Wonderful help. It showed that I wasn't indexing the attribute I was querying. That is done and now the debug level responds with QUERY ANSWERABLE. Looks like the proxy is actually working.
Well, almost. If the master server is there, it returns with the answer and all looks good. If the master server isn't there for the proxy, the proxy still responds in debug with QUERY ANSWERABLE, but blocks after that. This causes ldapsearch to stay blocked as well.
Why would a proxy still check with the master If the proxy is working? I want to use this to relieve processing from the master.
It also gets back to the other part of my problem. Since it seems to block indefinitely, how can I set a decent timeout for slapd?
Again, thanks for the help so far.
Nathan
------------------------------ Date: Mon, 14 Jan 2008 10:09:53 +0100 From: "Dieter Kluenter" dieter@dkluenter.de Subject: Re: query timeout and proxytemplate To: openldap-software@openldap.org Message-ID: 87hchglqn2.fsf@magenta.l4b.de Content-Type: text/plain; charset=utf-8
"Nathan Morrow" nmorrow@spotswood.org writes:
Two questions for the group
I am running slapd as a ldap proxy which is working fine. I have tried idetimeout and idle-timeout to shorten the query if the tcp connection isn?t there for the proxy, but the connection still seems to hang indefinitely. Again, it works fine when the master ldap server is there.
overlay pcache
proxyCache bdb 100000 1 1000 100
proxyAttrset 0 proxyAddresses
proxyTemplate (&(objectClass=)(proxyAddresses=)) 0 3600
The query (that works when the master server is available) below, doesn?t work when the same request is made after that and the server isn?t there. But that shouldn?t matter if the cache were used. Alas, no luck.
ldapsearch -x -D 'CN=MTA,OU=Restricted,DC=fake,DC=com? -b 'OU=Staff,DC=fake,DC=com' -l 5 -Z "(& (objectClass=person)(proxyAddresses=SMTP:user@fake.com))" proxyAddresses
In order to test the proxy caching function run your proxy slapd with -d pcache.
-Dieter
"Nathan Morrow" nmorrow@spotswood.org writes:
Wonderful help. It showed that I wasn't indexing the attribute I was querying. That is done and now the debug level responds with QUERY ANSWERABLE. Looks like the proxy is actually working.
Well, almost. If the master server is there, it returns with the answer and all looks good. If the master server isn't there for the proxy, the proxy still responds in debug with QUERY ANSWERABLE, but blocks after that. This causes ldapsearch to stay blocked as well.
Does ldapsearch present the results? or is it waiting for results? I have testest it myself now, if I disable my master, proxycache ist still answering and presenting search results, unless a request is not answerable then ldasearch gets 'result: 52 Server is unavailable', so I cannot reproduce your problem. You may change the debug mode to pcache,stats or pcache,stats2 to see what's going on.
Why would a proxy still check with the master If the proxy is working? I want to use this to relieve processing from the master.
It also gets back to the other part of my problem. Since it seems to block indefinitely, how can I set a decent timeout for slapd?
ldapsearch -l, or see man slapd-ldap(5) for network-timeout and idle-timeout.
-Dieter
openldap-software@openldap.org
-
Dieter Kluenter -
Nathan Morrow