Hardcoded ou=People container below BaseDN!?
I'm trying to authenticate a Solaris 10 client against a Sun Java Enterprise System Directory Server 5.2 which is also running on Solaris 10.
I've created a client profile which specifies the search base 'dc=city,dc=country,dc=domain,dc=tld'. This BaseDN is also located in the /var/ldap/ldap_client_file file on the client. This file also contain the 'sub' search scobe definition...
The nsswitch.conf file is a copy of the nsswitch.ldap (all configuration done after a sys-unconfig and 'LDAP' choosen as NS service).
I (my object) is located as 'uid=turbo,ou=People,ou=org1,dc=city,dc=country,dc=domain,dc =tld'
But when trying a 'id turbo' i get 'invalid username'. Looking at the logs of the Directory server I suddenly see that the client have added the 'ou=People' to the search/base DN above!!
That is, it searches below 'ou=People,dc=city,dc=country,dc=domain,dc=tld', NOT (as I've told it!) below 'dc=city,dc=country,dc=domain,dc=tld'.
Why is the Solaris client adding 'ou=People' to the search DN, despite me explicitly telling it to search everything below BaseDN?
