Normal referral are "simple" LDAP URL like : ldap://root.openldap.org/dc=openldap,dc=org
To select more precisely what can be read through AACL filter backend, we develop a control to support full URL as extended referral :
But must important, the OID of this control : "18.104.22.168.4.1.1322.214.171.124".
- This mean, that when we find this referral during a search on our directory :
- We look forward on host root.openldap.org
- under dc=openldap,dc=org
- to the minimum of the set of attributes specified in the ldap search query and in this url
- with the filter to which we had the "limitation" specified as the last part of the url
- with a scope that is the minimum between the scope specified in the query and in the url.