Is it expected that the translucent overlay returns a proxied entry but also a "No such object" error when a remote entry exists but the matching local entry does not exist? For example, if there is no local entry for user "John Doe", then the search:

ldapsearch -x -H ldaps://localhost -LLL \

-b "cn=John Doe,ou=Users,dc=example,DC=com" -s base \

-D "cn=admin,dc=example,dc=com" -w admin \

'(&)' cn mail manager

returns:

dn: cn=John Doe,ou=Users,dc=example,DC=com

cn: John Doe

mail: john.doe@example.com

manager: cn=Jane Smith,ou=Users,dc=example,DC=com

No such object (32)

In the slapd log I see:

conn=1000 op=9 SEARCH RESULT tag=101 err=32 nentries=1 text=

For comparison, the search:

ldapsearch -x -H ldaps://localhost -LLL -b dc=example,DC=com \

-s sub \

-D "cn=admin,dc=example,dc=com" -w admin \

'(cn=John Doe)' cn mail manager

returns the same entry and attributes but no error.

Should the client use the one entry and ignore the error, or is there some way to ask the translucent overlay to not return that error, or how should we handle this?

Thanks.

Steve