Is it expected that the translucent overlay returns a proxied entry but also a "No such object" error when a remote entry exists but the matching local entry does not exist? For example, if there is no local entry for user "John Doe", then the search:
ldapsearch -x -H ldaps://localhost -LLL \
-b "cn=John Doe,ou=Users,dc=example,DC=com" -s base \
-D "cn=admin,dc=example,dc=com" -w admin \
'(&)' cn mail manager
returns:
dn: cn=John Doe,ou=Users,dc=example,DC=com
cn: John Doe
mail: john.doe@example.com
manager: cn=Jane Smith,ou=Users,dc=example,DC=com
No such object (32)
In the slapd log I see:
conn=1000 op=9 SEARCH RESULT tag=101 err=32 nentries=1 text=
For comparison, the search:
ldapsearch -x -H ldaps://localhost -LLL -b dc=example,DC=com \
-s sub \
-D "cn=admin,dc=example,dc=com" -w admin \
'(cn=John Doe)' cn mail manager
returns the same entry and attributes but no error.
Should the client use the one entry and ignore the error, or is there some way to ask the translucent overlay to not return that error, or how should we handle this?
Thanks.
Steve
openldap-technical@openldap.org