Re: (ITS#6217) proxycache not returning cached data - openldap-bugs

4 Aug 2009


      masarati@aero.polimi.it wrote:
...
...
hyc@symas.com wrote:
...
The filter behavior you're describing was noted in ITS#5756, fixed in
January.
If it was fixed in January, why does openldap-2.4.16 (20090411) still
exhibit the described behaviour?
Did you actually try to swap the order of the filters, and did it work? 
Since Howard fixed ITS#5756, you might be experiencing something
different.
Also, can you check whether you're actually using 2.4.16?  According to
the changelog, the fix to ITS#5756 was released with 2.4.14.
p.
I am using 2.4.16. The problem is, that caching seems to work for some 
entries but not for others. It is not related to the order of the filter 
rules. Here is what happens:  (lines starting with *** are my comments)
**** slapd is started showing version, query templates and attributes
bash-2.05# ./slapd -d 4096
@(#) $OpenLDAP: slapd 2.4.16 (Jun 30 2009 16:56:26) $
jim@flits:/net/build.sparc/management/openldap/openldap-2.4.16/servers/slapd
/opt/openldap/openldap-2.4.16/etc/openldap/slapd.conf: line 78: rootdn 
is always granted unlimited privileges.
/opt/openldap/openldap-2.4.16/etc/openldap/slapd.conf: line 85: rootdn 
is always granted unlimited privileges.
Total # of attribute sets to be cached = 10.
Template:
   query template: (&(objectClass=)(uid=))
   attributes:
         uid
         cn
Template:
   query template: (&(uid=)(objectClass=))
   attributes:
         uid
         cn
slapd starting
*** Now I enter a search in another window
bash-2.05$ /usr/local/bin/ldapsearch -x -h localhost 
'(&(objectClass=sambaSamAccount)(uid=wvk))' uid cn
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: (&(objectClass=sambaSamAccount)(uid=wvk))
# requesting: uid cn
#
# wvk, People, few.vu.nl
dn: uid=wvk,ou=People,dc=few,dc=vu,dc=nl
uid: wvk
cn: wvk
*** requested attributes are returned as expected
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
*** Output of slapd for this search *****
query template of incoming query = (&(objectClass=)(uid=))
Entering QC, querystr = (&(objectClass=sambaSamAccount)(uid=wvk))
Lock QC index = 31e698
Not answerable: Unlock QC index=31e698
QUERY NOT ANSWERABLE
QUERY CACHEABLE
Added query expires at 1249416628 (POSITIVE)
Lock AQ index = 31e698
TEMPLATE 31e698 QUERIES++ 1
Unlock AQ index = 31e698
Base of added query = dc=few,dc=vu,dc=nl
UUID for query being added = 68ab725c-157a-102e-87a7-cd469e2cf913
ENTRY ADDED/MERGED, CACHED ENTRIES=0
STORED QUERIES = 1
*** same search is repeated
bash-2.05$ /usr/local/bin/ldapsearch -x -h localhost 
'(&(objectClass=sambaSamAccount)(uid=wvk))' uid cn
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: (&(objectClass=sambaSamAccount)(uid=wvk))
# requesting: uid cn
#
*** Note that nothing is returned
# search result
search: 2
result: 0 Success
# numResponses: 1
*** Output of slapd for the second search ****
query template of incoming query = (&(objectClass=)(uid=))
Entering QC, querystr = (&(objectClass=sambaSamAccount)(uid=wvk))
Lock QC index = 31e698
QUERY ANSWERABLE
*** For another uid it works perfectly.
/usr/local/bin/ldapsearch -x -h localhost 
'(&(objectClass=sambaSamAccount)(uid=jim))' uid cn
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: (&(objectClass=sambaSamAccount)(uid=jim))
# requesting: uid cn
#
# jim, People, few.vu.nl
dn: uid=jim,ou=People,dc=few,dc=vu,dc=nl
uid: jim
cn: W. van Keulen
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
bash-2.05$ /usr/local/bin/ldapsearch -x -h localhost 
'(&(objectClass=sambaSamAccount)(uid=jim))' uid cn
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: (&(objectClass=sambaSamAccount)(uid=jim))
# requesting: uid cn
#
# jim, People, few.vu.nl
dn: uid=jim,ou=People,dc=few,dc=vu,dc=nl
uid: jim
cn: W. van Keulen
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
bash-2.05
*** Output of slapd for second case
$bash-2.05# ./slapd -d 4096
@(#) $OpenLDAP: slapd 2.4.16 (Jun 30 2009 16:56:26) $
jim@flits:/net/build.sparc/management/openldap/openldap-2.4.16/servers/slapd
/opt/openldap/openldap-2.4.16/etc/openldap/slapd.conf: line 78: rootdn 
is always granted unlimited privileges.
/opt/openldap/openldap-2.4.16/etc/openldap/slapd.conf: line 85: rootdn 
is always granted unlimited privileges.
Total # of attribute sets to be cached = 10.
Template:
   query template: (&(objectClass=)(uid=))
   attributes:
         uid
         cn
Template:
   query template: (&(uid=)(objectClass=))
   attributes:
         uid
         cn
slapd starting
query template of incoming query = (&(objectClass=)(uid=))
Entering QC, querystr = (&(objectClass=sambaSamAccount)(uid=jim))
Lock QC index = 31e698
Not answerable: Unlock QC index=31e698
QUERY NOT ANSWERABLE
QUERY CACHEABLE
Added query expires at 1249417816 (POSITIVE)
Lock AQ index = 31e698
TEMPLATE 31e698 QUERIES++ 1
Unlock AQ index = 31e698
Base of added query = dc=few,dc=vu,dc=nl
UUID for query being added = 2c8d245c-157d-102e-87c5-e7c795cd8bf5
ENTRY ADDED/MERGED, CACHED ENTRIES=0
STORED QUERIES = 1
query template of incoming query = (&(objectClass=)(uid=))
Entering QC, querystr = (&(objectClass=sambaSamAccount)(uid=jim))
Lock QC index = 31e698
QUERY ANSWERABLE
There is no difference if I reverse the filter. It works for
some uid's, but not for others.
Regards,
Jim