I though about putting it in a simpler way.
OpenLDAP 2.4.23 with translucent proxy.
I'm able to add/remove/modify attributes locally using the rootdn defined in the server configuration. I'm NOT able to browse or perform searches using those same credentials. I always get 0 entries. I am however able to perform searches and browse the tree if i bind anonymously or if i bind with one of the LDAP users accounts.
Is this behaviour to be expected? Is there any way to use a single pair of credentials and be able to add/delete/modify/browse/search ?
the database definition is as follows:
--- snip ---
database hdb suffix "dc=example,dc=com" rootdn cn=loadmin,dc=example,dc=com rootpw secret directory "/var/lib/ldap" lastmod on
access to attrs=userPassword,sambaNTPassword,krb5Key by dn.exact="cn=admin,dc=example,dc=com" write by dn.exact="cn=loadmin,dc=example,dc=com" write by dn.exact="cn=reader,dc=example,dc=com" read by self read by anonymous auth by * none
access to * by dn.exact="cn=admin,dc=example,dc=com" write by dn.exact="cn=loadmin,dc=example,dc=com" write by * read
index sambaSID,sambaPrimaryGroupSID eq
overlay translucent uri "ldap://ldapbackend.example.com" acl-bind binddn="cn=reader,dc=example,dc=com" credentials="secret" translucent_strict translucent_remote objectClass translucent_local sambaSID,sambaPrimaryGroupSID,sambaAcctFlags overlay glue
--- snip ---
Best Regards,
Hugo Monteiro.