Alessandro Dotti Contra

Linux/Unix DevOps

OpenLDAP proxy cache engine

LDAP cache is a special type of replica which holds entry corresponding to search filters instead of a subtree. A list of cacheable templates are specified at configuration time, and a query is cached only if it belongs to one of these templates.

Proxy cache configuration

This is an example database section configuration snippet for a caching server:

database      ldap
suffix        "dc=nowhere,dc=local"
rootdn        "dc=nowhere,dc=local"
uri           ldap://ldap.nowhere.local/dc=nowhere%2cdc=local
overlay       proxycache
proxyCache    bdb 100000 1 1000 1
proxyAttrset  0 mail telephonenumber
proxyTemplate (sn=) 0 3600
proxyTemplate (&(sn=)(givenName=)) 0 3600
cachesize     20
directory     /var/lib/ldap/dc=nowhere,dc=local
index         objectClass eq
index         cn,sn,uid,mail	pres,eq,sub

proxyCache <DB> <maxentries> <nattrset> <entrylimit> <period>

This directive enables proxy caching. <DB> specifies the database type to use, <maxentries> represents the maximum number of entries to be held in the cache, <nattrset> specifies the total number of attribute serts that may be defined, <entrylimit> represents the maximum number of entries in a cacheable query, <period> specifies the interval, in seconds, between consistency checks.

proxyAttrset <index> <attributes>

Associate a set of attributes to an index (0..<nattrset>-1).

proxyTemplate <prototype> <attrset index> <TTL>

Specifies a cacheable template. <prototype> is the filter string to use, <attrset index> is the index of the required attributes set, <TTL> is the time to live after which the queries belonging to the template will expire.