ou=sub,o=top as well. My problem is that I can't find where in the manual it tells me I should expect the former rather than the latter. What have I not read?

Both ldapsearch(1) and ldap_search(3) discuss the scope in terms of sub_tree_, and don't mention databases (I wouldn't expect them to, since here a 'database' is an implementation detail of the LDAP server). Section 1.1 of TFM says 'A directory is a specialized database specifically designed for searching and browsing', but that's 'database' being used somewhat generically.

Perhaps I should be looking at referrals? But the introduction of referrals in TFM suggest that these are a mechanism for referring clients to servers broadly 'elsewhere', and Sect. 5.3 documents olcReferral by saying that 'queries not local to one of the databases defined below will be referred to the LDAP server running on [another server]'. And queries to ou=sub,o=top _is_ 'local to one of the databases'.

Best wishes,

Norman