[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: merging local and remote attributes

To: Howard Chu <hyc@symas.com>
Subject: Re: merging local and remote attributes
From: Hugo Monteiro <hugo.monteiro@fct.unl.pt>
Date: Tue, 22 Feb 2011 10:16:58 +0000
Cc: openldap-technical@openldap.org
In-reply-to: <4D631A51.9080901@symas.com>
References: <4D62F6A7.609@fct.unl.pt> <4D631A51.9080901@symas.com>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; PT-pt; rv:1.9.2.15pre) Gecko/20110207 Shredder/3.1.9pre

On 02/22/2011 02:07 AM, Howard Chu wrote:

Hugo Monteiro wrote:

Hello list,

I have been trying to use translucent overlay to merge attributes
between a remote and a local server (both 2.4.23).

  From the slapo-translucent man page i read:

"Attributes may be specified as both local and remote if desired."

and

"In any case, both the local and remote entries corresponding to a
search result will be merged before being returned to the client."

The thing is that if i specify an attribute (objectclass) to be both
local and remote, i can only get/search for the local entries. Choosing
either separately will work as advertised though.

Again, i ask if this is a bug, a subtlety i have missed or this is not
supposed to work with objectClass attribute?



Hello Howard,

Re-read the manpage. 1st paragraph.

    "Entries  retrieved
from a remote LDAP server may have some or all attributesoverridden,or new attributes added, by entries in the local databasebefore being
       presented to the client."

This overlay does not merge attributes, it replaces them.

In that case, i would understand that if i specified the objectClassattribute to be both remote and local, i would be able to performqueries which would match locally stored values, and in the event thatthere wasn't any satifying stored values, then the query would be madeon the remote database.



in slapd.conf i have

translucent_remoteobjectClass,description,sambaLMPassword,sambaNTPasswordtranslucent_localdescription,objectClass,sambaSID,sambaPrimaryGroupSID,sambaAcctFlags,sambaHomeDrive,sambaHomePath,sambaLogonScript,sambaProfilePath,sambaAcctFlags,sambaPwdLastSet,sambaPwdCanChange,sambaPwdMustChange,sambaLogonTime,sambaLogoffTime,sambaKickoffTime,sambaBadPasswordCount,sambaBadPasswordTime,sambaLogonHours,sambaHomeDrive,sambaLogonScript,sambaProfilePath,sambaUserWorkstations,sambaHomePath,sambaDomainName,sambaMungedDial,sambaPasswordHistory,sambaSID,sambaPrimaryGroupSID,sambaSIDList,sambaGroupType,sambaNextUserRid,sambaNextGroupRid,sambaNextRid,sambaAlgorithmicRidBase



and as an example:


ldapsearch -b "ou=grupos,dc=fct,dc=unl,dc=pt" -h remoteserver -x "(cn=agt)"
# extended LDIF
#
# LDAPv3
# base <ou=grupos,dc=fct,dc=unl,dc=pt> with scope subtree
# filter: (cn=agt)
# requesting: ALL
#

# 0, grupos, fct.unl.pt
dn: uniqueIdentifier=0,ou=grupos,dc=fct,dc=unl,dc=pt
displayName: agentes
cn: agt
uniqueIdentifier: 0
gidNumber: 1000
objectClass: top
objectClass: grupoUNL
objectClass: posixGroup

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1



ldapsearch -b "ou=grupos,dc=fct,dc=unl,dc=pt" -h localhost -x "(cn=agt)"
# extended LDIF
#
# LDAPv3
# base <ou=grupos,dc=fct,dc=unl,dc=pt> with scope subtree
# filter: (cn=agt)
# requesting: ALL
#

# 0, grupos, fct.unl.pt
dn: uniqueIdentifier=0,ou=grupos,dc=fct,dc=unl,dc=pt
displayName: agentes
cn: agt
uniqueIdentifier: 0
gidNumber: 1000
objectClass: top
objectClass: grupoUNL
objectClass: posixGroup
objectClass: sambaGroupMapping
sambaSID: S-1-5-21-1327543176-3185848629-1254536839-1000
sambaGroupType: 2

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1


So far so good. But when i try to filter per objectClass:

ldapsearch -b "ou=grupos,dc=fct,dc=unl,dc=pt" -h localhost -x"(&(objectClass=sambaGroupMapping)(cn=agt))"

# extended LDIF
#
# LDAPv3
# base <ou=grupos,dc=fct,dc=unl,dc=pt> with scope subtree
# filter: (&(objectClass=sambaGroupMapping)(cn=agt))
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1


Hopefully i was able to explain the hurt that i'm feeling. =)

I am i wrong to assume that local rewrites don't go beyond the entryretrieval? If this is not the role for translucent, is there any otherway i can accomplish this?



Regards,

Hugo Monteiro.

--
fct.unl.pt:~# cat .signature

Hugo Monteiro
Email	 : hugo.monteiro@fct.unl.pt
Telefone : +351 212948300 Ext.15307
Web      : http://hmonteiro.net

Divisão de Informática
Faculdade de Ciências e Tecnologia da
		   Universidade Nova de Lisboa
Quinta da Torre   2829-516 Caparica   Portugal
Telefone: +351 212948596   Fax: +351 212948548
www.fct.unl.pt                apoio@fct.unl.pt

fct.unl.pt:~# _

Follow-Ups:
- Re: merging local and remote attributes [SOLVED]
  - From: Hugo Monteiro <hugo.monteiro@fct.unl.pt>

References:
- merging local and remote attributes
  - From: Hugo Monteiro <hugo.monteiro@fct.unl.pt>
- Re: merging local and remote attributes
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: merging local and remote attributes
Next by Date: Re: merging local and remote attributes [SOLVED]
Index(es):
- Chronological
- Thread