Measure Performance
DS directory servers offer high throughput and low response times for most operations. DS software includes the following command-line tools for measuring performance of common LDAP operations:
addrate measures LDAP adds and deletes
authrate measures LDAP binds
modrate measures LDAP modifications
searchrate measures LDAP searches
Note
Before trying the examples in this chapter, work through the previous chapters. You should have two directory server replicas running on your local computer, as described in Learn Replication:
Modifications
Measure the LDAP modification rate:
# Run modrate for 10 seconds against the first server:
modrate \
--maxDuration 10 \
--hostname localhost \
--port 1636 \
--useSsl \
--usePkcs12TrustStore /path/to/opendj/config/keystore \
--trustStorePasswordFile /path/to/opendj/config/keystore.pin \
--bindDn uid=bjensen,ou=People,dc=example,dc=com \
--bindPassword hifalutin \
--noRebind \
--numConnections 4 \
--numConcurrentRequests 4 \
--targetDn "uid=user.{1},ou=people,dc=example,dc=com" \
--argument "rand(0,100000)" \
--argument "randstr(16)" \
"description:{2}"
# Read number of modify requests on the LDAPS port:
ldapsearch \
--hostname localhost \
--port 1636 \
--useSsl \
--usePkcs12TrustStore /path/to/opendj/config/keystore \
--trustStorePasswordFile /path/to/opendj/config/keystore.pin \
--bindDN uid=monitor \
--bindPassword password \
--baseDN "cn=LDAPS,cn=connection handlers,cn=monitor" \
"(&)" \
ds-mon-requests-modify# Run modrate for 10 seconds against the first server, and observe the performance numbers:
modrate `
--maxDuration 10 `
--hostname localhost `
--port 1636 `
--useSsl `
--usePkcs12TrustStore C:\path\to\opendj\config\keystore `
--trustStorePasswordFile C:\path\to\opendj\config\keystore.pin `
--bindDn uid=bjensen,ou=People,dc=example,dc=com `
--bindPassword password `
--noRebind `
--numConnections 4 `
--numConcurrentRequests 4 `
--targetDn "uid=user.{1},ou=people,dc=example,dc=com" `
--argument "rand(0,100000)" `
--argument "randstr(16)" `
"description:{2}"
# Read number of modify requests on the LDAPS port:
ldapsearch `
--hostname localhost `
--port 1636 `
--useSsl `
--usePkcs12TrustStore C:\path\to\opendj\config\keystore `
--trustStorePasswordFile C:\path\to\opendj\config\keystore.pin `
--bindDN uid=monitor `
--bindPassword password `
--baseDN "cn=LDAPS,cn=connection handlers,cn=monitor" `
"(objectclass=*)" `
ds-mon-requests-modify# Run modrate for 10 seconds against the first server:
modrate \
--maxDuration 10 \
--hostname localhost \
--port 1636 \
--useSsl \
--usePkcs12TrustStore /path/to/opendj/config/keystore \
--trustStorePasswordFile /path/to/opendj/config/keystore.pin \
--bindDn uid=bjensen,ou=People,dc=example,dc=com \
--bindPassword hifalutin \
--noRebind \
--numConnections 4 \
--numConcurrentRequests 4 \
--targetDn "uid=user.{1},ou=people,dc=example,dc=com" \
--argument "rand(0,100000)" \
--argument "randstr(16)" \
"description:{2}"
# Read number of modify requests on the LDAPS port:
ldapsearch \
--hostname localhost \
--port 1636 \
--useSsl \
--usePkcs12TrustStore /path/to/opendj/config/keystore \
--trustStorePasswordFile /path/to/opendj/config/keystore.pin \
--bindDN uid=monitor \
--bindPassword password \
--baseDN "cn=LDAPS,cn=connection handlers,cn=monitor" \
"(&)" \
ds-mon-requests-modify When reading the modrate command output, notice that it shows statistics for throughput (operations/second), response times (milliseconds), and errors/second. If you expect all operations to succeed and yet err/sec is not 0.0, the command options are no doubt incorrectly set. For an explanation of the command output, see "Examples".
Notice that the monitoring attributes hold similar, alternative statistics.
