Hello,
I'm playing with the slapo-pcache overlay (openldap-2.6.4). Using the folloging configuration:
``` # https://www.openldap.org/doc/admin26/guide.html#The%20Proxy%20Cache%20Engine database ldap suffix dc=dirx,dc=example rootdn dc=dirx,dc=example uri ldap://dirx.example/
overlay pcache pcache mdb 1000 2 1000 20 pcacheAttrset 0 DKIMSelector pcacheTemplate (&(DKIMDomain=)(DKIMActive=)(DKIMKeyType=)) 0 10 pcacheAttrset 1 DKIMDomain DKIMSelector DKIMKey pcacheTemplate (DKIMSelector=) 1 10
directory /spool/dc=dirx,dc=example
database ldap suffix dc=openldap,dc=example rootdn dc=openldap,dc=example uri ldap://openldap.example/
overlay pcache pcache mdb 1000 2 1000 20 pcacheAttrset 0 DKIMSelector pcacheTemplate (&(DKIMDomain=)(DKIMActive=)(DKIMKeyType=)) 0 10 pcacheAttrset 1 DKIMDomain DKIMSelector DKIMKey pcacheTemplate (DKIMSelector=) 1 10
directory /spool/dc=openldap,dc=example
```
One upstream server is DirX, the other openldap-2.6.4. Dirx don't work Openldap-cache is running with "slapd ... -d Config,Stats,pcache ..."
this are the logs from a failing attempt:
openldap-cache_1 | 643667a0.0584c8aa 0x7fa20ffff700 conn=1002 op=0 BIND dn="cn=reader,dc=dirx,dc=example" method=128 openldap-cache_1 | 643667a0.05b4d722 0x7fa20ffff700 conn=1002 op=0 BIND dn="cn=reader,dc=dirx,dc=example" mech=SIMPLE bind_ssf=0 ssf=71 openldap-cache_1 | 643667a0.05b5b312 0x7fa20ffff700 conn=1002 op=0 RESULT tag=97 err=0 qtime=0.000018 etime=0.003246 text= openldap-cache_1 | 643667a3.1cdab2c4 0x7fa214d35700 conn=1002 op=1 SRCH base="ou=Domains,dc=dirx,dc=example" scope=2 deref=0 filter="(&(DKIMDomain=dirxdomain.de)(DKIMActive=TRUE)(DKIMKeyType=rsa))" openldap-cache_1 | 643667a3.1cdada18 0x7fa214d35700 conn=1002 op=1 SRCH attr=DKIMSelector openldap-cache_1 | 643667a3.1cdb0450 0x7fa214d35700 query template of incoming query = (&(DKIMDomain=)(DKIMActive=)(DKIMKeyType=)) openldap-cache_1 | 643667a3.1cdb36bf 0x7fa214d35700 Entering QC, querystr = (&(DKIMDomain=dirxdomain)(DKIMActive=TRUE)(DKIMKeyType=rsa)) openldap-cache_1 | 643667a3.1cdb4254 0x7fa214d35700 Lock QC index = 0x5572682fc520 openldap-cache_1 | 643667a3.1cdb4e08 0x7fa214d35700 Not answerable: Unlock QC index=0x5572682fc520 openldap-cache_1 | 643667a3.1cdb5617 0x7fa214d35700 QUERY NOT ANSWERABLE openldap-cache_1 | 643667a3.1cdb5cec 0x7fa214d35700 QUERY CACHEABLE openldap-cache_1 | 643667a3.1d40534b 0x7fa214d35700 conn=1002 op=1 SEARCH RESULT tag=101 err=0 qtime=0.000014 etime=0.006697 nentries=0 text=
and for a query to the openldap backend it works:
