Re: back_meta and overlay pcache

Sat, 01 Apr 2023 02:31:58 -0700 


Am 31.03.23 um 20:05 schrieb Stefan Kania:

Hello,


I try to configure a proxy-server with back_meta connecting to to 
different AD-domains. I'm getting the result as expected if I do an 
ldapsearch. But now I want to add caching for the data, so I configured 
the following:





I now tried to set up the configuration via slapd.conf to see what will 
happen there here is my slapd.conf

-------------
include /opt/symas/etc/openldap/schema/core.schema
include /opt/symas/etc/openldap/schema/cosine.schema
include /opt/symas/etc/openldap/schema/nis.schema
include /opt/symas/etc/openldap/schema/misc.schema
include /opt/symas/etc/openldap/schema/inetorgperson.schema
include /opt/symas/etc/openldap/schema/msuser.schema


pidfile         /var/symas/run/slapd.pid
argsfile        /var/symas/run/slapd.args

# Load dynamic backend modules:
modulepath      /opt/symas/lib/openldap
moduleload      back_mdb.la
moduleload      back_meta.la
moduleload      back_ldap.la
moduleload      argon2.la
moduleload      rwm.la
moduleload      pcache.la

sizelimit       500
loglevel any

#######################################################################
# MDB database definitions
#######################################################################

database meta
suffix "dc=example,dc=net"
rootdn "cn=admin,dc=example,dc=net"
rootpw {ARGON2}$argon2i$v=19$m=4096,t=3,p=1$c2Rz4

uri "ldap://192.168.56.202/ou=org,dc=example,dc=net";
readonly yes
lastmod off
suffixmassage "ou=org,dc=example,dc=net" "dc=example2,dc=org"
map attribute uid sAMAccountName
idassert-bind mode=none
    bindmethod=simple
    timeout=0
    network-timeout=0
    binddn="cn=proxy-orguser,cn=Users,dc=example2,dc=org"
    credentials="Passw0rd"
     keepalive=0:0:0
    tls_reqcert=never
    tls_reqsan=allow
idassert-authzFrom "*"

uri "ldap://192.168.56.203/ou=com,dc=example,dc=net";
readonly yes
lastmod off
suffixmassage "ou=com,dc=example,dc=net" "dc=example3,dc=com"
map attribute uid sAMAccountName
idassert-bind mode=none
    bindmethod=simple
    timeout=0
    network-timeout=0
    binddn="cn=proxy-comuser,cn=Users,dc=example3,dc=com"
    credentials="Passw0rd"
    keepalive=0:0:0
    tls_reqcert=never
    tls_reqsan=allow
idassert-authzFrom "*"


overlay rwm

rwm-map attribute uid sAMAccountName


overlay pcache
pcachePersist TRUE
Pcache mdb 100000 2 1000 100
directory /var/symas/pcache
cachesize 100
PcacheAttrset 0 uid
PcacheAttrset 1 name
PcacheTemplate (uid=) 0 3600

-------------
As soon as I try to start slapd I got the following error:
------------------
/opt/symas/etc/openldap/slapd.conf: line 83 (overlay pcache)
/opt/symas/etc/openldap/slapd.conf: line 84 (pcachePersist TRUE)
/opt/symas/etc/openldap/slapd.conf: line 85 (Pcache mdb 100000 2 1000 100)
mdb_db_init: Initializing mdb database
 Total # of attribute sets to be cached = 2.
 /opt/symas/etc/openldap/slapd.conf: line 86 (directory /var/symas/pcache)
/opt/symas/etc/openldap/slapd.conf: line 87 (cachesize 100)

 /opt/symas/etc/openldap/slapd.conf: line 87: unknown directive 
<cachesize> inside backend database definition.


------------------
But the manpage slapo-pcache is telling me:
---------

Directives for configuring the underlying database must also be given, 
as shown here:


              directory /var/tmp/cache
              cachesize 100
---------
If I remove "cachesize 100" slapd will start but no data is cached.




Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature






















					Reply via email to