PingDirectory

Testing external server communications after initial setup

After setting up the basic deployment scenario, the communication between the proxies and the LDAP external servers can be tested using a feature in the proxy server in combination with an LDAP search.

About this task

After initial setup, the PingDirectoryProxy server exposes a special search base distinguished name (DN) for testing external server connectivity, called the backend server pass-through subtree view. While disabled by default, you can enable this feature using dsconfig in the Client Connection Policy menu.

Steps

  1. Run dsconfig to set the include-backend-server-passthrough-subtree-views property to TRUE.

    Example:

    root@proxy-east-01: dsconfig set-client-connection-policy-prop \
--policy-name default \
--set include-backend-server-passthrough-subtree-views:true

    Result:

    When set to TRUE, an LDAP search against the PingDirectoryProxy server with the base DN dc=example,dc=com,ds-backend-server=ds-east-02.example.com:389 instructs the PingDirectoryProxy server to perform the search against the ds-east-02.example.com:389 external server with the base DN set to dc=example,dc=com. The value of ds-backend-server should be the name of the configuration object representing the external server. Depending on your naming scheme, this name might not be a host:port combination.

  2. Run ldapsearch to fetch the dc=example,dc=com entry from the ds-east-01.example.com server.

    Perform this search on each external server to determine if external server communication has been configured correctly on the Directory Proxy Server.

    Example:

    root@proxy-east-01: bin/ldapsearch \
--bindDN "cn=Directory Manager" \
--bindPassword password \
--baseDN "dc=example,dc=com,ds-backend-server=ds-east-01.example.com:389" \
--searchScope base --useStartTLS "(objectclass=*)"

  3. Use this special subtree view to track the operations performed on each external server to help determine load balancing requirements.

    This LDAP search can be run with the base DN values for the ds-east-01 and ds-east-02 servers to track the distribution of search and bind requests over time. These statistics are reset to zero when the server restarts.

    Example:

    The following example searches an external server’s monitor entry to display operation statistics.

    root@proxy-east-01: bin/ldapsearch \
--bindDN "cn=directory manager" \
--bindPassword password \
--baseDN "cn=monitor,ds-backend-server=ds-east-02.example.com:389" \
--searchScope sub --useStartTLS "(cn=ldap*statistics)"

dn: cn=LDAP Connection Handler 192.168.1.203 port 389
Statistics,cn=monitor,ds-backend-server=ds-east-02.example.com:389

objectClass: top
objectClass: ds-monitor-entry
objectClass: ds-ldap-statistics-monitor-entry
objectClass: extensibleObject
cn: LDAP Connection Handler 192.168.1.203 port 389
Statistics
connectionsEstablished: 3004
connectionsClosed: 2990
bytesRead: 658483
bytesWritten: 2061549
ldapMessagesRead: 17278
ldapMessagesWritten: 22611
operationsAbandoned: 0
operationsInitiated: 17278
operationsCompleted: 14241
abandonRequests: 22
addRequests: 1
addResponses: 1
bindRequests: 3006
bindResponses: 3006
compareRequests: 0
compareResponses: 0
deleteRequests: 0
deleteResponses: 0
extendedRequests: 2987
extendedResponses: 2987
modifyRequests: 1
modifyResponses: 1
modifyDNRequests: 0
modifyDNResponses: 0
searchRequests: 8271
searchResultEntries: 8370
searchResultReferences: 0
searchResultsDone: 8246
unbindRequests: 2990