Hey,
On 21.03.2013 01:25, brendan kearney wrote:
> does that mean caching will be ineffective or will not
> occur? because i have things like dns zone info and the kerberos database
> in my DIT, it would be a great benefit to get caching working. i am not
> opposed to changing the backend if needed, but dont know what pros and cons
> are to each backend type. i simply used hdb to learn with.
I have no experience with using a pcache for a hdb or any other backend
than ldap so far. I assume that using a db to cache entries from another
db of the same or similiar type is somewhat ineffective though - maybe
one of the devs can share insight into this.
For DNS entries I would recommend setting up a slapd with ldap backend
(your ldap server) and pcache overlay with db of your choice on the dns
server. That way you can cache the more common requests on the dns
server in the pcache and only incur a small delay for the uncached ones.
I assume you do not have the master slapd on your dns server. Another
solution might be to partially replicate the dit. I guess its a matter
of your liking in the end.
I have no experience with using ldap as a kerberos db but I guess
replicating that data or even caching it at the client side might be a
bit insecure depending on what is actually stored in the ldap. Otoh the
kerberos db is usually only queried on tgt creation and for service
tickets so I would assume the slapd will be able to handle the traffic
without caching. I assume you have setup proper indexing for the db ;)
> next, with the examples you give below, it looks like you build at least
> one level / layer more than i do with my attempt. i am not sure what i
> would need to do to create this structure. your example creates an ldap
> backend, adds the overlay to the ldap backend, and adds the cache database
> to the overlay. because i have an hdb backend, would i want / need to
> create a separate ldap backend? could i use the existing hdb backend?
> this is really just for learning right now...
As the manpage says, the pcache overlay is mainly desgined for ldap and
meta backends... I assume you can use it with a hdb, i.e. replace my
example ldap backend database with a hdb. Not sure as said above if this
will result in a performance boost. Otoh you could setup your slapd to
store its data in a hdb as usual and then add an additional ldap backend
db with caching that uses the same server. Not sure if that makes sense
though.
E.g.:
# the actual database to store data in
dn: olcDatabase={2}hdb,cn=config
...
# your ldap backend you want to cache for, pointing to this server
dn: olcDatabase={3}ldap,cn=config
...
# the pcache overlay
dn: olcOverlay={0}pcache,olcDatabase={3}ldap,cn=config
...
# the pcache overlay db
dn: olcDatabase=hdb,olcOverlay={0}pcache,olcDatabase={3}ldap,cn=config
...
objectClass: olcPcacheDatabase
olcDbDirectory: /var/lib/ldap/pcache
olcDbIndex: pcacheQueryID eq
hth :)
--
Technische Universität Berlin - FGINET
Bernd May
System Administration
An-Institut Deutsche Telekom Laboratories
Sekr. TEL 16
Ernst-Reuter-Platz 7
10587 BERLIN
GERMANY
Mobile: 0160/90257737
E-Mail: bernd@net.t-labs.tu-berlin.de (T-Labs work)
WWW: net.t-labs.tu-berlin.de
Attachment:
signature.asc
Description: OpenPGP digital signature