mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2024-12-21 03:10:25 +08:00
Code Issues Packages Projects Releases Wiki Activity
cdb34dc6c3
openldap/doc/guide/admin/proxycache.sdf
Howard Chu cdb34dc6c3 Demote cacheable queries section
2004-03-18 00:02:39 +00:00

149 lines
5.6 KiB
Plaintext
Raw Blame History

# $OpenLDAP$
# Copyright 2003, The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
H1: The Proxy Cache Engine
LDAP servers typically hold one or more subtrees of a DIT. Replica
(or shadow) servers hold shadow copies of entries held by one or
more master servers. Changes are propagated from the master server
to replica (slave) servers using LDAP Sync or {{slurpd}}(8). An
LDAP cache is a special type of replica which holds entries
corresponding to search filters instead of subtrees.
H2: Overview
The proxy cache extension of slapd is designed to improve the
responseiveness of the ldap and meta backends. It handles a search
request (query)
by first determining whether it is contained in any cached search
filter. Contained requests are answered from the proxy cache's local
database. Other requests are passed on to the underlying ldap or
meta backend and processed as usual.
E.g. {{EX:(shoesize>=9)}} is contained in {{EX:(shoesize>=8)}} and
{{EX:(sn=Richardson)}} is contained in {{EX:(sn=Richards*)}}
Correct matching rules and syntaxes are used while comparing
assertions for query containment. To simplify the query containment
problem, a list of cacheable "templates" (defined below) is specified
at configuration time. A query is cached or answered only if it
belongs to one of these templates. The entries corresponding to
cached queries are stored in the proxy cache local database while
its associated meta information (filter, scope, base, attributes)
is stored in main memory.
A template is a prototype for generating LDAP search requests.
Templates are described by a prototype search filter and a list of
attributes which are required in queries generated from the template.
The representation for prototype filter is similar to RFC 2254,
except that the assertion values are missing. Examples of prototype
filters are: (sn=),(&(sn=)(givenname=)) which are instantiated by
search filters (sn=Doe) and (&(sn=Doe)(givenname=John)) respectively.
The cache replacement policy removes the least recently used (LRU)
query and entries belonging to only that query. Queries are allowed
a maximum time to live (TTL) in the cache thus providing weak
consistency. A background task periodically checks the cache for
expired queries and removes them.
The Proxy Cache paper
({{URL:http://www.openldap.org/pub/kapurva/proxycaching.pdf}}) provides
design and implementation details.
H2: Proxy Cache Configuration
The cache configuration specific directives described below must
appear after a {{EX:overlay proxycache}} directive within a
{{EX:"database meta"}} or {{EX:database ldap}} section of
the server's {{slapd.conf}}(5) file.
H3: Setting cache parameters
> proxyCache <DB> <maxentries> <nattrsets> <entrylimit> <period>
This directive enables proxy caching and sets general cache parameters.
The <DB> parameter specifies which underlying database is to be
used to hold cached entries. It should be set to {{EX:bdb}},
{{EX:hdb}}, or {{EX:ldbm}}. The <maxentries> parameter specifies
the total number of entries which may be held in the cache. The
<nattrsets> parameter specifies the total number of attribute sets
(as specified by the {{EX:proxyAttrSet}} directive) that may be defined.
The <entrylimit> parameter specifies the maximum number of entries
in a cachable query. The <period> specifies the consistency
check period (in seconds). In each period, queries with expired
TTLs are removed.
H3: Defining attribute sets
> proxyAttrset <index> <attrs...>
Used to associate a set of attributes to an index. Each attribute
set is associated with an index number from 0 to <numattrsets>-1.
These indices are used by the proxyTemplate directive to define
cacheable templates.
H3: Specifying cacheable templates
> proxyTemplate <prototype_string> <attrset_index> <TTL>
Specifies a cacheable template and the "time to live" (in sec) <TTL>
for queries belonging to the template. A template is described by
its prototype filter string and set of required attributes identified
by <attrset_index>.
H3: Example
An example {{slapd.conf}}(5) database section for a caching server
which proxies for the {{EX:"dc=example,dc=com"}} subtree held
at server {{EX:ldap.example.com}}.
> database ldap
> suffix "dc=example,dc=com"
> rootdn "dc=example,dc=com"
> uri ldap://ldap.example.com/dc=example%2cdc=com
> overlay proxycache
> proxycache bdb 100000 1 1000 100
> proxyAttrset 0 mail postaladdress telephonenumber
> proxyTemplate (sn=) 0 3600
> proxyTemplate (&(sn=)(givenName=)) 0 3600
> proxyTemplate (&(departmentNumber=)(secretary=*)) 0 3600
>
> cachesize 20
> directory ./testrun/db.2.a
> index objectClass eq
> index cn,sn,uid,mail pres,eq,sub
H4: Cacheable Queries
A LDAP search query is cacheable when its filter matches one of the
templates as defined in the "proxyTemplate" statements and when it references
only the attributes specified in the corresponding attribute set.
In the example above the attribute set number 0 defines that only the
attributes: {{EX:mail postaladdress telephonenumber}} are cached for the following
proxyTemplates.
H4: Examples:
> Filter: (&(sn=Richard*)(givenName=jack))
> Attrs: mail telephoneNumber
is cacheable, because it matches the template {{EX:(&(sn=)(givenName=))}} and its
attributes are contained in proxyAttrset 0.
> Filter: (&(sn=Richard*)(telephoneNumber))
> Attrs: givenName
is not cacheable, because the filter does not match the template,
nor is the attribute givenName stored in the cache
> Filter: (|(sn=Richard*)(givenName=jack))
> Attrs: mail telephoneNumber
is not cacheable, because the filter does not match the template ( logical
OR "|" condition instead of logical AND "&" )
Reference in New Issue View Git Blame Copy Permalink