[Date Prev][Date Next] [Chronological] [Thread] [Top]

Proxycache overlay to back-ldap with cn=config

To: openldap-technical@openldap.org
Subject: Proxycache overlay to back-ldap with cn=config
From: Nicolas Brisac <nico@sol1.com.au>
Date: Thu, 29 Jul 2010 20:23:47 +1000 (EST)
In-reply-to: <1246003900.4241.1280396075903.JavaMail.root@subsect>

Hi, 

I'm trying to set up a proxy-cache to a couple of OpenLDAP servers configured in mirror mode. 

The back-ldap part is working fine and I can query the underlying slapd instances through the proxy. 

However, I'm still struggling with the caching bit. 
I couldn't find any documentation or posts related to setting this up using the new cn=config way of configuring LDAP. So after some reading and a bit of guessing, I came up with the following config: 

# {1}ldap, config 
dn: olcDatabase={1}ldap,cn=config 
objectClass: olcDatabaseConfig 
objectClass: olcLDAPConfig 
olcDatabase: {1}ldap 
olcSuffix: dc=sol1,dc=net 
olcAccess: {0}to dn.base="" by * read 
olcAccess: {1}to dn.base="cn=Subschema" by * read 
olcAccess: {2}to * by self write by users read by anonymous auth 
olcRootDN: uid=ldapadmin,dc=sol1,dc=net 
olcRootPW: secret 
olcDbURI: "ldap://192.168.200.12 ldap://192.168.200.14"; 
olcDbACLBind: bindmethod=simple binddn="uid=ldapadmin,dc=sol1,dc=net" credentials="secret" starttls=no 

# {0}pcache, {1}ldap, config 
dn: olcOverlay={0}pcache,olcDatabase={1}ldap,cn=config 
objectClass: olcOverlayConfig 
objectClass: olcPcacheConfig 
olcOverlay: {0}pcache 
olcPcache: bdb 10000 3 1000 100 
olcPcacheAttrset: 0 uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass 
olcPcacheAttrset: 1 sudoCommand sudoHost 
olcPcacheAttrset: 2 gidNumber 
olcPcacheTemplate: (&(objectClass=)(uid=)) 0 300 
olcPcacheTemplate: (sudoUser=) 1 300 
olcPcacheTemplate: (&(objectClass=)(memberUid=)) 2 300 

# {2}bdb, config 
dn: olcDatabase={2}bdb,cn=config 
objectClass: olcDatabaseConfig 
objectClass: olcBdbConfig 
olcDatabase: {2}bdb 
olcDbDirectory: /var/lib/ldap/cache 
olcSuffix: cn=proxy 
olcRootDN: uid=ldapadmin,dc=sol1,dc=net 
olcDbCacheSize: 5000 
olcDbConfig: {0}set_cachesize 0 2097152 0 
olcDbConfig: {1}set_lk_max_objects 1500 
olcDbConfig: {2}set_lk_max_locks 1500 
olcDbConfig: {3}set_lk_max_lockers 1500 
olcDbIndex: objectClass eq 
olcDbIndex: uid eq 
olcDbIndex: cn eq 
olcDbIndex: uidNumber eq 
olcDbIndex: gidNumber eq 
olcDbIndex: memberUid eq 
olcDbIndex: uniqueMember eq 
olcDbIndex: mail eq 
olcDbIndex: surname eq 
olcDbIndex: givenname eq 
olcDbIndex: sambaSID eq 
olcDbIndex: sambaPrimaryGroupSID eq 
olcDbIndex: sambaDomainName eq 
olcDbIndex: sudoUser eq 


But running ldapsearch keeps returning: 


# search result 
search: 2 
result: 52 Server is unavailable 
text: pcachePrivDB: cacheDB not available 


I didn't find any way to specify which database to use when declaring the overlay, apart from the 'bdb' part of olcPcache, but that seems to be interpreted as the database type, not its name (I've tried replacing it with cn=proxy, but that throws an error).

Looking at the pcache overlay source (I'm running 2.4.21 from Ubuntu Lucid and also checked the latest 2.4.23 stable source), I can see this bit:

{ "pcache-", "private database args",
        1, 0, STRLENOF("pcache-"), ARG_MAGIC|PC_PRIVATE_DB, pc_cf_gen,
        NULL, NULL, NULL },

That seems to be for the private DB options, but the other equivalent "pcacheXXXX" in this file have the corresponding attribute declaration for the schema instead of 'NULL, NULL, NULL'.

Anyway, I'm obviously missing something :)


If someone who's got this working or a developer could point me in the right direction, that would be greatly appreciated!

Thanks, 
Nico

Prev by Date: delta-sync replication slave quitting problem - not a single retry
Next by Date: Hmm. No one seems to be able to answer my question about SSL connections
Index(es):
- Chronological
- Thread