Thanks, Howard. Your hint about translucent_local allowed me to solve the problem. I looked again at the actual query we were using. It had objectClass in the filter. In our translucent config we have objectClass as both translucent_local and translucent_remote. If I change the filter to something that isn't tagged with translucent_local then the remote entry is returned and there is no error from a local search.

Regards, Steve

-----Original Message----- From: Howard Chu [mailto:hyc@symas.com] Sent: Wednesday, July 10, 2013 11:40 AM To: Steve Eckmann; openldap-technical@openldap.org Subject: Re: "No such object" error with translucent overlay and base scope search

Steve Eckmann wrote:

We found that we get a "No such object" error from the translucent overlay when we do a search like this:

ldapsearch -x -H ldaps://localhost -LLL \

  -b "cn=John Doe,ou=Users,dc=example,dc=com" -s base \

  -D "cn=admin,dc=example,dc=com" -w admin \

  '(&)'

if there is no entry for "cn=John Doe,ou=Users,dc=example,dc=com" in the local database, whether or not the remote entry exists. It seems like a mistake for the translucent overlay to report an error if the remote entry exists, since it only means that we haven't added any local attributes yet. Is there a way to suppress the error result when the proxied server returns an entry, so we don't have to hack around this weirdness in our client?

Re-read the slapo-translucent manpage, check your local/remote configuration. The overlay won't query the remote server if you've only specified translucent_local attributes.