Problem with alias dereferencing in ldap authentication

[Emmanuel Aubert]

Dear all,

For many reasons, we would like to be able to use dereferencing in ldap
search for cas authentication.

I join to this mail the deployerConfigContext.xml file.

When I try to authenticate to the cas server, it fails.

The slapd logs are as follow :

Oct 12 10:47:41 mystic slapd[11284]: conn=70 fd=12 ACCEPT from
IP=195.83.19.11:56509 (IP=0.0.0.0:389)
Oct 12 10:47:41 mystic slapd[11284]: conn=70 op=0 BIND
dn="cn=Manager,dc=femto-st,dc=fr" method=128
Oct 12 10:47:41 mystic slapd[11284]: conn=70 op=0 BIND
dn="cn=Manager,dc=femto-st,dc=fr" mech=SIMPLE ssf=0
Oct 12 10:47:41 mystic slapd[11284]: conn=70 op=0 RESULT tag=97 err=0 text=
Oct 12 10:47:41 mystic slapd[11284]: conn=70 op=1 SRCH
base="ou=AliasedPeople,dc=femto-st,dc=fr" scope=2 deref=1
filter="(&(uid=emmanuel.aubert)(objectClass=FemtoUser))"
Oct 12 10:47:41 mystic slapd[11284]: conn=70 op=1 SRCH attr=1.1
Oct 12 10:47:41 mystic slapd[11284]: conn=70 op=1 SEARCH RESULT tag=101
err=0 nentries=1 text=
Oct 12 10:47:41 mystic slapd[11284]: conn=71 fd=17 ACCEPT from
IP=195.83.19.11:56510 (IP=0.0.0.0:389)
Oct 12 10:47:41 mystic slapd[11284]: bind: invalid dn
(ldap://mailtest.femto-st.fr:389/uid=emmanuel.aubert,ou=People,ou=6,dc=femto-st,dc=fr,ou=AliasedPeople,ou=dc=femto-st,dc=fr)
Oct 12 10:47:41 mystic slapd[11284]: conn=71 op=0 RESULT tag=97 err=34
text=invalid DN
Oct 12 10:47:41 mystic slapd[11284]: conn=71 fd=17 closed

Why is the dn returned by the primary search like this ?
Has anybody an idea of what happens ?

Thank you for your answer.

--
Emmanuel Aubert
Femto-ST
-------------- next part --------------
A non-text attachment was scrubbed...
Name: deployerConfigContext.xml
Type: text/xml
Size: 7057 bytes
Desc: not available
Url : http://tp.its.yale.edu/pipermail/cas/attachments/20061012/17914ec9/deployerConfigContext.xml