Searches
Measure the LDAP search rate:
# Run searchrate for 10 seconds against the first server:
searchrate \
--maxDuration 10 \
--hostname localhost \
--port 1636 \
--useSsl \
--usePkcs12TrustStore /path/to/opendj/config/keystore \
--trustStorePasswordFile /path/to/opendj/config/keystore.pin \
--bindDn uid=bjensen,ou=People,dc=example,dc=com \
--bindPassword hifalutin \
--noRebind \
--numConnections 4 \
--numConcurrentRequests 4 \
--baseDn "dc=example,dc=com" \
--argument "rand(0,100000)" \
"(uid=user.{})"
# Read number of subtree search requests on the LDAPS port:
ldapsearch \
--hostname localhost \
--port 1636 \
--useSsl \
--usePkcs12TrustStore /path/to/opendj/config/keystore \
--trustStorePasswordFile /path/to/opendj/config/keystore.pin \
--bindDN uid=monitor \
--bindPassword password \
--baseDN "cn=LDAPS,cn=connection handlers,cn=monitor" \
"(&)" \
ds-mon-requests-search-sub# Run searchrate for 10 seconds against the first server:
searchrate `
--maxDuration 10 `
--hostname localhost `
--port 1636 `
--useSsl `
--usePkcs12TrustStore C:\path\to\opendj\config\keystore `
--trustStorePasswordFile C:\path\to\opendj\config\keystore.pin `
--bindDn uid=bjensen,ou=People,dc=example,dc=com `
--bindPassword password `
--noRebind `
--numConnections 4 `
--numConcurrentRequests 4 `
--baseDn "dc=example,dc=com" `
--argument "rand(0,100000)" `
"(uid=user.{})"
# Read number of subtree search requests on the LDAPS port:
ldapsearch `
--hostname localhost `
--port 1636 `
--useSsl `
--usePkcs12TrustStore C:\path\to\opendj\config\keystore `
--trustStorePasswordFile C:\path\to\opendj\config\keystore.pin `
--bindDN uid=monitor `
--bindPassword password `
--baseDN "cn=LDAPS,cn=connection handlers,cn=monitor" `
"(objectclass=*)" `
ds-mon-requests-search-sub# Run searchrate for 10 seconds against the first server:
searchrate \
--maxDuration 10 \
--hostname localhost \
--port 1636 \
--useSsl \
--usePkcs12TrustStore /path/to/opendj/config/keystore \
--trustStorePasswordFile /path/to/opendj/config/keystore.pin \
--bindDn uid=bjensen,ou=People,dc=example,dc=com \
--bindPassword hifalutin \
--noRebind \
--numConnections 4 \
--numConcurrentRequests 4 \
--baseDn "dc=example,dc=com" \
--argument "rand(0,100000)" \
"(uid=user.{})"
# Read number of subtree search requests on the LDAPS port:
ldapsearch \
--hostname localhost \
--port 1636 \
--useSsl \
--usePkcs12TrustStore /path/to/opendj/config/keystore \
--trustStorePasswordFile /path/to/opendj/config/keystore.pin \
--bindDN uid=monitor \
--bindPassword password \
--baseDN "cn=LDAPS,cn=connection handlers,cn=monitor" \
"(&)" \
ds-mon-requests-search-subNotice that searchrate command output resembles that of the modrate command. The searchrate output also indicates how many entries each search returned. For an explanation of the command output, see "Examples".
Check Replication
After running the performance tools, check that both replicas are up to date. The following example uses monitoring metrics to check that replication delay is zero on each replica:
$ldapsearch \ --hostname localhost \ --port 1636 \ --useSsl \ --usePkcs12TrustStore /path/to/opendj/config/keystore \ --trustStorePasswordFile /path/to/opendj/config/keystore.pin \ --bindDN uid=monitor \ --bindPassword password \ --baseDN cn=monitor \ "(ds-mon-current-delay=*)" \ ds-mon-current-delaydn: ds-mon-domain-name=dc=example\,dc=com,cn=replicas,cn=replication,cn=monitor ds-mon-current-delay: 0 dn: ds-mon-server-id=second-ds,cn=remote replicas,ds-mon-domain-name=dc=example\,dc=com,cn=replicas,cn=replication,cn=monitor ds-mon-current-delay: 0
PS C:\path\to>ldapsearch ` --hostname localhost ` --port 1636 ` --useSsl ` --usePkcs12TrustStore C:\path\to\opendj\config\keystore ` --trustStorePasswordFile C:\path\to\opendj\config\keystore.pin ` --bindDN uid=monitor ` --bindPassword password ` --baseDN cn=monitor ` "(ds-mon-current-delay=*)" ` ds-mon-current-delaydn: ds-mon-domain-name=dc=example\,dc=com,cn=replicas,cn=replication,cn=monitor ds-mon-current-delay: 0 dn: ds-mon-server-id=second-ds,cn=remote replicas,ds-mon-domain-name=dc=example\,dc=com,cn=replicas,cn=replication,cn=monitor ds-mon-current-delay: 0
%ldapsearch \ --hostname localhost \ --port 1636 \ --useSsl \ --usePkcs12TrustStore /path/to/opendj/config/keystore \ --trustStorePasswordFile /path/to/opendj/config/keystore.pin \ --bindDN uid=monitor \ --bindPassword password \ --baseDN cn=monitor \ "(ds-mon-current-delay=*)" \ ds-mon-current-delaydn: ds-mon-domain-name=dc=example\,dc=com,cn=replicas,cn=replication,cn=monitor ds-mon-current-delay: 0 dn: ds-mon-server-id=second-ds,cn=remote replicas,ds-mon-domain-name=dc=example\,dc=com,cn=replicas,cn=replication,cn=monitor ds-mon-current-delay: 0