top of page
  • Marty Heyman

Thoughts on Translucency

Our EMC Partner’s Senior Architect has been out preaching the magic of translucency. When I mention that to folks, I get kind of a technical blank-stare. I guess its magic is too subtle to be obvious.

HP came up with the idea of translucency when we were doing the original Sun to OpenLDAP conversion. They were federating directories and wanted a way to store HP private data (or some organizational unit’s private data) in a federated directory for which they didn’t have update permission. And they didn’t necessarily want to share that private data with the other directory’s owner either!

This is a very common requirement. There are many shared directories, shared with careful access controls, for the convenience and benefit of both parties. But maintaining synchronized data private to one about entries in the other’s directory is complicated! Say you are perfectly willing to share a subset of your enterprise’s directory with us at Symas to simplify our tech-support interactions. And we want to make notes about the users we’re seeing in your directory. We can set up a sub-tree somewhere and build shadow records and write code to synchronize etc. … OR we can use the OpenLDAP Translucency Overlay that does that automagically for us.

The translucency overlay hasn’t been that popular but with EMC worrying about multi-tenancy and cloud issues, we’ve all found that the requirement pops up more and more frequently. It’s nice to know that it’s there.

84 views0 comments

Recent Posts

See All

Several years ago the OpenLDAP project “deprecated” the `memberof` overlay with preference for the `dynlist` (dynamic lists) overlay. This was done in the `memberof` “man page” and is not, therefore,

bottom of page