OpenLDAP as a Proxy cache only, no local database

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP












2















I am trying to get a local LDAP proxy cache running. The idea is this:



  • Currently a computer (A) is sending all ldap requests to a remote ldap server (L)

  • Instead of that, there should be a proxy cache "server" running on A to act as an intermediate between A and L. The cache would store all queries and all their attributes (until it is filled up and then it starts "recycling").

OpenLDAP's Proxy Cache Engine looks pretty good, but there is not much information about how to set it up. There is an example config file, but I cannot get it to work.



As this is supposed to only be a proxy cache, I shouldn't need to set up a local database. So the config file looks like this:



include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema

moduleload pcache.la

database ldap
suffix "dc=int,dc=somedomain,dc=com"
rootdn "dc=int,dc=somedomain,dc=com"
uri ldap://dc-04.int.somedomain.com:389

overlay pcache
pcache hdb 100000 1 1000 100
pcacheAttrset 0 *
pcacheTemplate (sn=) 0 3600

cachesize 20
directory /var/lib/ldap
index objectClass eq
index cn eq,sub


Now I would expect that any request to ldap://localhost would mirror to the remote LDAP, if not in the cache.



I use this command to test the auth on the remote server:



ldapwhoami -vvv -h dc-04.int.somedomain.com -p 389 -D melka@somedomain.com -x -w <passwd>


Which works well, I get the auth.



However, when I try to run the same command on localhost:



ldapwhoami -vvv -h localhost -p 389 -D melka@somedomain.com -x -w <passwd>


It fails, saying



ldap_initialize( ldap://localhost:389 )
ldap_bind: Invalid DN syntax (34)
additional info: invalid DN


Slapd is listening on localhost, netstat contains this line:



tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 10352/slapd


Is there something I am missing?
Thanks










share|improve this question


























    2















    I am trying to get a local LDAP proxy cache running. The idea is this:



    • Currently a computer (A) is sending all ldap requests to a remote ldap server (L)

    • Instead of that, there should be a proxy cache "server" running on A to act as an intermediate between A and L. The cache would store all queries and all their attributes (until it is filled up and then it starts "recycling").

    OpenLDAP's Proxy Cache Engine looks pretty good, but there is not much information about how to set it up. There is an example config file, but I cannot get it to work.



    As this is supposed to only be a proxy cache, I shouldn't need to set up a local database. So the config file looks like this:



    include /etc/openldap/schema/core.schema
    include /etc/openldap/schema/cosine.schema
    include /etc/openldap/schema/inetorgperson.schema
    include /etc/openldap/schema/nis.schema

    moduleload pcache.la

    database ldap
    suffix "dc=int,dc=somedomain,dc=com"
    rootdn "dc=int,dc=somedomain,dc=com"
    uri ldap://dc-04.int.somedomain.com:389

    overlay pcache
    pcache hdb 100000 1 1000 100
    pcacheAttrset 0 *
    pcacheTemplate (sn=) 0 3600

    cachesize 20
    directory /var/lib/ldap
    index objectClass eq
    index cn eq,sub


    Now I would expect that any request to ldap://localhost would mirror to the remote LDAP, if not in the cache.



    I use this command to test the auth on the remote server:



    ldapwhoami -vvv -h dc-04.int.somedomain.com -p 389 -D melka@somedomain.com -x -w <passwd>


    Which works well, I get the auth.



    However, when I try to run the same command on localhost:



    ldapwhoami -vvv -h localhost -p 389 -D melka@somedomain.com -x -w <passwd>


    It fails, saying



    ldap_initialize( ldap://localhost:389 )
    ldap_bind: Invalid DN syntax (34)
    additional info: invalid DN


    Slapd is listening on localhost, netstat contains this line:



    tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 10352/slapd


    Is there something I am missing?
    Thanks










    share|improve this question
























      2












      2








      2








      I am trying to get a local LDAP proxy cache running. The idea is this:



      • Currently a computer (A) is sending all ldap requests to a remote ldap server (L)

      • Instead of that, there should be a proxy cache "server" running on A to act as an intermediate between A and L. The cache would store all queries and all their attributes (until it is filled up and then it starts "recycling").

      OpenLDAP's Proxy Cache Engine looks pretty good, but there is not much information about how to set it up. There is an example config file, but I cannot get it to work.



      As this is supposed to only be a proxy cache, I shouldn't need to set up a local database. So the config file looks like this:



      include /etc/openldap/schema/core.schema
      include /etc/openldap/schema/cosine.schema
      include /etc/openldap/schema/inetorgperson.schema
      include /etc/openldap/schema/nis.schema

      moduleload pcache.la

      database ldap
      suffix "dc=int,dc=somedomain,dc=com"
      rootdn "dc=int,dc=somedomain,dc=com"
      uri ldap://dc-04.int.somedomain.com:389

      overlay pcache
      pcache hdb 100000 1 1000 100
      pcacheAttrset 0 *
      pcacheTemplate (sn=) 0 3600

      cachesize 20
      directory /var/lib/ldap
      index objectClass eq
      index cn eq,sub


      Now I would expect that any request to ldap://localhost would mirror to the remote LDAP, if not in the cache.



