[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#4593) pcache proxyattrset/proxytemplate asterisk interpretation problem
Such a feature is not supported by the proxycache design. The algorithms
for determining query containment only work when all the attributes in
the query are known. Using "*" defeats these algorithms. This ITS will
be closed.
fredme@gmail.com wrote:
> Full_Name: Eugenio Grytsenko
> Version: 2.3.24
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (200.5.92.164)
>
>
> I am using openldap 2.3.24, my distro is Linux, and I configured the
> openldap server as metadirectory with pcache overlay and I have problems
> with the return of data when I specified "proxyattrset 4 *" with
> "proxytemplate". See three definitions of "proxytemplate" with index 4
> in my configuration file...
>
> The results are different when I do ldapsearch against localhost
> (metadirectory openldap) and the remote server (AAA.BBB.CCC.DDD):
>
> # BAD RESULT: METADIRECTORY (pcache)
> #
> # ldapsearch -x -LLL -h localhost -b c=argentina,o=myorg cn=fred
> === CUT HERE ===
> dn: cn=fred,ou=people,c=argentina,o=myorg
> cn: FRED
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: OXUserObject
> objectClass: extensibleObject
>
> === CUT HERE ===
>
> # GOOD RESULT: REMOTE (AAA.BBB.CCC.DDD)
> #
> # ldapsearch -x -LLL -h AAA.BBB.CCC.DDD -b c=argentina,o=myorg cn=fred
> === CUT HERE ===
> dn: cn=fred,ou=people,c=argentina,o=myorg
> lnetmailaccess: TRUE
> usercountry: Argentina
> maildomain: mail.myorg
> cn: FRED
> writeglobaladdressbook: TRUE
> objectclass: top
> objectclass: person
> objectclass: organizationalPerson
> objectclass: inetOrgPerson
> objectclass: posixAccount
> objectclass: OXUserObject
> objectclass: extensibleObject
> loginshell: /bin/bash
> oxtimezone: America/Buenos_Aires
> homedirectory: /home/FRED
> oxappointmentdays: 5
> oxtaskdays: 5
> oxgroupid: 500
> preferredlanguage: AR
> gidnumber: 500
> sn: SMITH
> givenname: FRED
> uidnumber: 1000
> mail: fred@mail.myorg
> mailenabled: ok
> uid: FRED
>
> === CUT HERE ===
>
>
> Here is my config file:
>
>
> === CUT HERE ===
> include /etc/openldap/schema/core.schema
> include /etc/openldap/schema/cosine.schema
> include /etc/openldap/schema/inetorgperson.schema
> include /etc/openldap/schema/misc.schema
> include /etc/openldap/schema/nis.schema
> include /etc/openldap/schema/openldap.schema
> include /etc/openldap/schema/ppolicy.schema
>
> include /etc/openldap/schema/openxchange.schema
> include /etc/openldap/schema/samba3.schema
>
> loglevel 256
> sizelimit unlimited
> idletimeout 360
>
> pidfile /var/run/slapd/run/slapd.pid
> argsfile /var/run/slapd/run/slapd.args
>
> modulepath /usr/libexec/openldap
> moduleload back_ldap.la
> moduleload pcache.la
> moduleload ppolicy.la
>
> #######################################################################
> # back_ldap database definitions
> #######################################################################
> database ldap
> suffix c=argentina,o=myorg
> rootdn c=argentina,o=myorg
> uri ldap://AAA.BBB.CCC.DDD:389
> idle-timeout 360
>
> #######################################################################
> # pcache overlay
> #######################################################################
> overlay pcache
> proxycache bdb 67108864 5 8192 21600
>
> proxyattrset 0 cn userPassword uidNumber gidNumber cn homeDirectory
> loginShell gecos description objectClass
> proxyattrset 1 cn userPassword memberUid uniqueMember gidNumber
> proxyattrset 2 objectClass uid uidNumber shadowLastChange shadowMin shadowMax
> shadowWarning shadowInactive shadowExpire shadowFlag
> proxyattrset 3 cn userPassword shadowLastChange shadowMax shadowMin
> shadowWarning shadowInactive shadowExpire shadowFlag
> proxyattrset 4 *
>
> proxytemplate (&(objectClass=)(uidNumber=)) 0 21600
> proxytemplate (&(objectClass=)(cn=)) 0 21600
> proxytemplate (objectClass=) 0 21600
> proxytemplate (&(objectClass=)(gidNumber=)) 1 21600
> proxytemplate (&(objectClass=)(memberUid=)) 1 21600
> proxytemplate (&(objectClass=)) 1 21600
> proxytemplate (&(objectClass=)(|(memberUid=)(uniqueMember=))) 1 21600
> proxytemplate (&(objectClass=)(cn=)) 1 21600
> proxytemplate (cn=) 2 21600
> proxytemplate (&(objectClass=)(cn=)) 3 21600
>
> ### rule to cache entire "getent passwd" and entire "ldapsearch -x" ###
> proxytemplate (objectClass=*) 4 21600
> proxytemplate (objectClass=) 4 21600
>
> ### test with ldapsearch:
> proxytemplate (cn=) 4 21600
>
>
> index objectClass eq
> index uid eq
> index uidNumber eq
> index gidNumber eq
> index memberUid eq
> index queryid eq
> index cn pres,eq,sub
> index entryUUID eq
>
> cachesize 16384
> directory /var/cache/slapd-pcache
> === CUT HERE ===
>
>
> When I tried to disable rule 4, all works fine, but I couldn't
> cache entire "getent passwd" (proxytemplate (objectClass=*) 4 21600), for
> example.
> I need something like "cache all data with filter (objectClass=*) without using
> any attributes".
>
> Any ideas?
> Thanks.
>
>
>
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/