I'm testing the openldap cache module pcache with OpenLDAP 2.6 on Debian11 (symas-packages). The proxy has the following config: (I'm testing caching so no security is set) -------------- include /opt/symas/etc/openldap/schema/core.schema include /opt/symas/etc/openldap/schema/cosine.schema include /opt/symas/etc/openldap/schema/nis.schema include /opt/symas/etc/openldap/schema/inetorgperson.schema pidfile /var/symas/run/slapd.pid argsfile /var/symas/run/slapd.args loglevel any modulepath /opt/symas/lib/openldap moduleload back_mdb.la moduleload argon2.la moduleload back_ldap moduleload pcache sizelimit 500 tool-threads 1 database ldap suffix "dc=example,dc=net" uri "ldap://ldap-server.example.net" rootdn "cn=admin,dc=example,dc=net" protocol-version 3 rebind-as-user overlay pcache pcachePersist TRUE pcache mdb 100000 2 1000 100 pcacheAttrset 0 mail postaladdress telephonenumber givenname pcacheAttrset 1 uid employeetype pcacheTemplate (sn=) 0 3600 pcacheTemplate (&(sn=)(givenName=)) 0 3600 pcacheTemplate (&(departmentNumber=)(secretary=*)) 0 3600 directory /var/symas/cache index objectclass eq index uid,cn,sn,mail,givenname pres,eq,sub -------------- The following host are involved:
ldap-server<----->ldap-proxy<----->ldap-client The ldap-client can only access the ldap-proxy. (ldap.conf ist pointing to the ldap-proxy) Now I do a: ldapsearch -x '(&(sn=Kania)(givenName=Stefan))' givenname
The first time I can see that the proxy is asking the ldap-server and is giving the result to the ldap-client.
Each time I repeat the command on the ldap-client, only the log from the ldap-proxy is showing the access from the ldap-client. The ldap-client is getting the result from the proxy.
I can even shutdown the ldap-server and the client is still getting the result from the proxy. Up to this point I understand the log but if I set "loglevel any" I see: ------------ access_allowed: result not in cache (givenName) ------------ But I think the result IS in the cache otherwise I would not get the result with the ldap-server turned off. So why do I get this messages?
Stefan Kania wrote:
I'm testing the openldap cache module pcache with OpenLDAP 2.6 on
I can even shutdown the ldap-server and the client is still getting the result from the proxy. Up to this point I understand the log but if I set "loglevel any" I see:
access_allowed: result not in cache (givenName)
But I think the result IS in the cache otherwise I would not get the result with the ldap-server turned off. So why do I get this messages?
That message is from the ACL cache. It has nothing to do with pcache.
openldap-technical@openldap.org
-
Howard Chu -
Stefan Kania