      I use this command to test the auth on the remote server:



      ldapwhoami -vvv -h dc-04.int.somedomain.com -p 389 -D melka@somedomain.com -x -w <passwd>


      Which works well, I get the auth.



      However, when I try to run the same command on localhost:



      ldapwhoami -vvv -h localhost -p 389 -D melka@somedomain.com -x -w <passwd>


      It fails, saying



      ldap_initialize( ldap://localhost:389 )
      ldap_bind: Invalid DN syntax (34)
      additional info: invalid DN


      Slapd is listening on localhost, netstat contains this line:



      tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 10352/slapd


      Is there something I am missing?
      Thanks










      share|improve this question














      I am trying to get a local LDAP proxy cache running. The idea is this:



      • Currently a computer (A) is sending all ldap requests to a remote ldap server (L)

      • Instead of that, there should be a proxy cache "server" running on A to act as an intermediate between A and L. The cache would store all queries and all their attributes (until it is filled up and then it starts "recycling").

      OpenLDAP's Proxy Cache Engine looks pretty good, but there is not much information about how to set it up. There is an example config file, but I cannot get it to work.



      As this is supposed to only be a proxy cache, I shouldn't need to set up a local database. So the config file looks like this:



      include /etc/openldap/schema/core.schema
      include /etc/openldap/schema/cosine.schema
      include /etc/openldap/schema/inetorgperson.schema
      include /etc/openldap/schema/nis.schema

      moduleload pcache.la

      database ldap
      suffix "dc=int,dc=somedomain,dc=com"
      rootdn "dc=int,dc=somedomain,dc=com"
      uri ldap://dc-04.int.somedomain.com:389

      overlay pcache
      pcache hdb 100000 1 1000 100
      pcacheAttrset 0 *
      pcacheTemplate (sn=) 0 3600

      cachesize 20
      directory /var/lib/ldap
      index objectClass eq
      index cn eq,sub


      Now I would expect that any request to ldap://localhost would mirror to the remote LDAP, if not in the cache.



      I use this command to test the auth on the remote server:



      ldapwhoami -vvv -h dc-04.int.somedomain.com -p 389 -D melka@somedomain.com -x -w <passwd>


      Which works well, I get the auth.



      However, when I try to run the same command on localhost:



      ldapwhoami -vvv -h localhost -p 389 -D melka@somedomain.com -x -w <passwd>


      It fails, saying



      ldap_initialize( ldap://localhost:389 )
      ldap_bind: Invalid DN syntax (34)
      additional info: invalid DN


      Slapd is listening on localhost, netstat contains this line:



      tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 10352/slapd


      Is there something I am missing?
      Thanks







      proxy cache openldap






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 9 '15 at 12:09









      Martin MelkaMartin Melka

      1115




      1115




















          1 Answer
          1






          active

          oldest

          votes


















          0















          ldap_bind: Invalid DN syntax (34)
          additional info: invalid DN




          This means that an invalid distinguished name was used. Note that using something like melka@somedomain.com as bind DN in a simple bind request only works for MS Active Directory and no other LDAP server. Therefore your local LDAP proxy denies this request without doing something else.






          share|improve this answer






















            Your Answer








            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "106"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f241838%2fopenldap-as-a-proxy-cache-only-no-local-database%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0















            ldap_bind: Invalid DN syntax (34)
            additional info: invalid DN




            This means that an invalid distinguished name was used. Note that using something like melka@somedomain.com as bind DN in a simple bind request only works for MS Active Directory and no other LDAP server. Therefore your local LDAP proxy denies this request without doing something else.






            share|improve this answer



























              0















              ldap_bind: Invalid DN syntax (34)
              additional info: invalid DN




              This means that an invalid distinguished name was used. Note that using something like melka@somedomain.com as bind DN in a simple bind request only works for MS Active Directory and no other LDAP server. Therefore your local LDAP proxy denies this request without doing something else.






              share|improve this answer

























                0












                0








                0








                ldap_bind: Invalid DN syntax (34)
                additional info: invalid DN




                This means that an invalid distinguished name was used. Note that using something like melka@somedomain.com as bind DN in a simple bind request only works for MS Active Directory and no other LDAP server. Therefore your local LDAP proxy denies this request without doing something else.






                share|improve this answer














                ldap_bind: Invalid DN syntax (34)
                additional info: invalid DN




                This means that an invalid distinguished name was used. Note that using something like melka@somedomain.com as bind DN in a simple bind request only works for MS Active Directory and no other LDAP server. Therefore your local LDAP proxy denies this request without doing something else.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Jul 30 '18 at 13:35









                Michael StröderMichael Ströder

                2547




                2547



























                    draft saved

                    draft discarded
















































                    Thanks for contributing an answer to Unix & Linux Stack Exchange!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f241838%2fopenldap-as-a-proxy-cache-only-no-local-database%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown






                    Popular posts from this blog

                    How to check contact read email or not when send email to Individual?

                    Displaying single band from multi-band raster using QGIS

                    How many registers does an x86_64 CPU actually have?