Thanks for the tip, Howard. I'll get that fixed. It had not occurred to me that we could add local attributes without first explicitly adding a local entry. But now I see that ldapmodify works as desired.
-----Original Message----- From: Howard Chu [mailto:[email protected]] Sent: Sunday, May 19, 2013 8:02 AM To: Steve Eckmann; [email protected] Subject: Re: translucent overlay - bogus local entries Steve Eckmann wrote: > We noticed that adding a local entry for which there is no > corresponding remote entry doesn't cause an error to be reported, but > the bogus local entry cannot then be found or deleted, as far as I can > tell. I realize it was a mistake to add such an entry, but is it > possible to configure the translucent overlay to prevent the client > from making this mistake, or is it up to the client to ensure a remote > entry exists before adding a local entry? And is there some way to > find and delete such bobus local entries, either via LDAP commands or by > directly querying and managing the local mdb instance? Adds only work when performed by the rootDN. Likewise for Deletes. If your clients are using the rootDN for routine operation, you're doing something wrong. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
