Hi Howard,
Thanks again for your replying.
So with the pcacheOffline FALSE (default), pcache would use the local cached
data and continues to response its cached data when the DSA is cut
off/unreachable.
But once remote DSA is offline and the cached is expired, the client would get
the respond with error "Proxy operation retry failed" because "cache is stale".
Is it something that I missed on the configuration side? Can we continue to
use the existing expired cached data (the cache contents to be used
indefinitely) until remote DSA is back online?
Jun 15 18:39:45 prd-ldap1-euc1 slapd[12041]: conn=1115 op=0 do_bind
Jun 15 18:39:45 prd-ldap1-euc1 slapd[12041]: >>> dnPrettyNormal:
<uid=userX,ou=employees,o=mycompany.com>
Jun 15 18:39:45 prd-ldap1-euc1 slapd[12041]: <<< dnPrettyNormal:
<uid=userX,ou=employees,o=mycompany.com>,
<uid=userX,ou=employees,o=mycompany.com>
Jun 15 18:39:45 prd-ldap1-euc1 slapd[12041]: conn=1115 op=0 BIND
dn="uid=userX,ou=employees,o=mycompany.com" method=128
Jun 15 18:39:45 prd-ldap1-euc1 slapd[12041]: do_bind: version=3
dn="uid=userX,ou=employees,o=mycompany.com" method=128
Jun 15 18:39:45 prd-ldap1-euc1 slapd[12041]: => bdb_entry_get: ndn:
"uid=userX,ou=employees,o=mycompany.com"
Jun 15 18:39:45 prd-ldap1-euc1 slapd[12041]: => bdb_entry_get: oc: "(null)",
at: "(null)"
Jun 15 18:39:45 prd-ldap1-euc1 slapd[12041]:
bdb_dn2entry("uid=userX,ou=employees,o=mycompany.com")
Jun 15 18:39:45 prd-ldap1-euc1 slapd[12041]: => bdb_entry_get: found entry:
"uid=userX,ou=employees,o=mycompany.com"
Jun 15 18:39:45 prd-ldap1-euc1 slapd[12041]: bdb_entry_get: rc=0
Jun 15 18:39:45 prd-ldap1-euc1 slapd[12041]: str2filter "(uid=userX)"
Jun 15 18:39:45 prd-ldap1-euc1 slapd[12041]: begin get_filter
Jun 15 18:39:45 prd-ldap1-euc1 slapd[12041]: EQUALITY
Jun 15 18:39:45 prd-ldap1-euc1 slapd[12041]: end get_filter 0
Jun 15 18:39:45 prd-ldap1-euc1 slapd[12041]: Lock QC index = 0x562be57eb700
Jun 15 18:39:45 prd-ldap1-euc1 slapd[12041]: QUERY ANSWERABLE (answered 115
times)
Jun 15 18:39:45 prd-ldap1-euc1 slapd[12041]: => hdb_search
Jun 15 18:39:45 prd-ldap1-euc1 slapd[12041]:
bdb_dn2entry("uid=userX,ou=employees,o=mycompany.com")
Jun 15 18:39:45 prd-ldap1-euc1 slapd[12041]: => access_allowed: search access
to "uid=userX,ou=employees,o=mycompany.com" "entry" requested
Jun 15 18:39:45 prd-ldap1-euc1 slapd[12041]: <= root access granted
Jun 15 18:39:45 prd-ldap1-euc1 slapd[12041]: => access_allowed: search access
granted by manage(=mwrscxd)
Jun 15 18:39:45 prd-ldap1-euc1 slapd[12041]: base_candidates: base:
"uid=userX,ou=employees,o=mycompany.com" (0x00000003)
Jun 15 18:39:45 prd-ldap1-euc1 slapd[12041]: => test_filter
Jun 15 18:39:45 prd-ldap1-euc1 slapd[12041]: EQUALITY
Jun 15 18:39:45 prd-ldap1-euc1 slapd[12041]: => access_allowed: search access
to "uid=userX,ou=employees,o=mycompany.com" "uid" requested
