On 22 Jun 2009, at 19:55, Tyler Gates wrote:
I've been running my openldap 2.4 proxy directory server using back_ldap and pcache in front of two masters for a few days and have been a little confused about why I'm not getting more "QUERY ANSWERED" messages in the logs considering all the "QUERY CACHED" messages. According to the script I wrote to parse the log file for certain key words, I'm seeing data like this:
I'm afraid I don't have any answers, but a couple of questions regarding the specifics....
Which version of openldap are you running?
Can you include the proxy-cache configuration from your slapd conf file?
Cheers Toby
-- The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336.
Hi Toby,
Version: [root@foo-proxy openldap2.4]# slapd2.4 -VV @(#) $OpenLDAP: slapd 2.4.11 (Jul 18 2008 17:58:12) $ bgmilne@build.telkomsa.net:/home/bgmilne/rpm/BUILD/openldap-2.4.11/servers/slapd
Config: include /usr/share/openldap2.4/schema/core.schema include /usr/share/openldap2.4/schema/cosine.schema include /usr/share/openldap2.4/schema/corba.schema include /usr/share/openldap2.4/schema/inetorgperson.schema include /usr/share/openldap2.4/schema/java.schema include /usr/share/openldap2.4/schema/krb5-kdc.schema include /usr/share/openldap2.4/schema/kerberosobject.schema include /usr/share/openldap2.4/schema/nis.schema include /usr/share/openldap2.4/schema/openldap.schema include /usr/share/openldap2.4/schema/autofs.schema include /usr/share/openldap2.4/schema/samba.schema include /usr/share/openldap2.4/schema/kolab.schema include /usr/share/openldap2.4/schema/evolutionperson.schema include /usr/share/openldap2.4/schema/calendar.schema include /usr/share/openldap2.4/schema/sudo.schema include /usr/share/openldap2.4/schema/dnszone.schema include /usr/share/openldap2.4/schema/dhcp.schema include /usr/share/openldap2.4/schema/ppolicy.schema include /usr/share/openldap2.4/schema/qmail.schema include /etc/openldap2.4/schema/puppet.schema
pidfile /var/run/ldap2.4/slapd.pid argsfile /var/run/ldap2.4/slapd.args
modulepath /usr/lib/openldap2.4
moduleload back_ldap.la moduleload pcache.la moduleload ppolicy.la
TLSCertificateFile /etc/ssl/openldap2.4/foo-proxy.crt TLSCertificateKeyFile /etc/ssl/openldap2.4/foo-proxy.key TLSCACertificateFile /etc/ssl/openldap2.4/foo-proxy.crt
loglevel config stats 4096
allow bind_anon_dn database ldap suffix "dc=foo,dc=com" rootdn "cn=Manager,dc=foo,dc=com"
rootpw {SSHA}ALUc1koiBv2A1rbsFKE/lR2MmJca7fiK uri "ldaps://foo1.domain.com ldaps://foo2.domain.com" overlay pcache proxycache bdb 100000 3 1000 100 proxyAttrset 0 uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description memberUid uniqueMember objectClass proxyAttrset 1 cn automountInformation proxyAttrset 2 cn mail proxyTemplate (&(objectClass=)(|(memberUid=)(uniqueMember=))) 0 1800 proxyTemplate (&(objectClass=)(uid=)) 0 1800 proxyTemplate (&(objectClass=)(cn=)) 0 1800 proxyTemplate (&(objectClass=)) 0 1800 proxyTemplate (objectClass=) 0 1800 proxyTemplate (&(objectClass=)(memberUid=)) 0 1800 900 proxyTemplate (&(objectClass=)(uniqueMember=)) 0 1800 900 proxyTemplate (&(objectClass=)(uidNumber=)) 0 1800 proxyTemplate (&(objectClass=)(gidNumber=)) 0 1800 proxyTemplate (&(objectClass=)(|(cn=)(gidNumber=))) 1 3600 600 proxyTemplate (&(objectClass=)(|(cn=)(cn=))) 1 3600 600 proxyTemplate (&(objectClass=)(|(cn=)(cn=)(cn=))) 1 3600 600 proxyTemplate (|(cn=)(mail=)(sn=)) 2 7200
directory /var/lib/ldap2.4
cachesize 1000 idlcachesize 1000 checkpoint 256 5
index objectClass eq index cn,mail,surname,givenname eq,subinitial index uidNumber,gidNumber,memberuid,member,uniqueMember eq index uid eq,subinitial index sambaSID,sambaDomainName,displayName eq index nisMapName,automountInformation eq index userPassword,homeDirectory,loginShell,gecos,description eq index queryId eq
overlay ppolicy ppolicy_default "cn=Password,ou=Policies,dc=foo,dc=com" ppolicy_use_lockout