Thanks, Howard. Your hint about translucent_local allowed me to solve the problem. I looked again at the actual query we were using. It had objectClass in the filter. In our translucent config we have objectClass as both translucent_local and translucent_remote. If I change the filter to something that isn't tagged with translucent_local then the remote entry is returned and there is no error from a local search.
Regards, Steve -----Original Message----- From: Howard Chu [mailto:[email protected]] Sent: Wednesday, July 10, 2013 11:40 AM To: Steve Eckmann; [email protected] Subject: Re: "No such object" error with translucent overlay and base scope search Steve Eckmann wrote: > We found that we get a "No such object" error from the translucent > overlay when we do a search like this: > > ldapsearch -x -H ldaps://localhost -LLL \ > > -b "cn=John Doe,ou=Users,dc=example,dc=com" -s base \ > > -D "cn=admin,dc=example,dc=com" -w admin \ > > '(&)' > > if there is no entry for "cn=John Doe,ou=Users,dc=example,dc=com" in > the local database, whether or not the remote entry exists. It seems > like a mistake for the translucent overlay to report an error if the > remote entry exists, since it only means that we haven't added any > local attributes yet. Is there a way to suppress the error result when > the proxied server returns an entry, so we don't have to hack around this > weirdness in our client? Re-read the slapo-translucent manpage, check your local/remote configuration. The overlay won't query the remote server if you've only specified translucent_local attributes. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
