Hello, thank you for reading this post! Is it possible to configure openldap to cache the search operation necessary to perform mapped bind rewrites? The slapo-pcache man page has given me hope but I’m stuck making it happen. I’m able to map and rewrite a bind, cache binds, and cache search results. But I'm stuck trying to cache the search operation that openldap completes for looking up a mapped attribute. For example I can bind with a string like: mail=pfoo@somedomain.com,ou=Students,dc=domain,dc=com slapd.conf maps that through overlay rwm like: rwm-rewriteMap ldap source2dn "ldap:///ou=Students,dc=TEST_HOST,dc=TEST_COM?dn?sub" rwm-rewriteContext bindDN rwm-rewriteRule "(.+,)?dc=TEST_HOST,dc=TEST_COM" "$1dc=TEST_HOST,dc=TEST_COM" ":" to an actual DN of: cn=Foo\, Peter (pfoo),ou=Students,dc=domain,dc=com and some pcache definitions will cache binds and certain searches - this works great. In reviewing the openldap log and network packets to confirm caching, I noticed search requests to attr=1.1. So I tried to define a pcachetemplate for those requests like this: pcacheAttrset 0 1.1 pcacheTemplate (mail=) 0 1800 When I search for attribute 1.1 and bind using a dn that doesn’t need to be rewritten, I get search results and they are cached. However, when I search for 1.1 and bind using a dn that needs to be rewritten, the server complains of a segmentation fault. conn=1000 fd=12 ACCEPT from IP=127.0.0.1:54533 (IP=0.0.0.0:389) conn=1000 op=0 BIND dn="mail=pfoo@somedomain.com,ou=Students,dc=TEST_HOST,dc=TEST_COM" method=128 conn=1001 fd=14 ACCEPT from IP=127.0.0.1:54534 (IP=0.0.0.0:389) conn=1001 op=0 SRCH base="ou=Students,dc=TEST_HOST,dc=TEST_COM" scope=2 deref=0 filter="(mail=pfoo@somedomain.com)" conn=1001 op=0 SRCH attr=1.1 query template of incoming query = (mail=) Entering QC, querystr = (mail=pfoo@somedomain.com) Lock QC index = 0xa2d8798 Not answerable: Unlock QC index=0xa2d8798 QUERY NOT ANSWERABLE QUERY CACHEABLE Segmentation fault And with loglevel -1: ** ld 0xb3a08480 Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ld 0xb3a08480 request count 1 (abandoned 0) ** ld 0xb3a08480 Response Queue: * msgid 1, type 100 ld 0xb3a08480 response count 1 ldap_chkResponseList ld 0xb3a08480 msgid 1 all 1 ldap_chkResponseList returns ld 0xb3a08480 NULL ldap_int_select Segmentation fault Is there a setting to have openldap cache internal operations like that or is there a way to cache that special attr=1.1 search operation? Any suggestions would be greatly appreciated. Many thanks! Dave # from slapd.conf # 2.4.26 (--enable-overlays --enable-bdb --enable-ldap --enable-meta --with-tls=openssl) include /opt/openldap/proxy/etc/openldap/schema/core.schema include /opt/openldap/proxy/etc/openldap/schema/cosine.schema include /opt/openldap/proxy/etc/openldap/schema/inetorgperson.schema include /opt/openldap/proxy/etc/openldap/schema/myorg.schema pidfile /opt/openldap/proxy/var/run/slapd.pid argsfile /opt/openldap/proxy/var/run/slapd.args loglevel -1 database ldap lastmod off suffix "dc=TEST_HOST,dc=TEST_COM" rootdn "cn=admin,dc=TEST_HOST,dc=TEST_COM" rootpw config uri "ldap://10.100.142.132" idassert-bind bindmethod=simple mode=self binddn="cn=testadmin,cn=Users,dc=TEST_HOST,dc=TEST_COM" credentials="secret" idassert-authzFrom "dn.regex:.*" # cache of ldap is in bdb format overlay pcache pcache bdb 100000 2 50 900 pcacheAttrset 0 * pcacheTemplate (&(sn=)(givenname=)) 0 1800 pcacheBind (&(sn=)(givenname=)) 0 1800 sub "ou=Students,dc=TEST_HOST,dc=TEST_COM" # with this definition, the server will segmentation fault after search/bind requests where the bind needs to be rewritten #pcacheAttrset 1 1.1 #pcacheTemplate (mail=) 1 1800 cachesize 100000 pcachePosition tail directory /var/lib/ldap index sn,givenname pres,eq,sub index cn pres,eq,sub index mail eq index objectclass eq # *************************************************************** # start of rewrite stuff overlay rwm rwm-rewriteEngine on rwm-map attribute studentID employeeID ## source DN map rwm-rewriteMap ldap source2dn "ldap:///ou=Students,dc=TEST_HOST,dc=TEST_COM?dn?sub" rwm-rewriteContext default rwm-rewriteRule "(.+,)?dc=TEST_HOST,dc=TEST_COM" "$1dc=TEST_HOST,dc=TEST_COM" ":" rwm-rewriteContext bindDN rwm-rewriteRule "^mail=([^,]*),ou=Students,dc=TEST_HOST,dc=TEST_COM" "${source2dn(mail=$1)}" ":" |