GetDnForUserid extended operation

For the GetDnForUserid extended operation, the EXOP backend retrieves all of a user ID's distinguished names (DNs) stored in the target LDAP server. The client can filter the DNs returned by the EXOP backend by specifying a search base and object class names. The sequence of events for this extended operation is:

If the client does not specify a search base, the EXOP backend searches for the DN of all entries in all of the target server's naming contexts that contain an ibm-nativeId attribute set to the specified user ID and whose set of object classes include all of the optional specified object classes. If there are no naming contexts, no results will be returned.
If the EXOP backend does not receive entries from the target LDAP server for this first set of searches, it attempts a similar set of searches, maintaining the filtering based on the optional object classes. For the second set of searches, however, instead of searching for entries with an ibm-nativeId attribute set to the specified user ID, it searches for entries with a uid attribute set to the specified user ID.

If the client does specify a search base, the EXOP backend will attempt the same sequence of searches described above, but instead of searching all of the target LDAP server's naming contexts, it only searches the naming context specified in the search base.

GetDnForUserid summarizes some different error scenarios for this extended operation and the EXOP backend's response to such scenarios.