[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Proxycache overlay to back-ldap with cn=config

Sorry to bump on my own question...

Does anyone have an idea how I could solve this?



I'm trying to set up a proxy-cache to a couple of OpenLDAP servers configured in mirror mode.

The back-ldap part is working fine and I can query the underlying slapd instances through the proxy.

However, I'm still struggling with the caching bit.
I couldn't find any documentation or posts related to setting this up using the new cn=config way of configuring LDAP. So after some reading and a bit of guessing, I came up with the following config:

# {1}ldap, config
dn: olcDatabase={1}ldap,cn=config
objectClass: olcDatabaseConfig
objectClass: olcLDAPConfig
olcDatabase: {1}ldap
olcSuffix: dc=sol1,dc=net
olcAccess: {0}to dn.base="" by * read
olcAccess: {1}to dn.base="cn=Subschema" by * read
olcAccess: {2}to * by self write by users read by anonymous auth
olcRootDN: uid=ldapadmin,dc=sol1,dc=net
olcRootPW: secret
olcDbURI: "ldap:// ldap://"
olcDbACLBind: bindmethod=simple binddn="uid=ldapadmin,dc=sol1,dc=net" credentials="secret" starttls=no

# {0}pcache, {1}ldap, config
dn: olcOverlay={0}pcache,olcDatabase={1}ldap,cn=config
objectClass: olcOverlayConfig
objectClass: olcPcacheConfig
olcOverlay: {0}pcache
olcPcache: bdb 10000 3 1000 100
olcPcacheAttrset: 0 uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass
olcPcacheAttrset: 1 sudoCommand sudoHost
olcPcacheAttrset: 2 gidNumber
olcPcacheTemplate: (&(objectClass=)(uid=)) 0 300
olcPcacheTemplate: (sudoUser=) 1 300
olcPcacheTemplate: (&(objectClass=)(memberUid=)) 2 300

# {2}bdb, config
dn: olcDatabase={2}bdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcDatabase: {2}bdb
olcDbDirectory: /var/lib/ldap/cache
olcSuffix: cn=proxy
olcRootDN: uid=ldapadmin,dc=sol1,dc=net
olcDbCacheSize: 5000
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: objectClass eq
olcDbIndex: uid eq
olcDbIndex: cn eq
olcDbIndex: uidNumber eq
olcDbIndex: gidNumber eq
olcDbIndex: memberUid eq
olcDbIndex: uniqueMember eq
olcDbIndex: mail eq
olcDbIndex: surname eq
olcDbIndex: givenname eq
olcDbIndex: sambaSID eq
olcDbIndex: sambaPrimaryGroupSID eq
olcDbIndex: sambaDomainName eq
olcDbIndex: sudoUser eq

But running ldapsearch keeps returning:

# search result
search: 2
result: 52 Server is unavailable
text: pcachePrivDB: cacheDB not available

I didn't find any way to specify which database to use when declaring the overlay, apart from the 'bdb' part of olcPcache, but that seems to be interpreted as the database type, not its name (I've tried replacing it with cn=proxy, but that throws an error).

Looking at the pcache overlay source (I'm running 2.4.21 from Ubuntu Lucid and also checked the latest 2.4.23 stable source), I can see this bit:

{ "pcache-", "private database args",
        1, 0, STRLENOF("pcache-"), ARG_MAGIC|PC_PRIVATE_DB, pc_cf_gen,
        NULL, NULL, NULL },

That seems to be for the private DB options, but the other equivalent "pcacheXXXX" in this file have the corresponding attribute declaration for the schema instead of 'NULL, NULL, NULL'.

Anyway, I'm obviously missing something :)

If someone who's got this working or a developer could point me in the right direction, that would be greatly appreciated!