How do I include uid/gid lookup caching to my openldap proxy server?
$ cat slapd.conf ### Schema includes ########################################################### include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/nis.schema
## Module paths ############################################################## modulepath /usr/lib64/openldap/ moduleload back_ldap
# Main settings ############################################################### pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args sizelimit unlimited
TLSCertificateFile /root/data/certs/ldap.crt TLSCertificateKeyFile /root/data/certs/ldap.key
### Database definition (Proxy to AD) ######################################### database ldap readonly yes protocol-version 3 rebind-as-user yes uri "ldaps://ldap.example.com:1636" suffix "ou=People,dc=example,dc=net" ### Logging ################################################################### loglevel 0
(ignore the other similar email with no subjects.. apologize)
On 1/26/19 3:04 AM, vadud3@gmail.com wrote:
How do I include uid/gid lookup caching to my openldap proxy server?
Overlay slapo-pcache was made exactly for that.
https://www.openldap.org/software/man.cgi?query=slapo-pcache
Did not use it myself yet though.
Ciao, Michael.
Am Fri, 25 Jan 2019 21:04:42 -0500 schrieb vadud3@gmail.com:
How do I include uid/gid lookup caching to my openldap proxy server?
$ cat slapd.conf ### Schema includes ########################################################### include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/nis.schema
## Module paths ############################################################## modulepath /usr/lib64/openldap/ moduleload back_ldap
# Main settings ############################################################### pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args sizelimit unlimited
TLSCertificateFile /root/data/certs/ldap.crt TLSCertificateKeyFile /root/data/certs/ldap.key
### Database definition (Proxy to AD) ######################################### database ldap readonly yes protocol-version 3 rebind-as-user yes uri "ldaps://ldap.example.com:1636" suffix "ou=People,dc=example,dc=net" ### Logging ################################################################### loglevel 0
Did you read slapo-pcache(5) ? For debugging use debug level pcache. Try something like:
database ldap ... overlay pcache pcache mdb 5000 2 500 3600 pcacheAttrset 0 uid gid pcacheTemplate (uid=) 0 10800 7200 directory /path/to/database index uid,gid eq
-Dieter
On Sun, Jan 27, 2019 at 5:40 AM Dieter Klünter dieter@dkluenter.de wrote:
Am Fri, 25 Jan 2019 21:04:42 -0500 schrieb vadud3@gmail.com:
How do I include uid/gid lookup caching to my openldap proxy server?
$ cat slapd.conf ### Schema includes ########################################################### include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/nis.schema
## Module paths ############################################################## modulepath /usr/lib64/openldap/ moduleload back_ldap
# Main settings ############################################################### pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args sizelimit unlimited
TLSCertificateFile /root/data/certs/ldap.crt TLSCertificateKeyFile /root/data/certs/ldap.key
### Database definition (Proxy to AD) ######################################### database ldap readonly yes protocol-version 3 rebind-as-user yes uri "ldaps://ldap.example.com:1636" suffix "ou=People,dc=example,dc=net" ### Logging ################################################################### loglevel 0
Did you read slapo-pcache(5) ? For debugging use debug level pcache. Try something like:
database ldap ... overlay pcache pcache mdb 5000 2 500 3600 pcacheAttrset 0 uid gid pcacheTemplate (uid=) 0 10800 7200 directory /path/to/database index uid,gid eq
I have not tried yet. I will try it at work, tomorrow
I will only need uid and mnetid from ldap. I use the uid as username and mnetid as the uid/gid of the user login in
-Dieter
-- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E
openldap-technical@openldap.org
-
Dieter Klünter -
Michael Ströder -
vadud3@gmail.com