openldap/doc/guide/admin/proxycache.sdf

119 lines
4.7 KiB
Plaintext
Raw Normal View History

# $OpenLDAP$
# Copyright 2003, The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
H1: The Proxy Cache Engine
LDAP servers typically hold one or more subtrees of a DIT. Replica
(or shadow) servers hold shadow copies of entries held by one or
more master servers. Changes are propagated from the master server
to replica (slave) servers using LDAP Sync or {{slurpd}}(8). An
LDAP cache is a special type of replica which holds entries
corresponding to search filters instead of subtrees.
H2: Overview
The proxy cache extension of slapd handles a search request (query)
by first determining whether it is contained in any cached search
filter. Contained requests are answered from the proxy cache's local
database.
E.g. {{EX:(shoesize>=9)}} is contained in {{EX:(shoesize>=8)}} and
{{EX:(sn=Richardson)}} is contained in {{EX:(sn=Richards*)}}
Correct matching rules and syntaxes are used while comparing
assertions for query containment. To simplify the query containment
problem, a list of cacheable "templates" (defined below) is specified
at configuration time. A query is cached or answered only if it
belongs to one of these templates. The entries corresponding to
cached queries are stored in the proxy cache local database while
its associated meta information (filter, scope, base, attributes)
is stored in main memory. Instead of sending a referral for requests
which are not contained, it acts as a proxy and obtains the result
by querying one or more target servers. The proxy cache extends the
meta backend and uses it to connect to target servers.
A template is a prototype for generating LDAP search requests.
Templates are described by a prototype search filter and a list of
attributes which are required in queries generated from the template.
The representation for prototype filter is similar to RFC 2254,
except that the assertion values are missing. Examples of prototype
filters are: (sn=),(&(sn=)(givenname=)) which are instantiated by
search filters (sn=Doe) and (&(sn=Doe)(givenname=John)) respectively.
The cache replacement policy removes the least recently used (LRU)
query and entries belonging to only that query. Queries are allowed
a maximum time to live (TTL) in the cache thus providing weak
consistency. A background thread periodically checks the cache for
expired queries and removes them.
The Proxy Cache paper
({{URL:http://www.openldap.org/pub/kapurva/proxycaching.pdf}}) provides
design and implementation details.
H2: Proxy Cache Configuration
The cache configuration specific directives described below must
appear after {{EX:overlay proxycache}} directive within a
{{EX:"database meta"}} or {{EX:database ldap}} section of
the server's {{slapd.conf}}(5) file.
H3: Setting cache parameters
> proxyCache <DB> <maxentries> <nattrsets> <entrylimit> <period>
The directive enables proxy caching and sets general cache parameters.
The <DB> parameter specifies which underlying database is to be
used to hold cached entries. It should be set to {{EX:bdb}},
{{EX:hdb}}, or {{EX:ldbm}}. The <maxentries> parameter specifies
the total number of entries which may be held in the cache. The
<nattrsets> parameter specifies the total number of attribute sets
(as specified by the {{EX:proxyAttrSet}} directive) may be defined.
The <entrylimit> parameter specifies the maximum number of entries
in a cachable query. The <period> specifies the duration consistency
check period (in seconds). In each period, queries with expired
TTLs are removed.
H3: Defining attribute sets
> proxyAttrset <index> <attrs...>
Used to associate a set of attributes to an index. Each attribute
set is associated with an index number from 0 to <numattrsets>-1.
These indices are used by the addtemplate directive to define
cacheable templates.
H3: Specifying cacheable templates
> proxyTemplate <prototype_string> <attrset_index> <TTL>
Specifies a cacheable template and the "time to live" (in sec) <TTL>
for queries belonging to the template. A template is described by
its prototype filter string and set of required attributes identified
by <attrset_index>.
H3: Example
An example {{slapd.conf}}(5) database section for a caching server
which proxies for the {{EX:"dc=example,dc=com"}} subtree held
at server {{EX:ldap.example.com}}.
> database ldap
> suffix "dc=example,dc=com"
> uri ldap://ldap.example.com/dc=example,dc=com
> overlay proxycache
> proxycache bdb 100000 1 1000 100
> proxyAttrset 0 mail postaladdress telephonenumber
> proxyTemplate (sn=) 0 3600
> proxyTemplate (&(sn=)(givenName=)) 0 3600
> proxyTemplate (&(departmentNumber=)(secretary=*)) 0 3600
>
> cachesize 20
> directory ./testrun/db.2.a
> index objectClass eq
> index cn,sn,uid,mail pres,eq,sub