After initial setup, the Directory Proxy Server exposes a special search base
DN for testing external server connectivity, called the backend server
pass-through
subtree view. While disabled by default, you can enable
this feature using dsconfig in the Client Connection Policy menu.
Set the value of the backend-server-passthrough-subtree-views
property to TRUE
.
-
Run dsconfig to set the
include-backend-server-passthrough-subtree-views
property toTRUE
.root@proxy-east-01: dsconfig set-client-connection-policy-prop \ --policy-name default \ --set include-backend-server-passthrough-subtree-views:true
Once set to true, an LDAP search against the Directory Proxy Server with the base DN
dc=example,dc=com,ds-backend-server=ds-east-02.example.com:389
instructs the Directory Proxy Server to perform the search against theds-east-02.example.com:389
external server with the base DN set todc=example,dc=com
. The value ofds-backend-server
should be the name of the configuration object representing the external server. Depending on your naming scheme, this name may not be ahost:port
combination. -
Run ldapsearch to fetch the
dc=example,dc=com
entry from theds-east-01.example.com
server. Perform this search on each external server to determine if external server communication has been configured correctly on the Directory Proxy Server.root@proxy-east-01: bin/ldapsearch \ --bindDN "cn=Directory Manager" \ --bindPassword password \ --baseDN "dc=example,dc=com,ds-backend-server=ds-east-01.example.com:389" \ --searchScope base --useStartTLS "(objectclass=*)"
-
You can also use this special subtree view to track the operations performed on
each external server to help determine load balancing requirements. This LDAP
search can be run with the base DN values for the
ds-east-01
andds-east-02
servers to track the distribution of search and bind requests over time. These statistics are reset to zero when the server restarts. The following example searches an external server's monitor entry to display operation statistics:root@proxy-east-01: bin/ldapsearch \ --bindDN "cn=directory manager" \ --bindPassword password \ --baseDN "cn=monitor,ds-backend-server=ds-east-02.example.com:389" \ --searchScope sub --useStartTLS "(cn=ldap*statistics)" dn: cn=LDAP Connection Handler 192.168.1.203 port 389 Statistics,cn=monitor,ds-backend-server=ds-east-02.example.com:389 objectClass: top objectClass: ds-monitor-entry objectClass: ds-ldap-statistics-monitor-entry objectClass: extensibleObject cn: LDAP Connection Handler 192.168.1.203 port 389 Statistics connectionsEstablished: 3004 connectionsClosed: 2990 bytesRead: 658483 bytesWritten: 2061549 ldapMessagesRead: 17278 ldapMessagesWritten: 22611 operationsAbandoned: 0 operationsInitiated: 17278 operationsCompleted: 14241 abandonRequests: 22 addRequests: 1 addResponses: 1 bindRequests: 3006 bindResponses: 3006 compareRequests: 0 compareResponses: 0 deleteRequests: 0 deleteResponses: 0 extendedRequests: 2987 extendedResponses: 2987 modifyRequests: 1 modifyResponses: 1 modifyDNRequests: 0 modifyDNResponses: 0 searchRequests: 8271 searchResultEntries: 8370 searchResultReferences: 0 searchResultsDone: 8246 unbindRequests: 2990