openldap-cache_1 | 6436693c.35c382c5 0x7fa20ffff700 conn=1007 op=0 BIND dn="cn=reader,dc=openldap,dc=example" method=128 openldap-cache_1 | 6436693c.3663bbec 0x7fa20ffff700 conn=1007 op=0 BIND dn="cn=reader,dc=openldap,dc=example" mech=SIMPLE bind_ssf=0 ssf=71 openldap-cache_1 | 6436693c.36643fe0 0x7fa20ffff700 conn=1007 op=0 RESULT tag=97 err=0 qtime=0.000031 etime=0.010584 text= openldap-cache_1 | 64366940.08541952 0x7fa214d35700 conn=1007 op=1 SRCH base="ou=Domains,dc=openldap,dc=example" scope=2 deref=0 filter="(&(DKIMDomain=openldapdomain.de)(DKIMActive=TRUE)(DKIMKeyType=ed25519))" openldap-cache_1 | 64366940.08543f48 0x7fa214d35700 conn=1007 op=1 SRCH attr=DKIMSelector openldap-cache_1 | 64366940.0854686a 0x7fa214d35700 query template of incoming query = (&(DKIMDomain=)(DKIMActive=)(DKIMKeyType=)) openldap-cache_1 | 64366940.08547707 0x7fa214d35700 Entering QC, querystr = (&(DKIMDomain=openldapdomain.de)(DKIMActive=TRUE)(DKIMKeyType=ed25519)) openldap-cache_1 | 64366940.08547fde 0x7fa214d35700 Lock QC index = 0x5572682fda70 openldap-cache_1 | 64366940.08548a4b 0x7fa214d35700 Not answerable: Unlock QC index=0x5572682fda70 openldap-cache_1 | 64366940.0854925c 0x7fa214d35700 QUERY NOT ANSWERABLE openldap-cache_1 | 64366940.085499d1 0x7fa214d35700 QUERY CACHEABLE openldap-cache_1 | 64366940.0868a233 0x7fa214d35700 Added query expires at 1681287498 (POSITIVE) openldap-cache_1 | 64366940.0868bf3d 0x7fa214d35700 Lock AQ index = 0x5572682fda70 openldap-cache_1 | 64366940.0868cc0d 0x7fa214d35700 TEMPLATE 0x5572682fda70 QUERIES++ 1 openldap-cache_1 | 64366940.0868d3eb 0x7fa214d35700 Base of added query = ou=Domains,dc=openldap,dc=example openldap-cache_1 | 64366940.0868daa0 0x7fa214d35700 Unlock AQ index = 0x5572682fda70 openldap-cache_1 | 64366940.0868f2f2 0x7fa214d35700 UUID for query being added = 4d0928a8-6d56-103d-8d96-0b2b6342ea75 openldap-cache_1 | 64366940.092158fe 0x7fa214d35700 ENTRY ADDED/MERGED, CACHED ENTRIES=1 openldap-cache_1 | 64366940.09219238 0x7fa214d35700 STORED QUERIES = 1 openldap-cache_1 | 64366940.0921a8d6 0x7fa214d35700 conn=1007 op=1 SEARCH RESULT tag=101 err=0 qtime=0.000014 etime=0.013522 nentries=1 text=
If I run slapd with all Debug Logging enabled ( slapd ... -d -1 ...) I see, the DirX backend **do answer** with the expexted date but the log is so verbose, so I could not see a problem.
using ldapsearch directly against both backend servers I verified, the requested data are accessible.
One glitch I found in the Documentation at https://www.openldap.org/doc/admin26/guide.html#The%20Proxy%20Cache%20Engine Under "12.9.2.4. Example for slapd.conf" the is an Entry "cachesize 20" mentioned. If I enable this option, slapd fail to start:
openldap-cache_1 | 64366b51.0ec4f7d9 0x7f4f046423c0 /usr/local/etc/openldap/slapd.conf: line 45 (cachesize 20) openldap-cache_1 | 64366b51.0ec5f70a 0x7f4f046423c0 /usr/local/etc/openldap/slapd.conf: line 45: unknown directive <cachesize> inside backend database definition.
Is the documentation really correct?
Andreas