openldap-2.4.23 man slapo-translucent says: If neither translucent_local nor translucent_remote are specified, the default behavior is to search the remote database with the complete search filter. If only translucent_local is specified, searches will only be run on the local database. Likewise, if only translu- cent_remote is specified, searches will only be run on the remote database. In any case, both the local and remote entries corresponding to a search result will be merged before being returned to the client.
but when i test: local proxy conf:
####################################################### # Primary database definitions ####################################################### ###################################################### #databse bdb ##################################################### database bdb suffix "dc=test,dc=com" rootdn "cn=Manager,dc=test,dc=com" rootpw "123456" directory /usr/local/ldap/var/openldap-data index objectClass eq ###################################################### #overlays ###################################################### overlay translucent #translucent_remote street #translucent_local street uri ldap://remote:388 lastmod off idassert-bind bindmethod=simple binddn="cn=Manager,dc=test,dc=com" ######################################################
remote conf:
####################################################### # Primary database definitions ####################################################### database bdb suffix "dc=test,dc=com" rootdn "cn=Manager,dc=ec,dc=com" rootpw "123456" directory "/usr/local/ldap1/var/openldap-data"
index objectClass eq #######################################################
remote database have a entry:
# 111, GF3, ec.com dn: o=111,o=GF3,dc=test,dc=com objectClass: organization o: 111 street: remote
and in the local database change the street value:
# 111, GF3, ec.com dn: o=111,o=GF3,dc=test,dc=com objectClass: organization o: 111 street: local
then change the value "translucent_remote and translucent_local" in the local proxy conf。Do search in local: 1 set "translucent_local street" "ldapsearch -D "cn=Manager,dc=test,dc=com" -x -w 123456 -b "dc=test,dc=com" street=local" the result is: # extended LDIF # # LDAPv3 # base <dc=test,dc=com> with scope subtree # filter: street=local # requesting: ALL # # 111, GF3, ec.com dn: o=111,o=GF3,dc=ec,dc=com objectClass: organization o: 111 street: local It is right. 2 set "translucent_remote street" "ldapsearch -D "cn=Manager,dc=test,dc=com" -x -w 123456 -b "dc=test,dc=com" street=local" have no result. "ldapsearch -D "cn=Manager,dc=test,dc=com" -x -w 123456 -b "dc=test,dc=com" street=remote" have no result why? 3 do not set any "ldapsearch -D "cn=Manager,dc=test,dc=com" -x -w 123456 -b "dc=test,dc=com" street=local" have no result. "ldapsearch -D "cn=Manager,dc=test,dc=com" -x -w 123456 -b "dc=test,dc=com" street=remote" have no result why?
daydayeat wrote:
openldap-2.4.23 man slapo-translucent says: If neither translucent_local nor translucent_remote are specified, the default behavior is to search the remote database with the complete search filter. If only translucent_local is specified, searches will only be run on the local database. Likewise, if only translu- cent_remote is specified, searches will only be run on the remote database. In any case, both the local and remote entries corresponding to a search result will be merged before being returned to the client. but when i test: local proxy conf: ####################################################### # Primary database definitions ####################################################### ###################################################### #databse bdb ##################################################### database bdb suffix "dc=test,dc=com" rootdn "cn=Manager,dc=test,dc=com" rootpw "123456" directory /usr/local/ldap/var/openldap-data index objectClass eq ###################################################### #overlays ###################################################### overlay translucent #translucent_remote street #translucent_local street uri ldap://remote:388 lastmod off idassert-bind bindmethod=simple binddn="cn=Manager,dc=test,dc=com" ###################################################### remote conf: ####################################################### # Primary database definitions ####################################################### database bdb suffix "dc=test,dc=com" rootdn "cn=Manager,dc=ec,dc=com" rootpw "123456" directory "/usr/local/ldap1/var/openldap-data" index objectClass eq ####################################################### remote database have a entry: # 111, GF3, ec.com dn: o=111,o=GF3,dc=test,dc=com objectClass: organization o: 111 street: remote and in the local database change the street value: # 111, GF3, ec.com dn: o=111,o=GF3,dc=test,dc=com objectClass: organization o: 111 street: local then change the value "translucent_remote and translucent_local" in the local proxy conf。Do search in local: 1 set "translucent_local street" "ldapsearch -D "cn=Manager,dc=test,dc=com" -x -w 123456 -b "dc=test,dc=com" street=local" the result is: # extended LDIF # # LDAPv3 # base <dc=test,dc=com> with scope subtree # filter: street=local # requesting: ALL # # 111, GF3, ec.com dn: o=111,o=GF3,dc=ec,dc=com objectClass: organization o: 111 street: local It is right. 2 set "translucent_remote street" "ldapsearch -D "cn=Manager,dc=test,dc=com" -x -w 123456 -b "dc=test,dc=com" street=local" have no result.
Correct, because there is no entry matching "street=local" in the remote database.
"ldapsearch -D "cn=Manager,dc=test,dc=com" -x -w 123456 -b "dc=test,dc=com" street=remote" have no result why?
Correct, because the entry matching "street=remote" in the remote database is overridden with "street=local" from the local database, and "local" doesn't match the search filter (street=remote) so the entry is not returned.
3 do not set any "ldapsearch -D "cn=Manager,dc=test,dc=com" -x -w 123456 -b "dc=test,dc=com" street=local" have no result. "ldapsearch -D "cn=Manager,dc=test,dc=com" -x -w 123456 -b "dc=test,dc=com" street=remote" have no result why?
All correct for the same reasons as above.
openldap-technical@openldap.org
-
daydayeat -
Howard Chu