Question regarding the translucent overlay.
Say I wanted to create some entries locally that don't have corresponding remote entries. For example, if the base suffix is dc=foo,dc=bar, and the remote ldap server has, let's call them user entries at uid=myuser,dc=foo,dc=bar, and I wanted to locally create ou=group,dc=foo,dc=bar and put my own group entries in that, is this possible with translucent? Or maybe with a combination of overlays?
Ok, I know I can create local-only entries, but any search requests for them fail. Is this what ITS#5283 is supposed to accomplish, without going through the hassle of trying to build HEAD?
Andrew Cobaugh wrote:
Question regarding the translucent overlay.
Say I wanted to create some entries locally that don't have corresponding remote entries. For example, if the base suffix is dc=foo,dc=bar, and the remote ldap server has, let's call them user entries at uid=myuser,dc=foo,dc=bar, and I wanted to locally create ou=group,dc=foo,dc=bar and put my own group entries in that, is this possible with translucent? Or maybe with a combination of overlays?
Ok, I know I can create local-only entries, but any search requests for them fail. Is this what ITS#5283 is supposed to accomplish, without going through the hassle of trying to build HEAD?
No. The translucent overlay is only intended to allow locally defined attributes to be associated with remote entries. If you want to create entire entries locally, you should look into subordinate glue instead.
Hi,
Coincidentally I needed to do the same recently, and the after some back-and-forth the I reached a solution with "subordinate" glue: http://www.openldap.org/lists/openldap-software/200802/msg00128.html Basically, I used a "ldap" backend to connect to the "main" remote server, and a local "bdb" backend that is also subordinate.
Note, however, that this in my system this works if you want to add user and/or group entries, but it doesn't work so well for autofs maps (though I suspect that is because how autofs performs a search for maps of type "ldap").
Oren.
Andrew Cobaugh wrote:
Question regarding the translucent overlay.
Say I wanted to create some entries locally that don't have corresponding remote entries. For example, if the base suffix is dc=foo,dc=bar, and the remote ldap server has, let's call them user entries at uid=myuser,dc=foo,dc=bar, and I wanted to locally create ou=group,dc=foo,dc=bar and put my own group entries in that, is this possible with translucent? Or maybe with a combination of overlays?
Ok, I know I can create local-only entries, but any search requests for them fail. Is this what ITS#5283 is supposed to accomplish, without going through the hassle of trying to build HEAD?
On Feb 19, 2008 10:30 PM, Oren Laadan orenl@cs.columbia.edu wrote:
Hi,
Coincidentally I needed to do the same recently, and the after some back-and-forth the I reached a solution with "subordinate" glue: http://www.openldap.org/lists/openldap-software/200802/msg00128.html Basically, I used a "ldap" backend to connect to the "main" remote server, and a local "bdb" backend that is also subordinate.
Note, however, that this in my system this works if you want to add user and/or group entries, but it doesn't work so well for autofs maps (though I suspect that is because how autofs performs a search for maps of type "ldap").
Thanks for that! I actually have accomplished exactly what I set out to do. Basically, I took your config, made that my 'top level' ldap server, but for the ldap backend entry, I specify a different ldap server to relay to, one which holds another bdb backend, ldap backend to the remote server, and the translucent overlay configured.
My next question: can anyone on Oren's config that he posted in the link he provided as to how something like that could be configured with the translucent overlay on top of the ldap backend database, as well as the local bdb to serve out the subordinate suffix. I tried that, and it seems to throw slapd into an infinite loop (which I saw in a number of scenarios with other related configs that I tried).
Thanks for the help so far!
My next question: can anyone on Oren's config that he posted in the link he provided as to how something like that could be configured with the translucent overlay on top of the ldap backend database, as well as the local bdb to serve out the subordinate suffix. I tried that, and it seems to throw slapd into an infinite loop (which I saw in a number of scenarios with other related configs that I tried).
Thanks for the help so far!
Please share your configs for examining.
openldap-software@openldap.org
-
Andrew Cobaugh -
Gavin Henry -
Howard Chu -
Oren Laadan