RE: translucent overlay - bogus local entries

[Steve Eckmann <steve.eckmann@issinc.com>]

Thanks for the tip, Howard. I'll get that fixed. It had not occurred to me that we could add local attributes without first explicitly adding a local entry. But now I see that ldapmodify works as desired.

-----Original Message-----
From: Howard Chu [mailto:hyc@symas.com] 
Sent: Sunday, May 19, 2013 8:02 AM
To: Steve Eckmann; openldap-technical@openldap.org
Subject: Re: translucent overlay - bogus local entries

Steve Eckmann wrote:
> We noticed that adding a local entry for which there is no 
> corresponding remote entry doesn't cause an error to be reported, but 
> the bogus local entry cannot then be found or deleted, as far as I can 
> tell. I realize it was a mistake to add such an entry, but is it 
> possible to configure the translucent overlay to prevent the client 
> from making this mistake, or is it up to the client to ensure a remote 
> entry exists before adding a local entry? And is there some way to 
> find and delete such bobus local entries, either via LDAP commands or by directly querying and managing the local mdb instance?

Adds only work when performed by the rootDN. Likewise for Deletes. If your clients are using the rootDN for routine operation, you're doing something wrong.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/