[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: merging local and remote attributes [SOLVED]



On 02/22/2011 10:16 AM, Hugo Monteiro wrote:
On 02/22/2011 02:07 AM, Howard Chu wrote:
Hugo Monteiro wrote:
Hello list,

I have been trying to use translucent overlay to merge attributes
between a remote and a local server (both 2.4.23).

  From the slapo-translucent man page i read:

"Attributes may be specified as both local and remote if desired."

and

"In any case, both the local and remote entries corresponding to a
search result will be merged before being returned to the client."

The thing is that if i specify an attribute (objectclass) to be both
local and remote, i can only get/search for the local entries. Choosing
either separately will work as advertised though.

Again, i ask if this is a bug, a subtlety i have missed or this is not
supposed to work with objectClass attribute?



Hello Howard,

Re-read the manpage. 1st paragraph.

    "Entries  retrieved
from a remote LDAP server may have some or all attributes overridden, or new attributes added, by entries in the local database before being
       presented to the client."

This overlay does not merge attributes, it replaces them.



In that case, i would understand that if i specified the objectClass attribute to be both remote and local, i would be able to perform queries which would match locally stored values, and in the event that there wasn't any satifying stored values, then the query would be made on the remote database.


in slapd.conf i have

translucent_remote objectClass,description,sambaLMPassword,sambaNTPassword translucent_local description,objectClass,sambaSID,sambaPrimaryGroupSID,sambaAcctFlags,sambaHomeDrive,sambaHomePath,sambaLogonScript,sambaProfilePath,sambaAcctFlags,sambaPwdLastSet,sambaPwdCanChange,sambaPwdMustChange,sambaLogonTime,sambaLogoffTime,sambaKickoffTime,sambaBadPasswordCount,sambaBadPasswordTime,sambaLogonHours,sambaHomeDrive,sambaLogonScript,sambaProfilePath,sambaUserWorkstations,sambaHomePath,sambaDomainName,sambaMungedDial,sambaPasswordHistory,sambaSID,sambaPrimaryGroupSID,sambaSIDList,sambaGroupType,sambaNextUserRid,sambaNextGroupRid,sambaNextRid,sambaAlgorithmicRidBase


and as an example:


ldapsearch -b "ou=grupos,dc=fct,dc=unl,dc=pt" -h remoteserver -x "(cn=agt)"
# extended LDIF
#
# LDAPv3
# base <ou=grupos,dc=fct,dc=unl,dc=pt> with scope subtree
# filter: (cn=agt)
# requesting: ALL
#

# 0, grupos, fct.unl.pt
dn: uniqueIdentifier=0,ou=grupos,dc=fct,dc=unl,dc=pt
displayName: agentes
cn: agt
uniqueIdentifier: 0
gidNumber: 1000
objectClass: top
objectClass: grupoUNL
objectClass: posixGroup

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1



ldapsearch -b "ou=grupos,dc=fct,dc=unl,dc=pt" -h localhost -x "(cn=agt)"
# extended LDIF
#
# LDAPv3
# base <ou=grupos,dc=fct,dc=unl,dc=pt> with scope subtree
# filter: (cn=agt)
# requesting: ALL
#

# 0, grupos, fct.unl.pt
dn: uniqueIdentifier=0,ou=grupos,dc=fct,dc=unl,dc=pt
displayName: agentes
cn: agt
uniqueIdentifier: 0
gidNumber: 1000
objectClass: top
objectClass: grupoUNL
objectClass: posixGroup
objectClass: sambaGroupMapping
sambaSID: S-1-5-21-1327543176-3185848629-1254536839-1000
sambaGroupType: 2

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1


So far so good. But when i try to filter per objectClass:


ldapsearch -b "ou=grupos,dc=fct,dc=unl,dc=pt" -h localhost -x "(&(objectClass=sambaGroupMapping)(cn=agt))"
# extended LDIF
#
# LDAPv3
# base <ou=grupos,dc=fct,dc=unl,dc=pt> with scope subtree
# filter: (&(objectClass=sambaGroupMapping)(cn=agt))
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1


Hopefully i was able to explain the hurt that i'm feeling. =)

I am i wrong to assume that local rewrites don't go beyond the entry retrieval? If this is not the role for translucent, is there any other way i can accomplish this?


Regards,

Hugo Monteiro.



To reply myself, the problem relied on indexes. Running slapindex fixed things.

Best Regards and sorry for the noise,

Hugo Monteiro.

--
fct.unl.pt:~# cat .signature

Hugo Monteiro
Email	 : hugo.monteiro@fct.unl.pt
Telefone : +351 212948300 Ext.15307
Web      : http://hmonteiro.net

Divisão de Informática
Faculdade de Ciências e Tecnologia da
		   Universidade Nova de Lisboa
Quinta da Torre   2829-516 Caparica   Portugal
Telefone: +351 212948596   Fax: +351 212948548
www.fct.unl.pt                apoio@fct.unl.pt

fct.unl.pt:~# _