Testing external server communications after initial setup
After setting up the basic deployment scenario, the communication between the proxies and the LDAP external servers can be tested using a feature in the proxy server in combination with an LDAP search.
About this task
After initial setup, the PingDirectoryProxy server exposes a special search base distinguished name (DN) for testing external server connectivity, called the backend server pass-through
subtree view. While disabled by default, you can enable this feature using dsconfig
in the Client Connection Policy menu
.
Steps
-
Run
dsconfig
to set theinclude-backend-server-passthrough-subtree-views
property toTRUE
.Example:
root@proxy-east-01: dsconfig set-client-connection-policy-prop \ --policy-name default \ --set include-backend-server-passthrough-subtree-views:true
Result:
When set to
TRUE
, an LDAP search against the PingDirectoryProxy server with the base DNdc=example,dc=com,ds-backend-server=ds-east-02.example.com:389
instructs the PingDirectoryProxy server to perform the search against theds-east-02.example.com:389
external server with the base DN set todc=example,dc=com
. The value ofds-backend-server
should be the name of the configuration object representing the external server. Depending on your naming scheme, this name might not be ahost:port
combination. -
Run
ldapsearch
to fetch thedc=example,dc=com
entry from theds-east-01.example.com
server.Perform this search on each external server to determine if external server communication has been configured correctly on the Directory Proxy Server.
Example:
root@proxy-east-01: bin/ldapsearch \ --bindDN "cn=Directory Manager" \ --bindPassword password \ --baseDN "dc=example,dc=com,ds-backend-server=ds-east-01.example.com:389" \ --searchScope base --useStartTLS "(objectclass=*)"
-
Use this special subtree view to track the operations performed on each external server to help determine load balancing requirements.
This LDAP search can be run with the base DN values for the
ds-east-01
andds-east-02
servers to track the distribution of search and bind requests over time. These statistics are reset to zero when the server restarts.Example:
The following example searches an external server’s monitor entry to display operation statistics.
root@proxy-east-01: bin/ldapsearch \ --bindDN "cn=directory manager" \ --bindPassword password \ --baseDN "cn=monitor,ds-backend-server=ds-east-02.example.com:389" \ --searchScope sub --useStartTLS "(cn=ldap*statistics)" dn: cn=LDAP Connection Handler 192.168.1.203 port 389 Statistics,cn=monitor,ds-backend-server=ds-east-02.example.com:389 objectClass: top objectClass: ds-monitor-entry objectClass: ds-ldap-statistics-monitor-entry objectClass: extensibleObject cn: LDAP Connection Handler 192.168.1.203 port 389 Statistics connectionsEstablished: 3004 connectionsClosed: 2990 bytesRead: 658483 bytesWritten: 2061549 ldapMessagesRead: 17278 ldapMessagesWritten: 22611 operationsAbandoned: 0 operationsInitiated: 17278 operationsCompleted: 14241 abandonRequests: 22 addRequests: 1 addResponses: 1 bindRequests: 3006 bindResponses: 3006 compareRequests: 0 compareResponses: 0 deleteRequests: 0 deleteResponses: 0 extendedRequests: 2987 extendedResponses: 2987 modifyRequests: 1 modifyResponses: 1 modifyDNRequests: 0 modifyDNResponses: 0 searchRequests: 8271 searchResultEntries: 8370 searchResultReferences: 0 searchResultsDone: 8246 unbindRequests: 2990