diff -ruN samba-3.0.9.orig/source/include/smb.h samba-3.0.9/source/include/smb.h
--- samba-3.0.9.orig/source/include/smb.h	2004-11-15 21:03:30.000000000 -0600
+++ samba-3.0.9/source/include/smb.h	2005-01-03 16:56:15.000000000 -0600
@@ -1349,6 +1349,9 @@
 /* LDAP SSL options */
 enum ldap_ssl_types {LDAP_SSL_ON, LDAP_SSL_OFF, LDAP_SSL_START_TLS};
 
+/* LDAP SSL options */
+enum ldap_deref_types {LDAP_DEREFERENCE_NEVER, LDAP_DEREFERENCE_SEARCHING, LDAP_DEREFERENCE_FINDING, LDAP_DEREFERENCE_ALWAYS};
+
 /* LDAP PASSWD SYNC methods */
 enum ldap_passwd_sync_types {LDAP_PASSWD_SYNC_ON, LDAP_PASSWD_SYNC_OFF, LDAP_PASSWD_SYNC_ONLY};
 
diff -ruN samba-3.0.9.orig/source/lib/smbldap.c samba-3.0.9/source/lib/smbldap.c
--- samba-3.0.9.orig/source/lib/smbldap.c	2004-11-15 21:03:20.000000000 -0600
+++ samba-3.0.9/source/lib/smbldap.c	2005-01-03 17:55:26.253212952 -0600
@@ -590,6 +590,7 @@
 {
 	int rc = LDAP_SUCCESS;
 	int version;
+	int deref;
 	BOOL ldap_v3 = False;
 	LDAP **ldap_struct = &ldap_state->ldap_struct;
 
@@ -690,6 +691,17 @@
 #endif
 	}
 
+	/* Set alias dereferencing method */
+	deref = lp_ldap_deref();
+
+	if (deref != -1) {
+		if (ldap_set_option (*ldap_struct, LDAP_OPT_DEREF, &deref) != LDAP_OPT_SUCCESS) {
+			DEBUG(0,("Failed to set dereferencing method: %d\n", deref));
+		} else {
+			DEBUG(3,("Set dereferencing method: %d\n", deref));
+		}
+	}
+
 	DEBUG(2, ("smbldap_open_connection: connection opened\n"));
 	return rc;
 }
diff -ruN samba-3.0.9.orig/source/param/loadparm.c samba-3.0.9/source/param/loadparm.c
--- samba-3.0.9.orig/source/param/loadparm.c	2004-11-15 21:03:16.000000000 -0600
+++ samba-3.0.9/source/param/loadparm.c	2005-01-03 18:14:25.250606330 -0600
@@ -227,6 +227,7 @@
 	char *szLdapServer;
 #endif
 	int ldap_ssl;
+	int ldap_deref;
 	char *szLdapSuffix;
 	char *szLdapFilter;
 	char *szLdapAdminDn;
@@ -636,6 +637,18 @@
 	{-1, NULL}
 };
 
+static const struct enum_list enum_ldap_deref[] = {
+	{LDAP_DEREFERENCE_NEVER, "Never"},
+	{LDAP_DEREFERENCE_NEVER, "never"},
+	{LDAP_DEREFERENCE_SEARCHING, "Searching"},
+	{LDAP_DEREFERENCE_SEARCHING, "searching"},
+	{LDAP_DEREFERENCE_FINDING, "Finding"},
+	{LDAP_DEREFERENCE_FINDING, "finding"},
+	{LDAP_DEREFERENCE_ALWAYS, "Always"},
+	{LDAP_DEREFERENCE_ALWAYS, "always"},
+	{-1, NULL}
+};
+
 static const struct enum_list enum_ldap_passwd_sync[] = {
 	{LDAP_PASSWD_SYNC_OFF, "no"},
 	{LDAP_PASSWD_SYNC_OFF, "No"},
@@ -1094,6 +1107,7 @@
 	{"ldap replication sleep", P_INTEGER, P_GLOBAL, &Globals.ldap_replication_sleep, NULL, NULL, FLAG_ADVANCED},
 	{"ldap suffix", P_STRING, P_GLOBAL, &Globals.szLdapSuffix, NULL, NULL, FLAG_ADVANCED}, 
 	{"ldap ssl", P_ENUM, P_GLOBAL, &Globals.ldap_ssl, NULL, enum_ldap_ssl, FLAG_ADVANCED}, 
+	{"ldap deref", P_ENUM, P_GLOBAL, &Globals.ldap_deref, NULL, enum_ldap_deref, FLAG_ADVANCED},
 	{"ldap timeout", P_INTEGER, P_GLOBAL, &Globals.ldap_timeout, NULL, NULL, FLAG_ADVANCED},
 	{"ldap user suffix", P_STRING, P_GLOBAL, &Globals.szLdapUserSuffix, NULL, NULL, FLAG_ADVANCED}, 
 
@@ -1473,6 +1487,7 @@
 
 	string_set(&Globals.szLdapAdminDn, "");
 	Globals.ldap_ssl = LDAP_SSL_ON;
+	Globals.ldap_deref = LDAP_DEREFERENCE_NEVER;
 	Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF;
 	Globals.ldap_delete_dn = False;
 	Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */
@@ -1710,6 +1725,7 @@
 FN_GLOBAL_STRING(lp_ldap_filter, &Globals.szLdapFilter)
 FN_GLOBAL_STRING(lp_ldap_admin_dn, &Globals.szLdapAdminDn)
 FN_GLOBAL_INTEGER(lp_ldap_ssl, &Globals.ldap_ssl)
+FN_GLOBAL_INTEGER(lp_ldap_deref, &Globals.ldap_deref)
 FN_GLOBAL_INTEGER(lp_ldap_passwd_sync, &Globals.ldap_passwd_sync)
 FN_GLOBAL_BOOL(lp_ldap_delete_dn, &Globals.ldap_delete_dn)
 FN_GLOBAL_INTEGER(lp_ldap_replication_sleep, &Globals.ldap_replication_sleep)