Are the translucent and memberof overlays supposed to work together? I have one mdb backend with “native” accounts, and another mdb backend for “remote” accounts using the translucent overlay to proxy a remote AD. I want to be able to add remote account entries to groups in the native branch and have a memberof
attribute automatically instantiated in the already added local entry associated with the remote entry. That isn’t happening, and what I see in the log is something like: memberof_value_modify DN="cn=xxx,ou=users,ou=remote,dc=example,dc=com" add myMemberOf="cn=myGroup,ou=Groups,ou=Native,dc=example,dc=com" failed err=32 The local objectClass for user entries has myMemberOf as a DN-valued attribute (I tried using the builtin “memberOf”, but when that didn’t work I thought there might be a conflict between the remote attribute name and the local attribute
name). I have the memberof overlay applied to both mdb backends. I guess what I’m trying to do is going across backends. Is that an incorrect/unsupported use of the memberof overlay? Thanks.
|