Jun 15 18:39:45 prd-ldap1-euc1 slapd[12041]: <= root access granted
Jun 15 18:39:45 prd-ldap1-euc1 slapd[12041]: => access_allowed: search access
granted by manage(=mwrscxd)
Jun 15 18:39:45 prd-ldap1-euc1 slapd[12041]: <= test_filter 6
Jun 15 18:39:45 prd-ldap1-euc1 slapd[12041]: pc_bind_search: cache is stale,
reftime: 1655318380, current time: 1655318385
Jun 15 18:39:45 prd-ldap1-euc1 slapd[12041]: send_ldap_result: conn=1115 op=0
p=3
Jun 15 18:39:45 prd-ldap1-euc1 slapd[12041]: send_ldap_result: err=0 matched=""
text=""
Jun 15 18:39:45 prd-ldap1-euc1 slapd[12041]: =>ldap_back_getconn: conn=1115
op=0: lc=0x7f2644105d10 inserted refcnt=1 rc=0
Jun 15 18:39:45 prd-ldap1-euc1 slapd[12041]: daemon: activity on 1 descriptor
Jun 15 18:39:45 prd-ldap1-euc1 slapd[12041]: daemon: activity on:
Jun 15 18:39:45 prd-ldap1-euc1 slapd[12041]:
Jun 15 18:39:45 prd-ldap1-euc1 slapd[12041]: daemon: epoll: listen=7
active_threads=0 tvp=zero
Jun 15 18:39:45 prd-ldap1-euc1 slapd[12041]: daemon: epoll: listen=8
active_threads=0 tvp=zero
Jun 15 18:39:45 prd-ldap1-euc1 slapd[12041]: daemon: epoll: listen=9
active_threads=0 tvp=zero
Jun 15 18:39:45 prd-ldap1-euc1 slapd[12041]: daemon: epoll: listen=10
active_threads=0 tvp=zero
Jun 15 18:39:45 prd-ldap1-euc1 slapd[12041]: daemon: epoll: listen=11
active_threads=0 tvp=zero
Jun 15 18:39:55 prd-ldap1-euc1 slapd[12041]: conn=1115 op=0 ldap_back_retry:
retrying URI="ldaps://dsa.mycompany.com" DN=""
Jun 15 18:40:05 prd-ldap1-euc1 slapd[12041]: send_ldap_result: conn=1115 op=0
p=3
Jun 15 18:40:05 prd-ldap1-euc1 slapd[12041]: send_ldap_result: err=52
matched="" text="Proxy operation retry failed"
Jun 15 18:40:05 prd-ldap1-euc1 slapd[12041]: send_ldap_response: msgid=1 tag=97
err=52
Jun 15 18:40:05 prd-ldap1-euc1 slapd[12041]: conn=1115 op=0 RESULT tag=97
err=52 text=Proxy operation retry failed
Jun 15 18:40:06 prd-ldap1-euc1 slapd[12041]: daemon: activity on 1 descriptor
Jun 15 18:40:06 prd-ldap1-euc1 slapd[12041]: daemon: activity on:
Thanks
On Tuesday, June 14, 2022, 02:45:46 PM PDT, Howard Chu <[email protected]>
wrote:
Tri Tu wrote:
> Hi Howard,
>
> Thanks for your replying.
>
> If we set the pcacheOffline FALSE (default) then when the cache is expired,
> query would failed with "Proxy operation retry failed" because the DSA is
> offline/unreachable.
>
> pcacheOffline { TRUE | FALSE }
> Set the cache to offline mode. While offline, the consistency
> checker will be stopped and no expirations will occur. This allows the cache
> contents to be used indefinitely
> while the proxy is cut off from network access to the remote
> DSA. The default is FALSE, i.e. consistency checks and expirations will be
> performed.
>
> If we manually update configuration to pcacheOffline TRUE and restarted slapd,
Don't restart slapd. The pcacheOffline setting is meant to be used by changing
it dynamically as your network status changes.
