After initial setup, the Directory Proxy Server exposes a special search base DN for testing external server connectivity, called the backend server pass-through subtree view. While disabled by default, you can enable this feature using dsconfig in the Client Connection Policy menu. Set the value of the backend-server-passthrough-subtree-views property to TRUE.

  1. Run dsconfig to set the include-backend-server-passthrough-subtree-views property to TRUE.
    root@proxy-east-01: dsconfig set-client-connection-policy-prop \
    --policy-name default \
    --set include-backend-server-passthrough-subtree-views:true

    Once set to true, an LDAP search against the Directory Proxy Server with the base DN dc=example,dc=com,ds-backend-server=ds-east-02.example.com:389 instructs the Directory Proxy Server to perform the search against the ds-east-02.example.com:389 external server with the base DN set to dc=example,dc=com. The value of ds-backend-server should be the name of the configuration object representing the external server. Depending on your naming scheme, this name may not be a host:port combination.

  2. Run ldapsearch to fetch the dc=example,dc=com entry from the ds-east-01.example.com server. Perform this search on each external server to determine if external server communication has been configured correctly on the Directory Proxy Server.
    root@proxy-east-01: bin/ldapsearch \
    --bindDN "cn=Directory Manager" \
    --bindPassword password \
    --baseDN "dc=example,dc=com,ds-backend-server=ds-east-01.example.com:389" \
    --searchScope base --useStartTLS "(objectclass=*)"
  3. You can also use this special subtree view to track the operations performed on each external server to help determine load balancing requirements. This LDAP search can be run with the base DN values for the ds-east-01 and ds-east-02 servers to track the distribution of search and bind requests over time. These statistics are reset to zero when the server restarts. The following example searches an external server's monitor entry to display operation statistics:
    root@proxy-east-01: bin/ldapsearch \
    --bindDN "cn=directory manager" \
    --bindPassword password \
    --baseDN "cn=monitor,ds-backend-server=ds-east-02.example.com:389" \
    --searchScope sub --useStartTLS "(cn=ldap*statistics)"
    
    dn: cn=LDAP Connection Handler 192.168.1.203 port 389 
    Statistics,cn=monitor,ds-backend-server=ds-east-02.example.com:389
    
    objectClass: top
    objectClass: ds-monitor-entry
    objectClass: ds-ldap-statistics-monitor-entry
    objectClass: extensibleObject
    cn: LDAP Connection Handler 192.168.1.203 port 389
    Statistics
    connectionsEstablished: 3004
    connectionsClosed: 2990
    bytesRead: 658483
    bytesWritten: 2061549
    ldapMessagesRead: 17278
    ldapMessagesWritten: 22611
    operationsAbandoned: 0
    operationsInitiated: 17278
    operationsCompleted: 14241
    abandonRequests: 22
    addRequests: 1
    addResponses: 1
    bindRequests: 3006
    bindResponses: 3006
    compareRequests: 0
    compareResponses: 0
    deleteRequests: 0
    deleteResponses: 0
    extendedRequests: 2987
    extendedResponses: 2987
    modifyRequests: 1
    modifyResponses: 1
    modifyDNRequests: 0
    modifyDNResponses: 0
    searchRequests: 8271
    searchResultEntries: 8370
    searchResultReferences: 0
    searchResultsDone: 8246
    unbindRequests: 2990