Gavin Henry wrote: [...]
Are they really correct? With local-only entries working well (as they should, with my recent version of openldap), I would assume that local-only would return local-only entries, and that local-and-remote would return both remote and local entries.
So are you getting local entries at all?
I see local *modifications*, yes. Example: A remote entry with uid=andrew is edited on the translucent extension with a new description. When searching, I see the locally changed description without problems.
On the other hand, when I create *entries* that only exist on the translucent extension, I never see any sign of them when searching. I do see them when running slapcat, so they are indeed present in the local database.
This should be fixed with Howard's 2.4.8 patch some time ago, so I can only assume there's something strange with my config or the 2.4.10 Debian build. I will try to build a vanilla OpenLDAP from source as soon as I have time.
sven
Sven Ulland wrote:
Gavin Henry wrote: [...]
Are they really correct? With local-only entries working well (as they should, with my recent version of openldap), I would assume that local-only would return local-only entries, and that local-and-remote would return both remote and local entries.
So are you getting local entries at all?
I see local *modifications*, yes. Example: A remote entry with uid=andrew is edited on the translucent extension with a new description. When searching, I see the locally changed description without problems.
On the other hand, when I create *entries* that only exist on the translucent extension, I never see any sign of them when searching. I do see them when running slapcat, so they are indeed present in the local database.
This should be fixed with Howard's 2.4.8 patch some time ago,
No.
Re-read the slapo-translucent manpage:
Entries retrieved from a remote LDAP server may have some or all attributes overridden, or new attributes added, by entries in the local database before being presented to the client. <<<
Entries that only exist locally have no meaning. Translucency is only for modifying the view of an entry that already exists remotely.
Howard Chu wrote:
Sven Ulland wrote: [...]
Gavin Henry wrote: I see local *modifications*, yes. Example: A remote entry with uid=andrew is edited on the translucent extension with a new description. When searching, I see the locally changed description without problems.
On the other hand, when I create *entries* that only exist on the translucent extension, I never see any sign of them when searching. I do see them when running slapcat, so they are indeed present in the local database.
This should be fixed with Howard's 2.4.8 patch some time ago,
No.
Re-read the slapo-translucent manpage:
Entries retrieved from a remote LDAP server may have some or all attributes overridden, or new attributes added, by entries in the local database before being presented to the client. <<<
Entries that only exist locally have no meaning. Translucency is only for modifying the view of an entry that already exists remotely.
Then I have misunderstood the wording in the man page, specifically this: "With [translucent_local], search filters will be split into a local and remote portion, and local attributes will be searched locally." I also wrongly assumed that it would be possible, given Gavin's follow-ups.
Now that it's clear that slapo-translucent alone won't do what I'm after (a stand-alone directory extension with local-only attribute changes and also local-only entries), the proper way might be to use a local directory, slapd-meta using the master and local directories, with default-target pointing to the local dir for writes. That should at least be a place to start. I'll see if I can get it working.
sven
openldap-technical@openldap.org