[Date Prev][Date Next]
Re: issues with proxycache overlay
Thomas Seifert wrote:
> Hi there,
> I'm trying to proxy and cache some ldap queries which would otherwise go
> to an
> IBM Tivoli Directory Server or another kind of ldap-server.
> Therefore I'm trying to use the pcache (proxycache) overlay in openldap
> Is there a problem with that setup so far?
> Would it need special
> adjustments to
> proxy another kind of ldap server than just openldap?
Maybe, depends on how willing to cooperate the proxied server is.
> I'm having the problem, that I only get back on ldapsearch against the
> # search result
> search: 2
> result: 32 No such object
> which seems to get as far as getting the user authenticated as I get
> another error
> if I enter wrong credentials ;).
> Needless to say that everything is returned correctly if I just change
> the hostname
> to the direct ldap server.
The above error seems to indicate that the proxy is unable to determine
what database can handle the requested search base. But you don't
provide enough information to help tracking your issue. A log of the
request by the proxy at "stats" level would have provided the required
> My config is as follows with is directly derived from the configuration:
> # proxycache settings
> database ldap
> suffix "o=domainname"
> rootdn "cn=Manager,o=domainname"
> uri ldap://hostname/o=domainname
^^^^ this is incorrect. As the man page clearly states, no "DN" portion
must be provided in the URI (you should have gotten a warning about it,
but who cares about warnings, eh? Next version it'll error out).
> overlay pcache
> proxycache bdb 100000 1 1000 100
> proxyAttrset 0 mail postaladdress telephonenumber
> proxyTemplate (sn=) 0 3600
> proxyTemplate (uid=) 0 3600
> proxyTemplate (&(sn=)(givenName=)) 0 3600
> proxyTemplate (&(departmentNumber=)(secretary=*)) 0 3600
> cachesize 20
> directory /usr/local/openldap-proxycache/var/openldap-data/db.2.a
> index objectClass eq
> index cn,sn,uid,mail pres,eq,sub
> Any ideas about this issue? Any way to further diagnose the problem?
> I assume that every non-cacheable query is sent to the proxied ldap
> server anyway and its results are returned directly?
Ing. Pierangelo Masarati
OpenLDAP Core Team
via Dossi, 8 - 27100 Pavia - ITALIA
Office: +39 02 23998309
Mobile: +39 333 4963172