1 .TH SLAPO-TRANSLUCENT 5 "RELEASEDATE" "OpenLDAP LDVERSION"
2 .\" Copyright 2004-2008 The OpenLDAP Foundation All Rights Reserved.
3 .\" Copying restrictions apply. See COPYRIGHT/LICENSE.
6 slapo-translucent \- Translucent Proxy overlay to slapd
10 The Translucent Proxy overlay can be used with a backend database such as
12 to create a "translucent proxy". Entries retrieved from a remote LDAP
13 server may have some or all attributes overridden, or new attributes
14 added, by entries in the local database before being presented to the
19 operation is first populated with entries from the remote LDAP server, the
20 attributes of which are then overridden with any attributes defined in the
21 local database. Local overrides may be populated with the
26 operations, the use of which is restricted to the root user.
30 operation will perform a comparison with attributes defined in the local
31 database record (if any) before any comparison is made with data in the
34 The Translucent Proxy overlay uses a proxied database,
35 typically a (set of) remote LDAP server(s), which is configured with the options shown in
41 options are specific to the Translucent Proxy overlay; they must appear
44 directive that instantiates the
49 By default, attempts to delete attributes in either the local or remote
50 databases will be silently ignored. The
52 directive causes these modifications to fail with a Constraint Violation.
54 .B translucent_no_glue
55 This configuration option disables the automatic creation of "glue" records
60 operation, such that all parents of an entry added to the local database
61 must be created by hand. Glue records are always created for a
65 .B translucent_local <attr[,attr...]>
66 Specify a list of attributes that should be searched for in the local database
67 when used in a search filter. By default, search filters are only handled by
68 the remote database. With this directive, search filters will be split into a
69 local and remote portion, and local attributes will be searched locally.
71 .B translucent_remote <attr[,attr...]>
72 Specify a list of attributes that should be searched for in the remote database
73 when used in a search filter. This directive complements the
75 directive. Attributes may be specified as both local and remote if desired.
81 are specified, the default behavior is to search the remote database with the
82 complete search filter. If only
84 is specified, searches will only be run on the local database. Likewise, if only
86 is specified, searches will only be run on the remote database. In any case, both
87 the local and remote entries corresponding to a search result will be merged
88 before being returned to the client.
91 .B translucent_bind_local
92 Enable looking for locally stored credentials for simple bind when binding
93 to the remote database fails.
96 Access control is delegated to either the remote DSA(s) or to the local database
102 It is delegated to the remote DSA(s) and to the frontend for
105 Local access rules involving data returned by the remote DSA(s) should be designed
106 with care. In fact, entries are returned by the remote DSA(s) only based on the
107 remote fraction of the data, based on the identity the operation is performed as.
108 As a consequence, local rules might only be allowed to see a portion
113 The Translucent Proxy overlay will disable schema checking in the local database,
114 so that an entry consisting of overlay attributes need not adhere to the
117 Because the translucent overlay does not perform any DN rewrites, the local
118 and remote database instances must have the same suffix. Other configurations
119 will probably fail with No Such Object and other errors.
123 default slapd configuration file
projects / openldap / blob