[Date Prev][Date Next] [Chronological] [Thread] [Top]

Setting up a Proxy Cache

Hello:

I am new on using the Proxy Cache implementation of OpenLDAP. I have setup a server to Proxy-Cache a Lotus Domino LDAP server.

So my slapd.conf file:

include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/java.schema
allow bind_v2
pidfile         /var/run/slapd.pid
argsfile        /var/run/slapd.args
loglevel 4095

backend ldbm
directory /var/openldap-data/
access to * by * write

sizelimit -1

include /etc/openldap/america.conf

And the file:  america.conf:

database        ldap
loglevel        128
suffix          ""
uri             ldap://SGHOU00/
overlay         proxycache
proxycache      hdb 5000 1 1000 21600
proxyattrset    0 mail
proxytemplate   (uid=) 0 12000
cachesize       200
directory       /var/openldap-data/america/
access to * by * write
index           objectClass     eq
index           mail    pres,eq,sub

Now, when I run:

ldapsearch -h localhost -s sub -b "" "(uid=jarjona)" mail

The very first time I get the right answer, but after the second I get an empty answer. The logs (below) show that slapd is trying to write the entry in a backend database (I imagine is in the given backend), but that is failing:

Mar 31 14:31:15 ldap-proxy slapd[16532]: @(#) $OpenLDAP: slapd 2.2.13 (Mar 28 2005 17:54:59) $ root@notes-proxy:/usr/src/redhat/SOURCES/openldap-2.2.13/servers/slapd
Mar 31 14:31:15 ldap-proxy slapd[16532]: bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (September 21, 2004)
Mar 31 14:31:15 ldap-proxy slapd[16532]: bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (September 21, 2004)
Mar 31 14:31:15 ldap-proxy slapd[16532]: line 57 (schemacheck off)
Mar 31 14:31:15 ldap-proxy slapd[16532]: /etc/openldap/slapd.conf: line 57: schema checking disabled! your mileage may vary!
Mar 31 14:31:15 ldap-proxy slapd[16532]: line 59 (backend ldbm)
Mar 31 14:31:15 ldap-proxy slapd[16532]: line 60 (directory /var/openldap-data/)
Mar 31 14:31:15 ldap-proxy slapd[16532]: line 62 (access to * by * write)
Mar 31 14:31:15 ldap-proxy slapd[16532]: line 64 (sizelimit -1)
Mar 31 14:31:15 ldap-proxy slapd[16532]: line 85 (include /etc/openldap/america.conf)
Mar 31 14:31:15 ldap-proxy slapd[16532]: reading config file /etc/openldap/america.conf
Mar 31 14:31:15 ldap-proxy slapd[16532]: line 1 (database ldap)
Mar 31 14:31:15 ldap-proxy slapd[16532]: line 2 (loglevel 128)
Mar 31 14:31:15 ldap-proxy slapd[16532]: Total # of attribute sets to be cached = 1
Mar 31 14:31:15 ldap-proxy slapd[16532]: Attribute Set # 0
Mar 31 14:31:15 ldap-proxy slapd[16532]: mail
Mar 31 14:31:15 ldap-proxy slapd[16532]: Template:
Mar 31 14:31:15 ldap-proxy slapd[16532]: query template: (uid=)
Mar 31 14:31:15 ldap-proxy slapd[16532]: attributes: Mar 31 14:31:15 ldap-proxy slapd[16532]: mail
Mar 31 14:31:15 ldap-proxy slapd[16533]: slapd starting
Mar 31 14:31:24 ldap-proxy slapd[16533]: query template of incoming query = (uid=)
Mar 31 14:31:24 ldap-proxy slapd[16533]: Lock QC index = 0
Mar 31 14:31:24 ldap-proxy slapd[16533]: Not answerable: Unlock QC index=0
Mar 31 14:31:24 ldap-proxy slapd[16533]: QUERY NOT ANSWERABLE
Mar 31 14:31:24 ldap-proxy slapd[16533]: QUERY CACHEABLE
Mar 31 14:31:24 ldap-proxy slapd[16533]: => access_allowed: read access to "CN=Juan Arjona,O=AMERICA" "entry" requested
Mar 31 14:31:24 ldap-proxy slapd[16533]: => acl_get: [1] attr entry
Mar 31 14:31:24 ldap-proxy slapd[16533]: => acl_mask: access to entry "CN=Juan Arjona,O=AMERICA", attr "entry" requested
Mar 31 14:31:24 ldap-proxy slapd[16533]: => acl_mask: to all values by "", (=n) Mar 31 14:31:24 ldap-proxy slapd[16533]: <= check a_dn_pat: *
Mar 31 14:31:24 ldap-proxy slapd[16533]: <= acl_mask: [1] applying write(=wrscx) (stop)
Mar 31 14:31:24 ldap-proxy slapd[16533]: <= acl_mask: [1] mask: write(=wrscx)
