1 files changed, 24 insertions, 5 deletions

diff --git a/translucent.c b/translucent.c
index 4b4ddb8..f0ae4b6 100644
--- a/translucent.c
+++ b/translucent.c
@@ -43,6 +43,7 @@ typedef struct translucent_info {
 	int defer_db_open;
 	int bind_local;
 	int pwmod_local;
+	int bind_local_only;
 } translucent_info;
 
 static ConfigLDAPadd translucent_ldadd;
@@ -92,6 +93,12 @@ static ConfigTable translucentcfg[] = {
 	  "( OLcfgOvAt:14.6 NAME 'olcTranslucentPwModLocal' "
 	  "DESC 'Enable local RFC 3062 Password Modify extended operation' "
 	  "SYNTAX OMsBoolean SINGLE-VALUE)", NULL, NULL },
+	{ "translucet_bind_local_only", "on|off", 1, 2, 0,
+	  ARG_ON_OFF|ARG_OFFSET,
+	  (void *)offsetof(translucent_info, bind_local_only),
+	  "( OLcfgOvAt:14.7 NAME 'olcTranslucentBindLocalOnly' "
+	  "DESC 'Do not try to bind remote, if local entry exists' "
+	  "SYNTAX OMsBoolean SINGLE-VALUE)" , NULL, NULL },
 	{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
 };
 
@@ -1216,11 +1223,23 @@ static int translucent_bind(Operation *op, SlapReply *rs) {
 		op->o_callback = ≻
 	}
 
-	db = op->o_bd;
-	op->o_bd = &ov->db;
-	ov->db.be_acl = op->o_bd->be_acl;
-	rc = ov->db.bd_info->bi_op_bind(op, rs);
-	op->o_bd = db;
+	if (ov->bind_local_only) {
+		Entry *le;
+		rc = overlay_entry_get_ov(op, &op->o_req_ndn, NULL, NULL, 0, &le, on);
+		if (rc == LDAP_SUCCESS && le) {
+			// found local entry
+			overlay_entry_release_ov(op, le, 0, on);
+			rc = SLAP_CB_CONTINUE;
+		}
+	}
+
+	if (rc != SLAP_CB_CONTINUE) {
+		db = op->o_bd;
+		op->o_bd = &ov->db;
+		ov->db.be_acl = op->o_bd->be_acl;
+		rc = ov->db.bd_info->bi_op_bind(op, rs);
+		op->o_bd = db;
+	}
 
 	if (ov->bind_local) {
 		op->o_callback = save_cb;