zacc_lxy wrote: > Dear openldap experts, > > Recently, we are trying to setup a Openldap proxy using translucent overlay. > The proxy was configured successfully and we can read remote ldap contents > through > local proxy. > Following the official instruction: > https://www.openldap.org/doc/admin24/overlays.html?spm=5176.28103460.0.0.38f97d832DJg25#Translucent%20Proxy, > we could see > that for the basic attributes we fetched them from remote ldap server, > whereas for the new attributes we fetched them from local mdb database. > > However, we met a special scenario that the instruction didn't mention, and > we didn't know how to fulfill it : > (1) Assuming there is a user stored in remote ldap server > user.ldif > dn:uid=user1,ou=People,dc=mydomain,dc=com > uid:user1 > cn:user1 > objectClass:account > objectClass:posixAccount > objectClass:top > objectClass:shadowAccount > (2) We would like to add a new attribute in proxy (local mdb database) > user_new.ldif > dn:uid=user1,ou=People,dc=mydomain,dc=com > changetype: modify > add: objectClass > objectClass: sambaSamAccount > > The difference was that: the objectClass consists of multiple lines, and > account/posixAccount/top/shadowAccount was stored in remote, we just wanted > to add a > new lines for sambaSamAccount in local mdb. > > If I execute user_new.ldif then the user1 became that only contained > objectClass: sambaSamAccount and account/posixAccount/top/shadowAccount was > disappeared. > > Is there a way to fulfill that ?
As the documentation states, the translucent overlay will completely override a remote attribute with a local one. If you want those additional values in objectclass, put all of them in the local copy. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
