Thomas Seifert wrote: > Hi there, > > I'm trying to proxy and cache some ldap queries which would otherwise go > to an > IBM Tivoli Directory Server or another kind of ldap-server. > Therefore I'm trying to use the pcache (proxycache) overlay in openldap > 2.3.39. > > Is there a problem with that setup so far?
No. > Would it need special > adjustments to > proxy another kind of ldap server than just openldap? Maybe, depends on how willing to cooperate the proxied server is. > I'm having the problem, that I only get back on ldapsearch against the > proxy > --- > # search result > search: 2 > result: 32 No such object > --- > > which seems to get as far as getting the user authenticated as I get > another error > if I enter wrong credentials ;). > Needless to say that everything is returned correctly if I just change > the hostname > to the direct ldap server. The above error seems to indicate that the proxy is unable to determine what database can handle the requested search base. But you don't provide enough information to help tracking your issue. A log of the request by the proxy at "stats" level would have provided the required information. > My config is as follows with is directly derived from the configuration: > > --- > # proxycache settings > database ldap > suffix "o=domainname" > rootdn "cn=Manager,o=domainname" > uri ldap://hostname/o=domainname ^^^^ this is incorrect. As the man page clearly states, no "DN" portion must be provided in the URI (you should have gotten a warning about it, but who cares about warnings, eh? Next version it'll error out). > overlay pcache > proxycache bdb 100000 1 1000 100 > proxyAttrset 0 mail postaladdress telephonenumber > proxyTemplate (sn=) 0 3600 > proxyTemplate (uid=) 0 3600 > proxyTemplate (&(sn=)(givenName=)) 0 3600 > proxyTemplate (&(departmentNumber=)(secretary=*)) 0 3600 > > cachesize 20 > directory /usr/local/openldap-proxycache/var/openldap-data/db.2.a > index objectClass eq > index cn,sn,uid,mail pres,eq,sub > --- > > > Any ideas about this issue? Any way to further diagnose the problem? See above. > I assume that every non-cacheable query is sent to the proxied ldap > server anyway and its results are returned directly? Correct. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: [EMAIL PROTECTED] ---------------------------------------
