LdapPlugin should follow LDAP aliases

[r_j_h_box-buy@…]

I'm using an LDAP configuration where I need to place my Trac groups in one part of the tree, as aliases to groups that are defined in other parts of the tree.

In case anybody's wondering, this is to allow me to administer my Trac instances through my Apple OSX Leopard Server's Workgroup Administrator application.

There's a feature built into the LDAP libraries which specifies that lookups should follow aliases, and it appears that this isn't currently enabled. If you can recommend a workaround and/or a code fix on the plugin, that would very much appreciated.

[anonymous]

From ​http://python-ldap.sourceforge.net/doc/html/ldap.html#ldap.LDAPObject.search

LDAPObject.deref

    Controls whether aliases are automatically dereferenced. This must be one of DEREF_NEVER, DEREF_SEARCHING, DEREF_FINDING, or DEREF_ALWAYS. This option is mapped to option constant OPT_DEREF and used in the underlying OpenLDAP lib.

[ektich@…]

enable alias dereference during search operatoins

[ektich@…]

I've added a simple patch that enables alias dereferencing during search operations. It works for me with OpenLDAP version 2.4.11 and the alias record described by the following LDIF:

dn: cn=tracgroup,ou=people,dc=example,dc=com
objectClass: alias
objectClass: extensibleObject
cn: tracgroup
aliasedObjectName: cn=tracgroup,ou=groups,dc=example,dc=com

My main need for this feature is an inability of LdapAuthStorePlugin to keep users and groups on different branches of the LDAP tree.