<quote who="Howard Chu"> > Gavin Henry wrote: >> Julien Garnier wrote: >>> Gavin Henry a écrit : >>>> Yes, as I thought. Translucent doesn't return searches on local >>>> attributes. >>>> >>>> One for the to do list then. > > Yes... The original spec for this overlay only required the ability to > search > the remote DB. Searching both requires quite a lot more work.
I agree, after poking at the code with my beginner skills. > > One sticking point is that search filters need to be munged; if you send a > filter to the remote server and it mentions attributes that are only known > on > the local server, then you may not get any results back at all. (And vice > versa.) Right. > > E.g., if you have a remote entry containing > uid=foo > and the local translucent entry containing > cn=bar > > and you search for (&(uid=foo)(cn=bar)) then the search will return no > results > unless you rewrite the filter on both the local side and the remote side. > > A solution here would be to add config keywords to control how filters > should > be handled. For any attribute used in a filter, it may be remote only, > local > only, or both local and remote. That could work, as long as you have the correct indexes on local and remote so as not to be a complete hog. > > The processing would go something like - > for the remote search, walk through the filter and nullify any clauses > that > aren't in the list of remote attributes. If the filter collapses down to > nothing, skip the remote search. Otherwise, execute the search and keep a > list > of the results. Right. > for the local search, process the filter as above; if the filter > collapses, > skip the local search. Otherwise, execute the search and keep a list of > the > results. Right. > for each entry in the remote list, look for a corresponding entry in the > local list and the local DB. Merge the entries. > for each entry in the local list, do likewise. > merge the lists > reprocess the list using the original filter. > > Quite a lot of steps. Agreed. My original plan was to merge a remote with a local *and* use rwm to setup different ou etc. for Asterisk Voip accounts to try and map these users to any foreign Directory ;-) Stick rwm in the overlay stack somewhere for a laugh. Gavin.
