Thanks, Howard. Your hint about translucent_local allowed me to solve the problem. I
looked again at the actual query we were using. It had objectClass in the filter. In our
translucent config we have objectClass as both translucent_local and translucent_remote.
If I change the filter to something that isn't tagged with translucent_local then the
remote entry is returned and there is no error from a local search.
From: Howard Chu [mailto:email@example.com]
Sent: Wednesday, July 10, 2013 11:40 AM
To: Steve Eckmann; openldap-technical(a)openldap.org
Subject: Re: "No such object" error with translucent overlay and base scope
Steve Eckmann wrote:
We found that we get a "No such object" error from the
overlay when we do a search like this:
ldapsearch -x -H ldaps://localhost -LLL \
-b "cn=John Doe,ou=Users,dc=example,dc=com" -s base \
-D "cn=admin,dc=example,dc=com" -w admin \
if there is no entry for "cn=John Doe,ou=Users,dc=example,dc=com" in
the local database, whether or not the remote entry exists. It seems
like a mistake for the translucent overlay to report an error if the
remote entry exists, since it only means that we haven't added any
local attributes yet. Is there a way to suppress the error result when
the proxied server returns an entry, so we don't have to hack around this weirdness
in our client?
Re-read the slapo-translucent manpage, check your local/remote configuration.
The overlay won't query the remote server if you've only specified
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/