[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: when use overlay translucent error



daydayeat wrote:
openldap-2.4.23
man slapo-translucent says:
If neither translucent_local nor translucent_remote are specified, the default
behavior is
to search the remote database with the complete search filter. If only
translucent_local is
specified, searches will only be run on the local database. Likewise, if only
translu-
cent_remote is specified, searches will only be run on the remote database. In
any case,
both the local and remote entries corresponding to a search result will be
merged before
being returned to the client.
but when i testï
local proxy conf:
#######################################################
# Primary database definitions
#######################################################
######################################################
#databse bdb
#####################################################
database bdb
suffix "dc=test,dc=com"
rootdn "cn=Manager,dc=test,dc=com"
rootpw "123456"
directory /usr/local/ldap/var/openldap-data
index objectClass eq
######################################################
#overlays
######################################################
overlay translucent
#translucent_remote street
#translucent_local street
uri ldap://remote:388
lastmod off
idassert-bind bindmethod=simple
binddn="cn=Manager,dc=test,dc=com"
######################################################
remote conf:
#######################################################
# Primary database definitions
#######################################################
database bdb
suffix "dc=test,dc=com"
rootdn "cn=Manager,dc=ec,dc=com"
rootpw "123456"
directory "/usr/local/ldap1/var/openldap-data"
index objectClass eq
#######################################################
remote database have a entry:
# 111, GF3, ec.com
dn: o=111,o=GF3,dc=test,dc=com
objectClass: organization
o: 111
street: remote
and in the local database change the street value:
# 111, GF3, ec.com
dn: o=111,o=GF3,dc=test,dc=com
objectClass: organization
o: 111
street: local
then change the value "translucent_remote and translucent_local" in the local
proxy confãDo search in local:
1 set "translucent_local street"
"ldapsearch -D "cn=Manager,dc=test,dc=com" -x -w 123456 -b "dc=test,dc=com"
street=local"
the result is:
# extended LDIF
#
# LDAPv3
# base <dc=test,dc=com> with scope subtree
# filter: street=local
# requesting: ALL
#
# 111, GF3, ec.com
dn: o=111,o=GF3,dc=ec,dc=com
objectClass: organization
o: 111
street: local
It is right.
2 set "translucent_remote street"
"ldapsearch -D "cn=Manager,dc=test,dc=com" -x -w 123456 -b "dc=test,dc=com"
street=local"
have no result.

Correct, because there is no entry matching "street=local" in the remote database.

"ldapsearch -D "cn=Manager,dc=test,dc=com" -x -w 123456 -b "dc=test,dc=com"
street=remote"
have no result
why?

Correct, because the entry matching "street=remote" in the remote database is overridden with "street=local" from the local database, and "local" doesn't match the search filter (street=remote) so the entry is not returned.

3 do not set any
"ldapsearch -D "cn=Manager,dc=test,dc=com" -x -w 123456 -b "dc=test,dc=com"
street=local"
have no result.
"ldapsearch -D "cn=Manager,dc=test,dc=com" -x -w 123456 -b "dc=test,dc=com"
street=remote"
have no result
why?

All correct for the same reasons as above.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/