Hi, I'm using 'meta' backend on openldap 2.2.26 with proxycache activated, but it is not working as I expected, let's suppose I have the following configuration:
proxyattrset 0 mail postaladdress telephonenumber proxytemplate (uid=) 0 3600
If I do a search "(uid=foo)" and 'foo' user exist on the external configured ldap server, the search is cached and the next time I try that search the result is obtained from cache, but if I do a search "(uid=bar)" and there is no entry with that uid, this "negative" result is not cached, and every time I try that search, slapd translates the search to the external ldap server. Is it somehow possible to configure slapd proxycache to cache searches with no results so slapd returns the client the answer instead asking external ldap server everytime?
Thanks in advance,
Dani.
Daniel Montero Motilla wrote:
but if I do a search "(uid=bar)" and there is no entry with that uid, this "negative" result is not cached, and every time I try that search, slapd translates the search to the external ldap server. Is it somehow possible to configure slapd proxycache to cache searches with no results so slapd returns the client the answer instead asking external ldap server everytime?
In short, proxycache cannot do that. We designed a totally different, custom approach to the operation you'd like to accomplish, and it can do what you're asking for, but it's a completely different business. Moreover, note that negative caching could be an issue if resulting from a search that returned nothing because performed with insufficient privileges: subsequent operations with adequate privileges would get nothing if the negative response were cached...
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati@sys-net.it ------------------------------------------
Pierangelo Masarati wrote:
Daniel Montero Motilla wrote:
but if I do a search "(uid=bar)" and there is no entry with that uid, this "negative" result is not cached, and every time I try that search, slapd translates the search to the external ldap server. Is it somehow possible to configure slapd proxycache to cache searches with no results so slapd returns the client the answer instead asking external ldap server everytime?
In short, proxycache cannot do that. We designed a totally different, custom approach to the operation you'd like to accomplish, and it can do what you're asking for, but it's a completely different business. Moreover, note that negative caching could be an issue if resulting from a search that returned nothing because performed with insufficient privileges: subsequent operations with adequate privileges would get nothing if the negative response were cached...
Not true, we added negative caching to proxycache in 2.3. See the slapo-pcache(5) manpage for the relevant configuration keywords.
Thank you two for your answer, I'll update to 2.3 and see what happens.
Greetings, Dani.
2006/10/11, Howard Chu hyc@symas.com:
Pierangelo Masarati wrote:
Daniel Montero Motilla wrote:
but if I do a search "(uid=bar)" and there is no entry with that uid, this "negative" result is not cached, and every time I try that search, slapd translates the search to the external ldap server. Is it somehow possible to configure slapd proxycache to cache searches with no results so slapd returns the client the answer instead asking external ldap server everytime?
In short, proxycache cannot do that. We designed a totally different, custom approach to the operation you'd like to accomplish, and it can do what you're asking for, but it's a completely different business. Moreover, note that negative caching could be an issue if resulting from a search that returned nothing because performed with insufficient privileges: subsequent operations with adequate privileges would get nothing if the negative response were cached...
Not true, we added negative caching to proxycache in 2.3. See the slapo-pcache(5) manpage for the relevant configuration keywords.
-- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc OpenLDAP Core Team http://www.openldap.org/project/
Howard Chu wrote:
Not true, we added negative caching to proxycache in 2.3. See the slapo-pcache(5) manpage for the relevant configuration keywords.
OK, I'm lagging behind (getting old...)
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati@sys-net.it ------------------------------------------
openldap-software@openldap.org
-
Daniel Montero Motilla -
Howard Chu -
Pierangelo Masarati