Re: [SOGo] disable auto-complete for certain external ldap address books

Wed, 04 Mar 2015 03:39:45 -0800 

Hi all,
I have made a lot of progress in this issue, and I thought I'd share on the list. Perhaps someone else can benefit from this as well. 


To (massively) speed-up (cache) queries to external ldap (in our case: 
AD) servers, we are now using openldap with the pcache overlay.



This is on wheezy. First we installed slapd (openldap 2.4), and 
configured it to use the 'old-style' slapd.conf. Our config file can be 
seen below.



Then we configured an extra SOGoUserSources, canAuthenticate = NO, and 
hostname = localhost.



To verify: in the SOGo web access addressbook, the first time we search 
for 'username', it takes 5-7 seconds. A second time, the response is 
immediate. Huge improvement.


If anyone here has some tips or comments on my slapd.conf, please reply!

Some remaining things:


* I would like to 'pre-load' the openldap/pcache with the complete AD 
contents, so all searches would be local searches. Does anyone know if 
that is possible?


* I'm not sure how to configure expiration of items in the cache


* I'm not sure if the indexes at the end are actually needed. The SOGo 
query (as far as I know) looks like the proxyTemplate below. Perhaps the 
indexes can be discarded.



I'm sure there are many knowledgeable openldap people here, so please 
comment. :-)


Here is the slapd.conf that works for us:


include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema

sizelimit unlimited

pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args
loglevel        -1

modulepath      /usr/lib/ldap

moduleload      back_bdb
moduleload      back_ldap
moduleload      pcache

database ldap
suffix         "dc=example,dc=com"
rootdn         "dc=example,dc=com"
uri            "ldap://ldap1.example.com:3268/dc=example%2cdc=com 
ldap://ldap2.example.com:3268/dc=example%2cdc=com";
chase-referrals no

overlay pcache
pcache         bdb 9999999 1 1000 100
pcacheAttrset  0 "*" "+"
proxyTemplate (|(sn=)(displayName=)(telephoneNumber=)(mail=)(cn=)) 0 3600
cachesize 999999
directory /var/lib/ldap

index       sn eq
index       displayName eq
index       telephoneNumber eq
index       mail eq
index       cn eq


Regards,
MJ
--
users@sogo.nu
https://inverse.ca/sogo/lists






















					Reply via email to