This is what I would like todo:

- Have a local DB which contains only groups under ou=Groups,OU=example,DC=com - Have a translucent conection to Active Directory - using subordinate gue this 2 databases together

This should make it possible to administrate local Groups And add the needed Posix stuff to our ActiveDirectory users.

This seems to work exept for the translucent stuff. I see both my databases (The AD and the Local one) I can write to my local one (adding a group for example)

But when I want to add extra attributes to an ActiveDirectory use (using the translucent) I can't do this I Receive the following error "No Such Object"

It seems that I'm not able to write to the glued translucent DB.

Here is the config.

database bdb

suffix "ou=ActiveDir,OU=example,DC=com" subordinate directory "/var/lib/ldap-translucent"

overlay translucent uri "ldap://remotehost" acl-bind bindmethod=simple binddn="cn=readonlyuser,OU=example,DC=com" credentials=secret idassert-bind bindmethod=simple binddn="cn=readonlyuser,OU=example,DC=com" credentials="secret" mode=none flags=non-prescriptive

database bdb

suffix "OU=example,DC=com" overlay glue directory "/var/lib/ldap"

rootdn "cn=admin,OU=example,DC=com" rootpw supersecure index cn,sn,uid pres,eq,approx,sub index objectClass eq