Am 31.03.23 um 20:05 schrieb Stefan Kania:
Hello,
I try to configure a proxy-server with back_meta connecting to to different AD-domains. I'm getting the result as expected if I do an ldapsearch. But now I want to add caching for the data, so I configured the following:
I now tried to set up the configuration via slapd.conf to see what will happen there here is my slapd.conf ------------- include /opt/symas/etc/openldap/schema/core.schema include /opt/symas/etc/openldap/schema/cosine.schema include /opt/symas/etc/openldap/schema/nis.schema include /opt/symas/etc/openldap/schema/misc.schema include /opt/symas/etc/openldap/schema/inetorgperson.schema include /opt/symas/etc/openldap/schema/msuser.schema
pidfile /var/symas/run/slapd.pid argsfile /var/symas/run/slapd.args
# Load dynamic backend modules: modulepath /opt/symas/lib/openldap moduleload back_mdb.la moduleload back_meta.la moduleload back_ldap.la moduleload argon2.la moduleload rwm.la moduleload pcache.la
sizelimit 500 loglevel any
####################################################################### # MDB database definitions #######################################################################
database meta suffix "dc=example,dc=net" rootdn "cn=admin,dc=example,dc=net" rootpw {ARGON2}$argon2i$v=19$m=4096,t=3,p=1$c2Rz4
uri "ldap://192.168.56.202/ou=org,dc=example,dc=net" readonly yes lastmod off suffixmassage "ou=org,dc=example,dc=net" "dc=example2,dc=org" map attribute uid sAMAccountName idassert-bind mode=none bindmethod=simple timeout=0 network-timeout=0 binddn="cn=proxy-orguser,cn=Users,dc=example2,dc=org" credentials="Passw0rd" keepalive=0:0:0 tls_reqcert=never tls_reqsan=allow idassert-authzFrom "*"
uri "ldap://192.168.56.203/ou=com,dc=example,dc=net" readonly yes lastmod off suffixmassage "ou=com,dc=example,dc=net" "dc=example3,dc=com" map attribute uid sAMAccountName idassert-bind mode=none bindmethod=simple timeout=0 network-timeout=0 binddn="cn=proxy-comuser,cn=Users,dc=example3,dc=com" credentials="Passw0rd" keepalive=0:0:0 tls_reqcert=never tls_reqsan=allow idassert-authzFrom "*"
overlay rwm
rwm-map attribute uid sAMAccountName
overlay pcache pcachePersist TRUE Pcache mdb 100000 2 1000 100 directory /var/symas/pcache cachesize 100 PcacheAttrset 0 uid PcacheAttrset 1 name PcacheTemplate (uid=) 0 3600
------------- As soon as I try to start slapd I got the following error: ------------------ /opt/symas/etc/openldap/slapd.conf: line 83 (overlay pcache) /opt/symas/etc/openldap/slapd.conf: line 84 (pcachePersist TRUE) /opt/symas/etc/openldap/slapd.conf: line 85 (Pcache mdb 100000 2 1000 100) mdb_db_init: Initializing mdb database Total # of attribute sets to be cached = 2. /opt/symas/etc/openldap/slapd.conf: line 86 (directory /var/symas/pcache) /opt/symas/etc/openldap/slapd.conf: line 87 (cachesize 100) /opt/symas/etc/openldap/slapd.conf: line 87: unknown directive <cachesize> inside backend database definition.
------------------ But the manpage slapo-pcache is telling me: --------- Directives for configuring the underlying database must also be given, as shown here:
directory /var/tmp/cache cachesize 100 --------- If I remove "cachesize 100" slapd will start but no data is cached.