Mar 31 14:31:24 ldap-proxy slapd[16533]: => access_allowed: read access granted by write(=wrscx)
Mar 31 14:31:24 ldap-proxy slapd[16533]: => access_allowed: read access to "CN=Juan Arjona,O=AMERICA" "mail" requested
Mar 31 14:31:24 ldap-proxy slapd[16533]: => acl_get: [1] attr mail
Mar 31 14:31:24 ldap-proxy slapd[16533]: access_allowed: no res from state (mail)
Mar 31 14:31:24 ldap-proxy slapd[16533]: => acl_mask: access to entry "CN=Juan Arjona,O=AMERICA", attr "mail" requested
Mar 31 14:31:24 ldap-proxy slapd[16533]: => acl_mask: to value by "", (=n) Mar 31 14:31:24 ldap-proxy slapd[16533]: <= check a_dn_pat: *
Mar 31 14:31:24 ldap-proxy slapd[16533]: <= acl_mask: [1] applying write(=wrscx) (stop)
Mar 31 14:31:24 ldap-proxy slapd[16533]: <= acl_mask: [1] mask: write(=wrscx)
Mar 31 14:31:24 ldap-proxy slapd[16533]: => access_allowed: read access granted by write(=wrscx)
Mar 31 14:31:24 ldap-proxy slapd[16533]: => access_allowed: read access to "CN=Juan Arjona,O=AMERICA" "objectClass" requested
Mar 31 14:31:24 ldap-proxy slapd[16533]: => acl_get: [1] attr objectClass
Mar 31 14:31:24 ldap-proxy slapd[16533]: access_allowed: no res from state (objectClass)
Mar 31 14:31:24 ldap-proxy slapd[16533]: => acl_mask: access to entry "CN=Juan Arjona,O=AMERICA", attr "objectClass" requested
Mar 31 14:31:24 ldap-proxy slapd[16533]: => acl_mask: to value by "", (=n) Mar 31 14:31:24 ldap-proxy slapd[16533]: <= check a_dn_pat: *
Mar 31 14:31:24 ldap-proxy slapd[16533]: <= acl_mask: [1] applying write(=wrscx) (stop)
Mar 31 14:31:24 ldap-proxy slapd[16533]: <= acl_mask: [1] mask: write(=wrscx)
Mar 31 14:31:24 ldap-proxy slapd[16533]: => access_allowed: read access granted by write(=wrscx)
Mar 31 14:31:24 ldap-proxy slapd[16533]: => access_allowed: read access to "CN=Juan Arjona,O=AMERICA" "uid" requested
Mar 31 14:31:24 ldap-proxy slapd[16533]: => acl_get: [1] attr uid
Mar 31 14:31:24 ldap-proxy slapd[16533]: access_allowed: no res from state (uid)
Mar 31 14:31:24 ldap-proxy slapd[16533]: => acl_mask: access to entry "CN=Juan Arjona,O=AMERICA", attr "uid" requested
Mar 31 14:31:24 ldap-proxy slapd[16533]: => acl_mask: to value by "", (=n) Mar 31 14:31:24 ldap-proxy slapd[16533]: <= check a_dn_pat: *
Mar 31 14:31:24 ldap-proxy slapd[16533]: <= acl_mask: [1] applying write(=wrscx) (stop)
Mar 31 14:31:24 ldap-proxy slapd[16533]: <= acl_mask: [1] mask: write(=wrscx)
Mar 31 14:31:24 ldap-proxy slapd[16533]: => access_allowed: read access granted by write(=wrscx)
Mar 31 14:31:24 ldap-proxy slapd[16533]: UUID for query being added = 98845636-366f-1029-9263-d0d92c4cc7ca
Mar 31 14:31:24 ldap-proxy slapd[16533]: => access_allowed: write access to "CN=Juan Arjona,O=AMERICA" "entry" requested
Mar 31 14:31:24 ldap-proxy slapd[16533]: => access_allowed: backend default write access denied to "(anonymous)"
Mar 31 14:31:24 ldap-proxy slapd[16533]: ENTRY ADDED/MERGED, CACHED ENTRIES=0
Mar 31 14:31:24 ldap-proxy slapd[16533]: STORED QUERIES = 1
Mar 31 14:31:24 ldap-proxy slapd[16533]: Added query expires at 1112313084
Mar 31 14:31:24 ldap-proxy slapd[16533]: Lock AQ index = 0
Mar 31 14:31:24 ldap-proxy slapd[16533]: TEMPLATE 0 QUERIES++ 1
Mar 31 14:31:24 ldap-proxy slapd[16533]: Unlock AQ index = 0 Mar 31 14:31:24 ldap-proxy slapd[16533]: Base of added query = 

Please note the line:

Mar 31 14:31:24 ldap-proxy slapd[16533]: => access_allowed: write access to "CN=Juan Arjona,O=AMERICA" "entry" requested
Mar 31 14:31:24 ldap-proxy slapd[16533]: => access_allowed: backend default write access denied to "(anonymous)"

So permissions seem to be okay, but something in the database is not permitting the cache to work...

Which means that at some point the backend is not allowing writing to the database (?).

Any idea where is my mistake?

Thanks in advance,

-- Juan