[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: proxy cache not really caching?
> On 22 Jun 2009, at 19:55, Tyler Gates wrote:
>
> >> I've been running my openldap 2.4 proxy directory server using
> >> back_ldap and pcache in front of two masters for a few days and have
> >> been a little confused about why I'm not getting more "QUERY
> >> ANSWERED"
> >> messages in the logs considering all the "QUERY CACHED" messages.
> >> According to the script I wrote to parse the log file for certain key
> >> words, I'm seeing data like this:
>
> I'm afraid I don't have any answers, but a couple of questions
> regarding the specifics....
>
> Which version of openldap are you running?
>
> Can you include the proxy-cache configuration from your slapd conf file?
>
> Cheers
> Toby
>
>
> --
> The University of Edinburgh is a charitable body, registered in
> Scotland, with registration number SC005336.
>
Hi Toby,
Version:
[root@foo-proxy openldap2.4]# slapd2.4 -VV
@(#) $OpenLDAP: slapd 2.4.11 (Jul 18 2008 17:58:12) $
bgmilne@build.telkomsa.net:/home/bgmilne/rpm/BUILD/openldap-2.4.11/servers/slapd
Config:
include /usr/share/openldap2.4/schema/core.schema
include /usr/share/openldap2.4/schema/cosine.schema
include /usr/share/openldap2.4/schema/corba.schema
include /usr/share/openldap2.4/schema/inetorgperson.schema
include /usr/share/openldap2.4/schema/java.schema
include /usr/share/openldap2.4/schema/krb5-kdc.schema
include /usr/share/openldap2.4/schema/kerberosobject.schema
include /usr/share/openldap2.4/schema/nis.schema
include /usr/share/openldap2.4/schema/openldap.schema
include /usr/share/openldap2.4/schema/autofs.schema
include /usr/share/openldap2.4/schema/samba.schema
include /usr/share/openldap2.4/schema/kolab.schema
include /usr/share/openldap2.4/schema/evolutionperson.schema
include /usr/share/openldap2.4/schema/calendar.schema
include /usr/share/openldap2.4/schema/sudo.schema
include /usr/share/openldap2.4/schema/dnszone.schema
include /usr/share/openldap2.4/schema/dhcp.schema
include /usr/share/openldap2.4/schema/ppolicy.schema
include /usr/share/openldap2.4/schema/qmail.schema
include /etc/openldap2.4/schema/puppet.schema
pidfile /var/run/ldap2.4/slapd.pid
argsfile /var/run/ldap2.4/slapd.args
modulepath /usr/lib/openldap2.4
moduleload back_ldap.la
moduleload pcache.la
moduleload ppolicy.la
TLSCertificateFile /etc/ssl/openldap2.4/foo-proxy.crt
TLSCertificateKeyFile /etc/ssl/openldap2.4/foo-proxy.key
TLSCACertificateFile /etc/ssl/openldap2.4/foo-proxy.crt
loglevel config stats 4096
allow bind_anon_dn
database ldap
suffix "dc=foo,dc=com"
rootdn "cn=Manager,dc=foo,dc=com"
rootpw {SSHA}ALUc1koiBv2A1rbsFKE/lR2MmJca7fiK
uri "ldaps://foo1.domain.com ldaps://foo2.domain.com"
overlay pcache
proxycache bdb 100000 3 1000 100
proxyAttrset 0 uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description memberUid uniqueMember objectClass
proxyAttrset 1 cn automountInformation
proxyAttrset 2 cn mail proxyTemplate
(&(objectClass=)(|(memberUid=)(uniqueMember=))) 0 1800 proxyTemplate
(&(objectClass=)(uid=)) 0 1800 proxyTemplate (&(objectClass=)(cn=)) 0
1800 proxyTemplate (&(objectClass=)) 0 1800
proxyTemplate (objectClass=) 0 1800
proxyTemplate (&(objectClass=)(memberUid=)) 0 1800 900
proxyTemplate (&(objectClass=)(uniqueMember=)) 0 1800 900
proxyTemplate (&(objectClass=)(uidNumber=)) 0 1800
proxyTemplate (&(objectClass=)(gidNumber=)) 0 1800
proxyTemplate (&(objectClass=)(|(cn=)(gidNumber=))) 1 3600 600
proxyTemplate (&(objectClass=)(|(cn=)(cn=))) 1 3600 600
proxyTemplate (&(objectClass=)(|(cn=)(cn=)(cn=))) 1 3600 600
proxyTemplate (|(cn=)(mail=)(sn=)) 2 7200
directory /var/lib/ldap2.4
cachesize 1000
idlcachesize 1000
checkpoint 256 5
index objectClass eq
index cn,mail,surname,givenname eq,subinitial
index uidNumber,gidNumber,memberuid,member,uniqueMember eq
index uid eq,subinitial
index sambaSID,sambaDomainName,displayName eq
index nisMapName,automountInformation eq
index userPassword,homeDirectory,loginShell,gecos,description eq
index queryId eq
overlay ppolicy
ppolicy_default "cn=Password,ou=Policies,dc=foo,dc=com"
ppolicy_use_lockout