Configuring the LDAP URI advisor

The LDAP URI advisor allows you better gauge Lightweight Directory Access Protocol (LDAP) availability by processing a complete request to the LDAP server. The LDAP URI advisor opens a connection to the LDAP serve and sends a BIND request that is based on the advisorrequest field that you define on the server object. The advisor then waits for a response from the LDAP server and returns the elapsed time as a load.

About this task

In situations in which you cannot perform an anonymous bind request to an LDAP server, you can use the LDAP URI advisor to bind with an LDAP server that requires a user name and password. The LDAP URI advisor might provide a more precise measurement of workload, since the LDAP server will be required to process a complete request rather perform only an anonymous bind.

Procedure

  1. Set the advisorrequest field for the server that will use the LDAP URI advisor.
    1. Set the advisorrequest field on the server object with the dscontrol server command. The string you use for the advisorrequest field must be compliant with the RFC2255 - The LDAP URL Format, but you need to format the string differently to work with Load Balancer. Specifically, RFC2255 does not allow for a password to be provided on the URL line, so Load Balancer has to take a modified string in the advisorrequest field, and convert that string to an RFC2255 compliant request. For example, a typical LDAP request might look like this:
      ldapsearch -x -H ldap://bluepages.ibm.com:389 -D
      "uid=973524897,c=us,ou=bluepages,o=ibm.com" -w MYPASS -b "ou=bluepages,o=ibm.com" mail=user@us.ibm.com
      To use this in Load Balancer's advisorrequest field, you should modify the string to look like this:
      ldap://bluepages.ibm.com:389/ou=bluepages,o=ibm.com??sub?(mail=user@us.ibm.com)?bindname=uid=973524897,c=us,ou=bluepages,o=ibm.com?!bindpass=MYPASS
      To use this advisorrequest string with the dscontrol server command, your command would look like this:
      dscontrol server set cluster@server@port advisorrequest "ldap://bluepages.ibm.com:389/ou=bluepages,o=ibm.com??sub?(mail=user@us.ibm.com)?bindname=uid=973524897,c=us,ou=bluepages,o=ibm.com?!bindpass=MYPASS"
      Avoid trouble Avoid trouble: Be aware of the following:
      • Note the ?!bindpass=MYPASS extension that is used in the examples. Replace MYPASS with the password that is used to authenticate the LDAP request.
      • Certain characters must be escaped using the % method that is described in RFC 1738. You must escape any of the following characters:
        • URL-illegal characters, like spaces.
        • URL special characters, as defined in section 2.2 of RFC 1738.
        • The reserved character '?', which is the ACSCII 63 character, when it appears inside a dn, filter, or other element of an LDAP URL.
        • A comma character ',' if it occurs inside an extension value.
      gotcha
    2. Optional: Set the advisorresponse field on the server object. If you set this field, you must set the value to a substring that is expected to be present in the response from the LDAP server.
  2. Start the LDAP URI advisor. To start the LDAP URI advisor, use the dscontrol advisor command:
    dscontrol advisor start ldapuri cluster@port
    Avoid trouble Avoid trouble: Verify that you are using the LDAP URI advisor, and not the LDAP advisor. The LDAP advisor only supports anonymous bind requests to LDAP servers.gotcha

Icon that indicates the type of topic Task topic



Timestamp icon Last updated: March 23, 2018 0:18
File name: tprf_ldapuriadv.html