The LDAP URI advisor allows you better gauge Lightweight Directory
Access Protocol (LDAP) availability by processing a complete request to the
LDAP server. The LDAP URI advisor opens a connection to the LDAP serve and
sends a BIND request that is based on the advisorrequest field that you define
on the server object. The advisor then waits for a response from the LDAP
server and returns the elapsed time as a load.
About this task
In situations in which you cannot perform an anonymous bind request
to an LDAP server, you can use the LDAP URI advisor to bind with an LDAP server
that requires a user name and password. The LDAP URI advisor might provide
a more precise measurement of workload, since the LDAP server will be required
to process a complete request rather perform only an anonymous
bind.
Procedure
-
Set the advisorrequest field for the server that will use the LDAP
URI advisor.
-
Set the advisorrequest field on the server object with the
dscontrol server command.
Use the following guidelines for setting
the advisorrequest field:
- Set the advisorrequest field to an LDAP:// URL request that is compliant
with the RFC2255 - The LDAP
URL Format.
- Use the bindname extension to perform a bind request that is not anonymous.
- Load Balancer extends the LDAP URL base with the bindpass extension, allowing
you to supply the password for the LDAP server on the URL line. This password
must be provided as an optional extension to preserve the portability of the
URL.
For example:
dscontrol server set cluster@server@port advisorrequest "ldap://ldap1.mycompany.com:389/ou=development,o=mycompany.com??sub?(mail=user@mycompany.com)?bindname=uid=123456789,c=us,ou=development,o=mycompany.com?!bindpass=MYPASS"
Avoid trouble: Be aware of the ?!bindpass=MYPASS extension that
is used above. Replace MYPASS with the password that is used to authenticate
the LDAP request.
gotcha
- Optional:
Set the advisorresponse field on the server
object. If you set this field, you must set the value to a substring that
is expected to be present in the response from the LDAP server.
-
Start the LDAP URI advisor.
To start the LDAP URI
advisor, use the dscontrol advisor command:
dscontrol advisor start ldapuri cluster@port
Avoid trouble: Verify that
you are using the LDAP URI advisor, and not the LDAP advisor. The LDAP advisor
only supports anonymous bind requests to LDAP servers.
gotcha