If you search the forum for derefalias you’‘ll find an e-mail I’'ve written about this topic - well, about the difficulty of setting your search base to point to the base of the tree - which, I believe is your problem. Still no answer, though
I’‘d be curious to know if pointing to an aliased entry to the root would do the trick (t=xxxx). Try getting a ldap browser utility to figure out what your tree looks like - the softerra one’'s ok.
Anyway, to answer your question more precisely:
You’‘ll probably need to set your search base to the first container down from the root - e.g o=xx. and search filter (“advanced settings” in panel 2) of something like: (&(objectClass=inetOrgPerson)(uid=)) This config obviously implies you’‘ll only see some of your tree. I tried setting ldap.alternateBaseDN but no luck, so it looks like I might need two servers - but that maybe be a good idea anyway given the size of my institution. My eDir administrator says don’'t bother with groups '‘cause they won’‘t do much for you on our eDir. I trust him. Here’‘s the (doctored) snippet of what your wildfire.xml should look like - notice that the server itself doesn’'t need to authenticate (in our setup, anyway) ourldaphost.ouruni.ac.uk 636 o=xx true true false true cn <![CDATA[
]]> fullName mail cn member description false (&(objectClass=inetOrgPerson)(uid=))