[Feature Request] LDAP alias-Objects derefencing

From: Torsten.Vogt@NOSPAM.NOSPAM

Hi Eric,

found your openssh-lpk patch and tested it - worked wonderful. Next step is
to design our directory tree. Our goal is to have a node for each
servergroup, but we won't have duplicate users.
One solution is to use alias-Objects in LDAP. So you need only one object
per user and in the node per servergroup you have aliases, if needed.

By Default this patch doesnt deref aliases, so i made some simple changes:

121a122
> >     int deref = LDAP_DEREF_ALWAYS;
136a138,141
> >     if ( ldap_set_option(ldap->ld, LDAP_OPT_DEREF, &deref) !=
LDAP_OPT_SUCCESS) {
> >         ldap_perror(ldap->ld, "ldap_set_option()");
> >         return FAILURE;
> >     }
163a169,172
> >             if ( ldap_set_option(ldap->ld, LDAP_OPT_DEREF, &deref) !=
LDAP_OPT_SUCCESS) {
> >                  ldap_perror(ldap->ld, "ldap_set_option()");
> >                  return FAILURE;
> >             }

with modifying an option you can force ldapsearch to deref aliases.

Because of my poor C-knowledge I used a hardcoded Option. It would be very
useful to have an Option like "LpkDeref" which would control this feature.
There are four options: 'always', 'never' (default), 'search' or 'find'.
This is
similar to a ldap.conf syntax.

The associated constants are:
#define LDAP_DEREF_NEVER                         0x00
#define LDAP_DEREF_SEARCHING         0x01
#define LDAP_DEREF_FINDING                       0x02
#define LDAP_DEREF_ALWAYS                        0x03

I would be very happy if my suggestion could find a way in your official patch.

Cheers
Torsten

Original issue reported on code.google.com by eric.a...@gmail.com on 21 Sep 2008 at 10:49

eau-u4f / openssh-lpk

[Feature Request] LDAP alias-Objects derefencing #1