[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4593) pcache proxyattrset/proxytemplate asterisk interpretation problem



Such a feature is not supported by the proxycache design. The algorithms 
for determining query containment only work when all the attributes in 
the query are known. Using "*" defeats these algorithms. This ITS will 
be closed.

fredme@gmail.com wrote:
> Full_Name: Eugenio Grytsenko
> Version: 2.3.24
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (200.5.92.164)
>
>
> I am using openldap 2.3.24, my distro is Linux, and I configured the
> openldap server as metadirectory with pcache overlay and I have problems
> with the return of data when I specified "proxyattrset 4 *" with
> "proxytemplate". See three definitions of "proxytemplate" with index 4
> in my configuration file...
>
> The results are different when I do ldapsearch against localhost
> (metadirectory openldap) and the remote server (AAA.BBB.CCC.DDD):
>
> # BAD RESULT: METADIRECTORY (pcache)
> #
> # ldapsearch -x -LLL -h localhost -b c=argentina,o=myorg cn=fred
> === CUT HERE ===
> dn: cn=fred,ou=people,c=argentina,o=myorg
> cn: FRED
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: OXUserObject
> objectClass: extensibleObject
>
> === CUT HERE ===
>
> # GOOD RESULT: REMOTE (AAA.BBB.CCC.DDD)
> #
> # ldapsearch -x -LLL -h AAA.BBB.CCC.DDD -b c=argentina,o=myorg cn=fred
> === CUT HERE ===
> dn: cn=fred,ou=people,c=argentina,o=myorg
> lnetmailaccess: TRUE
> usercountry: Argentina
> maildomain: mail.myorg
> cn: FRED
> writeglobaladdressbook: TRUE
> objectclass: top
> objectclass: person
> objectclass: organizationalPerson
> objectclass: inetOrgPerson
> objectclass: posixAccount
> objectclass: OXUserObject
> objectclass: extensibleObject
> loginshell: /bin/bash
> oxtimezone: America/Buenos_Aires
> homedirectory: /home/FRED
> oxappointmentdays: 5
> oxtaskdays: 5
> oxgroupid: 500
> preferredlanguage: AR
> gidnumber: 500
> sn: SMITH
> givenname: FRED
> uidnumber: 1000
> mail: fred@mail.myorg
> mailenabled: ok
> uid: FRED
>
> === CUT HERE ===
>
>
> Here is my config file:
>
>
> === CUT HERE ===
> include         /etc/openldap/schema/core.schema
> include         /etc/openldap/schema/cosine.schema
> include         /etc/openldap/schema/inetorgperson.schema
> include         /etc/openldap/schema/misc.schema
> include         /etc/openldap/schema/nis.schema
> include         /etc/openldap/schema/openldap.schema
> include         /etc/openldap/schema/ppolicy.schema
>
> include         /etc/openldap/schema/openxchange.schema
> include         /etc/openldap/schema/samba3.schema
>
> loglevel        256
> sizelimit       unlimited
> idletimeout     360
>
> pidfile         /var/run/slapd/run/slapd.pid
> argsfile        /var/run/slapd/run/slapd.args
>
> modulepath      /usr/libexec/openldap
> moduleload      back_ldap.la
> moduleload      pcache.la
> moduleload      ppolicy.la
>
> #######################################################################
> # back_ldap database definitions
> #######################################################################
> database        ldap
> suffix          c=argentina,o=myorg
> rootdn          c=argentina,o=myorg
> uri             ldap://AAA.BBB.CCC.DDD:389
> idle-timeout    360
>
> #######################################################################
> # pcache overlay
> #######################################################################
> overlay         pcache
> proxycache      bdb 67108864 5 8192 21600
>
> proxyattrset    0 cn userPassword uidNumber gidNumber cn homeDirectory
> loginShell gecos description objectClass
> proxyattrset    1 cn userPassword memberUid uniqueMember gidNumber
> proxyattrset    2 objectClass uid uidNumber shadowLastChange shadowMin shadowMax
> shadowWarning shadowInactive shadowExpire shadowFlag
> proxyattrset    3 cn userPassword shadowLastChange shadowMax shadowMin
> shadowWarning shadowInactive shadowExpire shadowFlag
> proxyattrset    4 *
>
> proxytemplate   (&(objectClass=)(uidNumber=))                           0 21600
> proxytemplate   (&(objectClass=)(cn=))                                  0 21600
> proxytemplate   (objectClass=)                                          0 21600
> proxytemplate   (&(objectClass=)(gidNumber=))                           1 21600
> proxytemplate   (&(objectClass=)(memberUid=))                           1 21600
> proxytemplate   (&(objectClass=))                                       1 21600
> proxytemplate   (&(objectClass=)(|(memberUid=)(uniqueMember=)))         1 21600
> proxytemplate   (&(objectClass=)(cn=))                                  1 21600
> proxytemplate   (cn=)                                                   2 21600
> proxytemplate   (&(objectClass=)(cn=))                                  3 21600
>
> ### rule to cache entire "getent passwd" and entire "ldapsearch -x" ###
> proxytemplate   (objectClass=*)                                         4 21600
> proxytemplate   (objectClass=)                                          4 21600
>
> ### test with ldapsearch:
> proxytemplate   (cn=)                                                   4 21600
>
>
> index           objectClass eq
> index           uid eq
> index           uidNumber eq
> index           gidNumber eq
> index           memberUid eq
> index           queryid eq
> index           cn pres,eq,sub
> index           entryUUID eq
>
> cachesize       16384
> directory       /var/cache/slapd-pcache
> === CUT HERE ===
>
>
> When I tried to disable rule 4, all works fine, but I couldn't
> cache entire "getent passwd" (proxytemplate (objectClass=*) 4 21600), for
> example.
> I need something like "cache all data with filter (objectClass=*) without using
> any attributes".
>
> Any ideas?
> Thanks.
>
>
>   


-- 
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/