diff --git a/client/man/default.conf.5 b/client/man/default.conf.5 index 4c440530b..0ff277ae7 100644 --- a/client/man/default.conf.5 +++ b/client/man/default.conf.5 @@ -119,6 +119,9 @@ Enable a per-request LDAP cache. The default is True. .B ldap_cache_size The maximum number of entries cached if ldap_cache is True. Since this cache is per-request it is not expected to be very large. The default is 100. Setting the value < 1 effectively disables the cache regardless of the ldap_cache setting .TP +.B ldap_cache_debug +Log details on hits, misses, etc. for the LDAP cache if the cache is enabled. +.TP .B ldap_uri Specifies the URI of the IPA LDAP server to connect to. The URI scheme may be one of \fBldap\fR or \fBldapi\fR. The default is to use ldapi, e.g. ldapi://%2fvar%2frun%2fslapd\-EXAMPLE\-COM.socket .TP diff --git a/ipalib/constants.py b/ipalib/constants.py index 78073e005..4b759a573 100644 --- a/ipalib/constants.py +++ b/ipalib/constants.py @@ -170,6 +170,7 @@ DEFAULT_CONFIG = ( ('ldap_cache', True), ('ldap_cache_size', 100), + ('ldap_cache_debug', False), # Define an inclusive range of SSL/TLS version support ('tls_version_min', TLS_VERSION_DEFAULT_MIN), diff --git a/ipapython/ipaldap.py b/ipapython/ipaldap.py index 9a8bb79d8..0ffaf4d7e 100644 --- a/ipapython/ipaldap.py +++ b/ipapython/ipaldap.py @@ -1768,15 +1768,18 @@ class LDAPCache(LDAPClient): def __init__(self, ldap_uri, start_tls=False, force_schema_updates=False, no_schema=False, decode_attrs=True, cacert=None, - sasl_nocanon=True, enable_cache=True, cache_size=100): + sasl_nocanon=True, enable_cache=True, cache_size=100, + debug_cache=False): self.cache = OrderedDict() self._enable_cache = True # initialize to zero to satisfy pylint + self._debug_cache = False # initialize to zero to satisfy pylint object.__setattr__(self, '_cache_misses', 0) object.__setattr__(self, '_cache_hits', 0) object.__setattr__(self, '_enable_cache', enable_cache and cache_size > 0) + object.__setattr__(self, '_debug_cache', debug_cache) object.__setattr__(self, '_cache_size', cache_size) super(LDAPCache, self).__init__( @@ -1797,7 +1800,7 @@ class LDAPCache(LDAPClient): return self._cache_size # pylint: disable=no-member def emit(self, msg, *args, **kwargs): - if self._enable_cache: + if self._enable_cache and self._debug_cache: logger.debug(msg, *args, **kwargs) def copy_entry(self, dn, entry, attrs=[]): diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index 095e74b2a..d1415ebc8 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -66,6 +66,7 @@ class ldap2(CrudBackend, LDAPCache): force_schema_updates=force_schema_updates, enable_cache=api.env.ldap_cache and not force_schema_updates, cache_size=api.env.ldap_cache_size, + debug_cache=api.env.ldap_cache_debug, ) self._time_limit = float(LDAPCache.time_limit)