Content preview: Am Wed, 14 Oct 2015 06:51:22 +0200 schrieb Dieter Klünter
<***@dkluenter.de>: > Am Tue, 13 Oct 2015 11:26:02 -0400 > schrieb Christian
Tardif <***@servinfo.ca>: > > > > > > > Hi, > > > > I've been
trying to setup a caching proxy server with OpenLDAP for > > quite a long
time, and it seems, from what I can see right now, that > > the proxy stuff
is working (I can log on on a server that points to > > the proxy as its
LDAP server), but the caching stuff doesn't seem to > > work at all. EVERY
request I'm doing is transferred to the AD (the > > real LDAP server) behind
the proxy LDAP. > > > > Here's how my pcache module is set. Not too sure
though, how to > > setup pcacheTemplates. Maybe that my error. One thing to
note is > > that no database is even created in /var/tmp/cache directory,
as I > > would expect. > > > > > > moduleload pcache.la > > > > overlay pcache
150 > > index objectClass eq > > index sAMAccountName eq > > pcacheMaxQueries
100 > > pcacheAttrset 0 objectClass name objectSid > > pcacheAttrset 1 objectClass
sAMAccountName > > pcacheAttrset 2 * > > pcacheTemplate (&(member=)(objectClass=)(name=))
0 60 > > pcacheTemplate (objectClass=) 0 60 > > pcacheTemplate (&(objectSid=)(objectClass=)(name=))
0 60 > > pcacheTemplate > > (&(?sAMAccountName=)(?objectClass=)(sAMAccountName=)(objectSid=))
2 > > 60 pcacheTemplate (sAMAccountName=) 2 60 > > pcachePersist true > >
The pcache Template has to match the search filter and only the > referenced
attribute set is cached. [...]

Content analysis details: (-1.9 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: pcache.la]
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
X-BeenThere: openldap-***@openldap.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OpenLDAP Technical Discussion list <openldap-technical.openldap.org>
List-Unsubscribe: <http://www.openldap.org/lists/mm/options/openldap-technical>,
<mailto:openldap-technical-***@openldap.org?subject=unsubscribe>
List-Archive: <http://www.openldap.org/lists/openldap-technical/>
List-Post: <mailto:openldap-***@openldap.org>
List-Help: <mailto:openldap-technical-***@openldap.org?subject=help>
List-Subscribe: <http://www.openldap.org/lists/mm/listinfo/openldap-technical>,
<mailto:openldap-technical-***@openldap.org?subject=subscribe>
Errors-To: openldap-technical-***@openldap.org
Sender: "openldap-technical" <openldap-technical-***@openldap.org>
X-Spam-Score: -1.9 (-)
X-Spam-Report: Spam detection software, running on the system "gauss.openldap.net", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.

Content preview: Am Wed, 14 Oct 2015 06:51:22 +0200 schrieb Dieter Klünter
<***@dkluenter.de>: > Am Tue, 13 Oct 2015 11:26:02 -0400 > schrieb Christian
Tardif <***@servinfo.ca>: > > > > > > > Hi, > > > > I've been
trying to setup a caching proxy server with OpenLDAP for > > quite a long
time, and it seems, from what I can see right now, that > > the proxy stuff
is working (I can log on on a server that points to > > the proxy as its
LDAP server), but the caching stuff doesn't seem to > > work at all. EVERY
request I'm doing is transferred to the AD (the > > real LDAP server) behind
the proxy LDAP. > > > > Here's how my pcache module is set. Not too sure
though, how to > > setup pcacheTemplates. Maybe that my error. One thing to
note is > > that no database is even created in /var/tmp/cache directory,
as I > > would expect. > > > > > > moduleload pcache.la > > > > overlay pcache
150 > > index objectClass eq > > index sAMAccountName eq > > pcacheMaxQueries
100 > > pcacheAttrset 0 objectClass name objectSid > > pcacheAttrset 1 objectClass
sAMAccountName > > pcacheAttrset 2 * > > pcacheTemplate (&(member=)(objectClass=)(name=))
0 60 > > pcacheTemplate (objectClass=) 0 60 > > pcacheTemplate (&(objectSid=)(objectClass=)(name=))
0 60 > > pcacheTemplate > > (&(?sAMAccountName=)(?objectClass=)(sAMAccountName=)(objectSid=))
2 > > 60 pcacheTemplate (sAMAccountName=) 2 60 > > pcachePersist true > >
The pcache Template has to match the search filter and only the > referenced
attribute set is cached. [...]

Content analysis details: (-1.9 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: pcache.la]
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]

Am Wed, 14 Oct 2015 06:51:22 +0200
Additional info: you may run slapd in debugging mode pcache.

-Dieter

Got it. In fact, it seem that the implementation of pcache on CentOS is
just not working. A lot of strange behaviors. I did reinstall on Ubuntu
14.04 LTS, and it started working. One thing, though. It seems that some
attributes don't get cached, despite the fact that they are in the
pcacheAttrset referenced. Maybe because I'm using rwm as well to map
some attributes? Then, which fields should be in the pcacheAttrset? The
original attribute or the mapped one ? For example, I'm mapping
sAMAccountName to uid, and it tells me that uid is not in the cache.

Tks,

---

CHRISTIAN
-------------------------
(&(objectSid=)(objectClass=)(name=)) 0 60 pcacheTemplate (&(?sAMAccountName=)(?objectClass=)(sAMAccountName=)(objectSid=)) 2 60 pcacheTemplate (sAMAccountName=) 2 60 pcachePersist true