Re: (ITS#6217) proxycache not returning cached data - openldap-bugs

6 Aug 2009


      This is a multi-part message in MIME format.
--------------050103000202040305030502
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
masarati@aero.polimi.it wrote:
...
This tells us you have some ACLs in place.  Could you show them? 
Actually, could you post your whole slapd.conf, if you're using any, or
the contents of your cn=config database?  Of course, after removing any
sensitive information, like passwords.
p.
Here are slapd.conf and proxycache.conf as attachments.
regards,
Jim vK
--------------050103000202040305030502
Content-Type: text/plain;
 name="slapd.conf"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="slapd.conf"
# oOpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.5 2002/11/26 18:26:01 kurt Exp $tdn
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include		/etc/opt/openldap/schema/DUAConfig.schema
include		/etc/opt/openldap/schema/misc.schema
include		/etc/opt/openldap/schema/core.schema
include		/etc/opt/openldap/schema/cosine.schema
include		/etc/opt/openldap/schema/inetorgperson.schema
include		/etc/opt/openldap/schema/solaris-nis.schema
include		/etc/opt/openldap/schema/solaris.schema
include		/etc/opt/openldap/schema/samba.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral	ldap://feathercraft.few.vu.nl
logfile		/var/log/openldap
threads 	8
pidfile		/var/opt/openldap/slapd.pid
argsfile	/var/opt/openldap/slapd.args
# Load dynamic backend modules:
modulepath	/opt/openldap/openldap-2.4.16/libexec/openldap
moduleload	back_bdb.la
moduleload	back_ldap.la
#moduleload	back_ldbm.la
#
# Sample security restrictions
#
#   Disallow clear text exchange of passwords
#disallow bind_simple_unprotected
#
#	Require integrity protection (prevent hijacking)
#	Require 112-bit (3DES or better) encryption for updates
#	Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
#	Root DSE: allow anyone to read it
#	Other DSEs:
#		Allow self write access
#		Allow authenticated users read access
#		Allow anonymous users to authenticate
#	Directives needed to implement policy:
# access to dn.base="" by * read
# access to *
#	by self write
#	by users read
#	by anonymous auth
#
# if no access controls are present, the default policy is:
#	Allow read by all
#
# rootdn can always write!
gentlehup	on
#TLSCipherSuite 		ALL:!EXP:!LOW:!ADH:@STRENGTH
#TLSCACertificateFile	/usr/local/ssl/certs/few-ca-cert.pem
#TLSCACertificatePath	/usr/local/ssl/certs
#TLSCertificateFile	/usr/local/ssl/certs/flits.few.vu.nl-cert.pem
#TLSCertificateKeyFile	/etc/opt/openldap/private/flits.few.vu.nl-key.rsa
#TLSVerifyClient		never
#######################################################################
# ldbm database definitions
#######################################################################
database	config
rootdn		"uid=Admin,cn=config"
rootpw          *
access to 	dn.subtree="cn=config"
    by	dn.exact="uid=Admin,cn=config" write
    by	*	read
database	monitor
rootdn		"uid=Admin,cn=Monitor"
rootpw          *
access to 	dn.subtree="cn=Monitor"
    by	dn.exact="uid=Admin,cn=Monitor" write
    by	*	read
include		/etc/opt/openldap/proxycache.conf
--------------050103000202040305030502
Content-Type: text/plain;
 name="proxycache.conf"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="proxycache.conf"
database	ldap
suffix		"dc=few,dc=vu,dc=nl"
rootdn		cn=Manager,dc=few,dc=vu,dc=nl
rootpw		*
tls start
uri		ldap://klondike.few.vu.nl
acl-bind	bindmethod=simple
    binddn="cn=sambaLdapManager,ou=Special Users,dc=few,dc=vu,dc=nl"
    credentials=*
sizelimit	unlimited
#loglevel	4095
overlay 	pcache
proxycache  	bdb 100000 10 1000 100
proxyAttrset	0 uid cn
proxyTemplate	(&(objectClass=)(uid=)) 0 1800 
proxyTemplate	(&(uid=)(objectClass=)) 0 1800
cachesize	10000
directory	/var/opt/openldap/openldap-data/proxy
access to * by * read
## required to support pdb_getsampwnam 
## required to support pdb_getsambapwrid() 
## uncomment these if you are storing posixAccount and 
## posixGroup entries in the directory as well 
### required by OpenLDAP
index objectclass eq
index cn pres,sub,eq
index sn pres,sub,eq
### required to support pdb_getsampwnam
index uid pres,sub,eq
### required to support pdb_getsambapwrid()
index displayName pres,sub,eq
### uncomment these if you are storing posixAccount and
### posixGroup entries in the directory as well
index uidNumber eq
index gidNumber eq
index memberUid eq
index sambaSid eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index queryId eq
index default sub
--------------050103000202040305030502--