[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: get_ava: illegal value with translucent proxy

> Ok, thanks for the clarification. I guess that my goal to have an Active
> Directory proxied properly is not going to happen. I would need a complete
> AD schema for OpenLDAP, and that's probably now available anywhere.

Well, this may not be entirely true, although I'm not 100% sure this works
as intended in your case.  In fact, slapd is relatively picky about
knowing a definition of entities it needs to use.  In your case, the
objectClass you're using in the filter, and any attribute you may use in a
filter.  However, as soon as data whose definition is not known are
returned by a proxy, slapd can live with them under the assumption they
won't be used for anything special.  So if you search an entry

dn: cn=Some Name,dc=some,dc=org
objectClass: fancyObject
cn: Some Name
fancyAttr: fancy stuff

using the objectClass or fancyAttr in the filter, they need to be known by
slapd; however, if you just search for anything below dc=some,dc=org, and
that entry is returned by the proxy, slapd will record fancyObject and
fancyAttr for future reference, although in a non-persistent manner (the
next time you start slapd you'll need it to learn again about their