[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: openldap proxy with uid/gid lookup cache
- To: openldap-technical@openldap.org
- Subject: Re: openldap proxy with uid/gid lookup cache
- From: Dieter Klünter <dieter@dkluenter.de>
- Date: Sun, 27 Jan 2019 11:39:13 +0100
- In-reply-to: <CAOHBbgWTu+=4W1AdfnyHbhM8dH5WReXP4MYUFCOpCLNuNrUHLg@mail.gmail.com>
- Organization: AVCI
- References: <CAOHBbgWTu+=4W1AdfnyHbhM8dH5WReXP4MYUFCOpCLNuNrUHLg@mail.gmail.com>
Am Fri, 25 Jan 2019 21:04:42 -0500
schrieb vadud3@gmail.com:
> How do I include uid/gid lookup caching to my openldap proxy server?
>
> $ cat slapd.conf
> ### Schema includes
> ###########################################################
> include /etc/openldap/schema/core.schema
> include /etc/openldap/schema/cosine.schema
> include /etc/openldap/schema/inetorgperson.schema
> include /etc/openldap/schema/misc.schema
> include /etc/openldap/schema/nis.schema
>
> ## Module paths
> ##############################################################
> modulepath /usr/lib64/openldap/ moduleload
> back_ldap
>
> # Main settings
> ###############################################################
> pidfile /var/run/openldap/slapd.pid
> argsfile /var/run/openldap/slapd.args
> sizelimit unlimited
>
> TLSCertificateFile /root/data/certs/ldap.crt
> TLSCertificateKeyFile /root/data/certs/ldap.key
>
> ### Database definition (Proxy to AD)
> ######################################### database ldap
> readonly yes
> protocol-version 3
> rebind-as-user yes
> uri "ldaps://ldap.example.com:1636"
> suffix "ou=People,dc=example,dc=net"
> ### Logging
> ###################################################################
> loglevel 0
Did you read slapo-pcache(5) ?
For debugging use debug level pcache.
Try something like:
database ldap
...
overlay pcache
pcache mdb 5000 2 500 3600
pcacheAttrset 0 uid gid
pcacheTemplate (uid=) 0 10800 7200
directory /path/to/database
index uid,gid eq
-Dieter
--
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E