ldapconresponse



By: lbartlett

May 15, 2009 11:37 am

Reads: 256

License:
Free

Download ldapconnresponse2b.pl.txt

Version 2.2 – May 14, 2009

Changes:

  • Refined the check for ip address and port
  • Changed the precision of the seconds reported
  • Added column to report maximum operations per response time
  • Added total display for all responses exceeding limit option “-d”

Version 2.0 – March 25, 2009

Changes:

  • Added check for wrapped log files. Don’t crash when it’s wrapped
  • Added support for DoExtended… used with nmas for eDir updates
  • Corrected -d statement in help screen
  • Added check for Failed bind and Invalid Context during Bind. Reported in stats and CSV
  • Added check for expired passwords. Reported in stats and CSV
  • Added support for DoCompare LDAP operation

Syntax:

 ldapconnresponse.pl [options] tracefile

Purpose:

Measure total connection time, from ‘New Connection to UnBind’ and also measure times between connection start and other LDAP operations.

This utilty serves a different purpose to elapse – it’s completely different. With elapse you measure only individual LDAP operations. What this script does is measure the entire LDAP transaction, which IS made up of multiple LDAP operations, e.g. Bind, Search & Unbind ..or.. Bind, Search, Search, Modify & Unbind

If you’re measuring LDAP performance you must use this util -elapse will not help you locate the root cause of slow LDAP transactions. Using this script we were able to show that slow transactions were due to client side code, for example. This is observed when firstly identifying which transactions are slow, then looking at what the dstrace shows for that specific transaction – multiple LDAP oprtations. Is the delay while waiting for the response to a request or between requests? This is the question which needs to be answered.

Also found that when using SSL, there is sometimes a delay between the initial connection and the Bind, indicating that the SSL handshake is slow. This can occur even when the LDAP operations per second being handled by the server is low, <30/sec.

Linux is super fast! If you’re using NetWare to handle a large number of LDAP operations check out Linux as an option – there is no comparison. Not only does the LX server handle a lot more user load, but backups and other file system activity is hugely faster. Overall it’s the way to go.

Options:

When no switches are supplied statistics are reported – try it with and without switches:

	-x	CSV output
		The CSV column 'New to UnBind' reports total connection time

	-d	Total connection time is greater than this x seconds (0 displays all)

	-b	object RDN (e.g. bsmith or "")

	-n	Consecutive delayed connection responses (default 3)
		i.e. Based on value '-d', when do we see '-n' consecutive responses?

	Options -d -b [-n] should be used together

	*- Legend -*
	Identifies last LDAP operation performed on a connection:
		S = Search   M = Modify  A = Add  D = Delete
		B = Bind     R = ModRDN  X = Abandon

	In Statistics View the symbols only provide some indication of (primary) operation Type verse Response:
	  e.g. 'B' means only a Bind & Unbind occurred on a connection
	  e.g. 'M' means a Modify occurred (many other ops could have preceded it)

	In CSV output the symbols indicate all operations for a specific connection!

Note: An Abandon operation is seen as a result of a failed Bind or when an LDAP operation response times exceeds the maximum time (passed to the operation as a parameter)

Trace Configuration Options:

   * Enable these LDAP Server Screen Options for trace analysis:
	+ Critical Error Message
	+ Non-critical Error Messages
	+ Informational Error Messages
	+ Connection Information
	+ Additional connection and operation information in (hex format)

   * Enable these ndstrace/dstrace filters:
	+time +tags +ldap

Message to customers:

Please leave feedback and an email address if you can’t get this script to work. I’ll get back to you promptly. Ideally I need a copy of the dstrace so I can reproduce the issue, unless it’s simply a cause of command line parameters or sequence.

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Tags:
Categories: Cool Tools, eDirectory, Identity Manager

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

2 Comments

  1. By:ratclma

    Does this work with edirectory on Windows? I assume just need perl installed on Windows server.

  2. By:lbartlett

    Haven’t tried it on windows. The determining factor will be the output, if it’s not text, like that provided by NW and LX, then it won’t work. Saving HTML output as text might work… but I haven’t tried this. Limiting factor would be the file size. To get good stats you need large files, ideally, e.g. 30-60 mins of data… which might be 50-100mb. Activeperl is what I use on Windows.

    Apologies for the late rely… I don’t normally think to check for comments. Will do in future.

Comment