2005-03-10 11:13:24 +08:00
|
|
|
.TH SLAPO-TRANSLUCENT 5 "RELEASEDATE" "OpenLDAP LDVERSION"
|
2008-01-08 08:19:56 +08:00
|
|
|
.\" Copyright 2004-2008 The OpenLDAP Foundation All Rights Reserved.
|
2005-03-10 11:13:24 +08:00
|
|
|
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
|
|
|
|
.\" $OpenLDAP$
|
|
|
|
.SH NAME
|
2007-07-25 03:11:39 +08:00
|
|
|
slapo-translucent \- Translucent Proxy overlay to slapd
|
2005-03-10 11:13:24 +08:00
|
|
|
.SH SYNOPSIS
|
|
|
|
ETCDIR/slapd.conf
|
|
|
|
.SH DESCRIPTION
|
2005-03-10 12:35:57 +08:00
|
|
|
The Translucent Proxy overlay can be used with a backend database such as
|
2005-03-10 11:13:24 +08:00
|
|
|
.BR slapd-bdb (5)
|
|
|
|
to create a "translucent proxy". Entries retrieved from a remote LDAP
|
|
|
|
server may have some or all attributes overridden, or new attributes
|
|
|
|
added, by entries in the local database before being presented to the
|
|
|
|
client.
|
|
|
|
.LP
|
|
|
|
A
|
|
|
|
.BR search
|
|
|
|
operation is first populated with entries from the remote LDAP server, the
|
|
|
|
attributes of which are then overridden with any attributes defined in the
|
|
|
|
local database. Local overrides may be populated with the
|
|
|
|
.BR add ,
|
|
|
|
.B modify ,
|
|
|
|
and
|
|
|
|
.B modrdn
|
|
|
|
operations, the use of which is restricted to the root user.
|
|
|
|
.LP
|
|
|
|
A
|
|
|
|
.BR compare
|
|
|
|
operation will perform a comparison with attributes defined in the local
|
|
|
|
database record (if any) before any comparison is made with data in the
|
|
|
|
remote database.
|
|
|
|
.SH CONFIGURATION
|
2005-03-10 12:35:57 +08:00
|
|
|
The Translucent Proxy overlay uses a remote LDAP server which is configured
|
2005-03-10 11:13:24 +08:00
|
|
|
with the options shown in
|
|
|
|
.BR slapd-ldap (5).
|
|
|
|
These
|
|
|
|
.B slapd.conf
|
2007-12-15 05:40:19 +08:00
|
|
|
options are specific to the Translucent Proxy overlay; they must appear
|
2005-03-10 11:13:24 +08:00
|
|
|
after the
|
|
|
|
.B overlay
|
2007-11-28 02:49:23 +08:00
|
|
|
directive.
|
2005-03-10 11:13:24 +08:00
|
|
|
.TP
|
|
|
|
.B translucent_strict
|
|
|
|
By default, attempts to delete attributes in either the local or remote
|
|
|
|
databases will be silently ignored. The
|
|
|
|
.B translucent_strict
|
|
|
|
directive causes these modifications to fail with a Constraint Violation.
|
|
|
|
.TP
|
|
|
|
.B translucent_no_glue
|
|
|
|
This configuration option disables the automatic creation of "glue" records
|
|
|
|
for an
|
|
|
|
.B add
|
|
|
|
or
|
|
|
|
.B modrdn
|
|
|
|
operation, such that all parents of an entry added to the local database
|
|
|
|
must be created by hand. Glue records are always created for a
|
|
|
|
.B modify
|
|
|
|
operation.
|
2007-12-15 05:40:19 +08:00
|
|
|
.TP
|
|
|
|
.B translucent_local <attr[,attr...]>
|
|
|
|
Specify a list of attributes that should be searched for in the local database
|
|
|
|
when used in a search filter. By default, search filters are only handled by
|
|
|
|
the remote database. With this directive, search filters will be split into a
|
|
|
|
local and remote portion, and local attributes will be searched locally.
|
|
|
|
.TP
|
|
|
|
.B translucent_remote <attr[,attr...]>
|
|
|
|
Specify a list of attributes that should be searched for in the remote database
|
|
|
|
when used in a search filter. This directive complements the
|
|
|
|
.B translucent_local
|
|
|
|
directive. Attributes may be specified as both local and remote if desired.
|
|
|
|
.LP
|
|
|
|
If neither
|
|
|
|
.B translucent_local
|
|
|
|
nor
|
|
|
|
.B translucent_remote
|
|
|
|
are specified, the default behavior is to search the remote database with the
|
|
|
|
complete search filter. If only
|
|
|
|
.B translucent_local
|
|
|
|
is specified, searches will only be run on the local database. Likewise, if only
|
|
|
|
.B translucent_remote
|
|
|
|
is specified, searches will only be run on the remote database. In any case, both
|
|
|
|
the local and remote entries corresponding to a search result will be merged
|
|
|
|
before being returned to the client.
|
|
|
|
|
2008-09-09 18:50:51 +08:00
|
|
|
.TP
|
|
|
|
.B translucent_bind_local
|
|
|
|
Enable looking for locally stored credentials for simple bind when binding
|
|
|
|
to the remote database fails.
|
|
|
|
|
2005-03-10 11:13:24 +08:00
|
|
|
.SH CAVEATS
|
|
|
|
.LP
|
2005-03-10 12:35:57 +08:00
|
|
|
The Translucent Proxy overlay will disable schema checking in the local database,
|
2005-03-10 11:13:24 +08:00
|
|
|
so that an entry consisting of overlay attributes need not adhere to the
|
|
|
|
complete schema.
|
|
|
|
.LP
|
|
|
|
Because the translucent overlay does not perform any DN rewrites, the local
|
|
|
|
and remote database instances must have the same suffix. Other configurations
|
|
|
|
will probably fail with No Such Object and other errors.
|
|
|
|
.SH FILES
|
|
|
|
.TP
|
|
|
|
ETCDIR/slapd.conf
|
|
|
|
default slapd configuration file
|
|
|
|
.SH SEE ALSO
|
|
|
|
.BR slapd.conf (5),
|
|
|
|
.BR slapd-ldap (5).
|