We noticed that adding a local entry for which there is no corresponding remote entry doesn't cause an error to be reported, but the bogus local entry cannot then be found or deleted, as far as I can tell. I realize it was a mistake to add such an entry, but is it possible to configure the translucent overlay to prevent the client from making this mistake, or is it up to the client to ensure a remote entry exists before adding a local entry? And is there some way to find and delete such bobus local entries, either via LDAP commands or by directly querying and managing the local mdb instance?
Thanks.
Steve
Steve Eckmann wrote:
We noticed that adding a local entry for which there is no corresponding remote entry doesn’t cause an error to be reported, but the bogus local entry cannot then be found or deleted, as far as I can tell. I realize it was a mistake to add such an entry, but is it possible to configure the translucent overlay to prevent the client from making this mistake, or is it up to the client to ensure a remote entry exists before adding a local entry? And is there some way to find and delete such bobus local entries, either via LDAP commands or by directly querying and managing the local mdb instance?
Adds only work when performed by the rootDN. Likewise for Deletes. If your clients are using the rootDN for routine operation, you're doing something wrong.
Thanks for the tip, Howard. I'll get that fixed. It had not occurred to me that we could add local attributes without first explicitly adding a local entry. But now I see that ldapmodify works as desired.
-----Original Message----- From: Howard Chu [mailto:hyc@symas.com] Sent: Sunday, May 19, 2013 8:02 AM To: Steve Eckmann; openldap-technical@openldap.org Subject: Re: translucent overlay - bogus local entries
Steve Eckmann wrote:
We noticed that adding a local entry for which there is no corresponding remote entry doesn't cause an error to be reported, but the bogus local entry cannot then be found or deleted, as far as I can tell. I realize it was a mistake to add such an entry, but is it possible to configure the translucent overlay to prevent the client from making this mistake, or is it up to the client to ensure a remote entry exists before adding a local entry? And is there some way to find and delete such bobus local entries, either via LDAP commands or by directly querying and managing the local mdb instance?
Adds only work when performed by the rootDN. Likewise for Deletes. If your clients are using the rootDN for routine operation, you're doing something wrong.
openldap-technical@openldap.org