Hello,

Does anyone have experience with replicating the "local" part of a translucent proxy? I've gotten into the habit of running redundant pairs for everything. Since translucent uses back-ldap, which sets lastmod off, traditional replication via syncrepl doesn't work. Right now I'm only supporting a directory of about 2000 engineers, so it is feasible to use some combination of slapcat and ldapadd/ldapmodify magic to update a secondary server.

I could also slapcat the translucent database and take down the secondary server while the database is rebuilt. One idea I had is to copy the local translucent database to a separate (non-proxy)server every N hours, and have any slaves replicate off of that. However, due to schema checking I cannot simply copy a translucent db to a non-translucent one due to all the glue and missing attributes.

I've found the translucent overlay (and openLDAP's flexibility in general) to be a lifesaver. If anyone has any ideas or experience with this particular challenge, I'd love to hear about it.

Cheers, David Arroyo