| die letzten Änderungen * Seitenstruktur * Stichwortsuche :



Knowledge base



Knowledge base - OpenLDAP

Knowledge base

9 Benutzer online Druckversion


OpenLDAP als Proxy-Server

The Proxy Cache Engine
LDAP servers typically hold one or more subtrees of a DIT. Replica (or shadow)
servers hold shadow copies of entries held by one or more master servers.
Changes are propagated from the master server to replica (slave) servers using
LDAP Sync or slurpd(8). An LDAP cache is a special type of replica which holds
entries corresponding to search filters instead of subtrees.

15.1. Overview
The proxy cache extension of slapd is designed to improve the responseiveness
of the ldap and meta backends. It handles a search request (query) by first
determining whether it is contained in any cached search filter. Contained
requests are answered from the proxy cache's local database. Other requests
are passed on to the underlying ldap or meta backend and processed as usual.

E.g. (shoesize>=9) is contained in (shoesize>=8) and (sn=Richardson) is
contained in (sn=Richards*)

Correct matching rules and syntaxes are used while comparing assertions for
query containment. To simplify the query containment problem, a list of
cacheable "templates" (defined below) is specified at configuration time. A
query is cached or answered only if it belongs to one of these templates. The
entries corresponding to cached queries are stored in the proxy cache local
database while its associated meta information (filter, scope, base,
attributes) is stored in main memory.

A template is a prototype for generating LDAP search requests. Templates are
described by a prototype search filter and a list of attributes which are
required in queries generated from the template. The representation for
prototype filter is similar to RFC 2254, except that the assertion values are
missing. Examples of prototype filters are: (sn=),(&(sn=)(givenname=)) which
are instantiated by search filters (sn=Doe) and (&(sn=Doe)(givenname=John))

The cache replacement policy removes the least recently used (LRU) query and
entries belonging to only that query. Queries are allowed a maximum time to
live (TTL) in the cache thus providing weak consistency. A background task
periodically checks the cache for expired queries and removes them.

The Proxy Cache paper (http://www.openldap.org/pub/kapurva/proxycaching.pdf)
provides design and implementation details.
15.2. Proxy Cache Configuration

The cache configuration specific directives described below must appear after a
overlay proxycache directive within a "database meta" or database ldap
section of the server's slapd.conf(5) file.
15.2.1. Setting cache parameters

proxyCache <DB> <maxentries> <nattrsets> <entrylimit> <period>

This directive enables proxy caching and sets general cache parameters. The
<DB> parameter specifies which underlying database is to be used to hold cached
entries. It should be set to bdb, hdb, or ldbm. The <maxentries> parameter
specifies the total number of entries which may be held in the cache. The
<nattrsets> parameter specifies the total number of attribute sets (as
specified by the proxyAttrSet directive) that may be defined. The <entrylimit>
parameter specifies the maximum number of entries in a cachable query. The
<period> specifies the consistency check period (in seconds). In each period,
queries with expired TTLs are removed.
15.2.2. Defining attribute sets

proxyAttrset <index> <attrs...>

Used to associate a set of attributes to an index. Each attribute set is
associated with an index number from 0 to <numattrsets>-1. These indices are
used by the addtemplate directive to define cacheable templates.
15.2.3. Specifying cacheable templates

proxyTemplate <prototype_string> <attrset_index> <TTL>

Specifies a cacheable template and the "time to live" (in sec) <TTL> for
queries belonging to the template. A template is described by its prototype
filter string and set of required attributes identified by <attrset_index>.
15.2.4. Example

An example slapd.conf(5) database section for a caching server which proxies
for the "dc=example,dc=com" subtree held at server ldap.example.com.

        database        ldap
        suffix          "dc=example,dc=com"
        uri             ldap://ldap.example.com/dc=example%2cdc=com
        overlay proxycache
        proxycache    bdb 100000 1 1000 100
        proxyAttrset  0 mail postaladdress telephonenumber
        proxyTemplate (sn=) 0 3600
        proxyTemplate (&(sn=)(givenName=)) 0 3600
        proxyTemplate (&(departmentNumber=)(secretary=*)) 0 3600

        cachesize 20
        directory ./testrun/db.2.a
        index       objectClass eq
        index       cn,sn,uid,mail  pres,eq,sub


Knowledge base wurde zuletzt bearbeitet am 12.07.13 durch Frank


<body bgcolor='#FFFFFF' link='#000000' vlink='#000000' alink='#000000' text='#000000'><font face='Verdana' size='2'><strong>www.puschin.de</strong><br>Die Webseite http://www.puschin.de bietet eine interessante Webseite zu vielen Themen aus dem Bereich Linux und Windows. Man findet hier Tipps und Tricks zu cms php apache postfix openxchange tomcat windows linux firewall <br><br><font face='Verdana' size='2'><li><a href='cms.php?print=&aktion=thema_anzeigen&menue_id=191'>Startseite</a><font face='Verdana' size='2'><li><a href='cms.php?print=&aktion=thema_anzeigen&menue_id=63'>Knowledge base</a><font face='Verdana' size='2'><li><a href='cms.php?print=&aktion=thema_anzeigen&menue_id=57'>Kontakt</a><font face='Verdana' size='2'><li><a href='cms.php?print=&aktion=thema_anzeigen&menue_id=9'>Impressum</a></body>