How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I check if a backend is online in DS (All versions)?

Last updated Jun 10, 2021

The purpose of this article is to provide information on checking if a backend is online in DS. This can be a useful check as part of your DS monitoring.


Checking if a backend is online (DS 6 and later)

You can perform a ldapsearch against the backend to check it is online. This example performs a check against the exampleOrgBackend backend:

  • DS 7.1 and later: $ ./ldapsearch --hostname localhost --port 1636 --useSsl --usePkcs12TrustStore /path/to/ds/config/keystore --trustStorePassword:file /path/to/ds/config/keystore.pin --bindDN uid=admin --bindPassword password --baseDN "ds-cfg-backend-id=exampleOrgBackend,cn=backends,cn=monitor" --searchScope base "(objectClass=*)"
  • DS 7: $ ./ldapsearch --hostname localhost --port 1636 --useSsl --usePkcs12TrustStore /path/to/ds/config/keystore --trustStorePasswordFile /path/to/ds/config/keystore.pin --bindDN uid=admin --bindPassword password --baseDN "ds-cfg-backend-id=exampleOrgBackend,cn=backends,cn=monitor" --searchScope base "(objectClass=*)"
  • DS 6.x: $ ./ldapsearch --port 1389 --bindDN "cn=Directory Manager" --bindPassword password --baseDN "ds-cfg-backend-id=exampleOrgBackend,cn=backends,cn=monitor" --searchScope base "(objectClass=*)"

Online backend

If the backend is online, you would get a response such as the following:

dn: ds-cfg-backend-id=exampleOrgBackend,cn=backends,cn=monitor ds-mon-backend-is-private: false ds-mon-backend-entry-count: 1511 ds-mon-backend-writability-mode: enabled ds-mon-backend-degraded-index-count: 0 ds-mon-backend-ttl-is-running: false ds-mon-backend-ttl-last-run-time: 20190131162956.795Z ds-mon-backend-ttl-thread-count: 0 ds-mon-backend-ttl-queue-size: 0 ds-mon-backend-ttl-entries-deleted: {"count":0,"total":0.000,"mean_rate":0.000,"m1_rate":0.000,"m5_rate":0.000,"m15_rate":0.000} ds-mon-backend-filter-use-start-time: 19700101000000Z ds-mon-backend-filter-use-indexed: 0 ds-mon-backend-filter-use-unindexed: 0 ds-mon-db-version: 7.5.11 ds-mon-db-cache-evict-internal-nodes-count: 0 ds-mon-db-cache-evict-leaf-nodes-count: 0 ds-mon-db-cache-total-tries-internal-nodes: 1709 ds-mon-db-cache-total-tries-leaf-nodes: 1382 ds-mon-db-cache-misses-internal-nodes: 31 ds-mon-db-cache-misses-leaf-nodes: 438 ds-mon-db-cache-size-active: 5042101 ds-mon-db-log-size-active: 7550013 ds-mon-db-log-cleaner-file-deletion-count: 0 ds-mon-db-log-utilization-min: 34 ds-mon-db-log-utilization-max: 34 ds-mon-db-log-size-total: 7550013 ds-mon-db-log-files-open: 1 ds-mon-db-log-files-opened: 3 ds-mon-db-checkpoint-count: 0 objectClass: top objectClass: ds-monitor objectClass: ds-monitor-backend objectClass: ds-monitor-backend-pluggable objectClass: ds-monitor-backend-db ds-cfg-backend-id: exampleOrgBackend

Offline backend

If the backend is offline, you would get a response such as the following:

# The LDAP search request failed: 32 (No Such Entry) # Additional Information: Entry ds-cfg-backend-id=exampleOrgBackend,cn=backends,cn=monitor does not exist in the "monitor" backend # Matched DN: cn=backends,cn=monitor

Checking if a backend is online (DS 5.x)

You can perform a ldapsearch against the backend to check it is online. This example performs a check against the userRoot backend:

$ ./ldapsearch --port 1389 --bindDN "cn=Directory Manager" --bindPassword password --baseDN "cn=userRoot Backend,cn=monitor" --searchScope sub "(objectClass=*)"

Online backend

If the backend is online, you would get a response such as the following:

dn: cn=userRoot Backend,cn=monitor objectClass: top objectClass: ds-monitor-entry objectClass: ds-backend-monitor-entry ds-backend-is-private: FALSE ds-backend-writability-mode: enabled cn: userRoot Backend ds-backend-entry-count: 200002 ds-base-dn-entry-count: 200002 dc=forgerock,dc=com ds-backend-id: userRoot ds-backend-base-dn: dc=forgerock,dc=com

Offline backend

If the backend is offline, you would get a response such as the following:

SEARCH operation failed Result Code: 32 (No Such Entry) Additional Information: Entry cn=userRoot Backend,cn=monitor does not exist in the memory-based backend Matched DN: cn=monitor

You would also see a corresponding error in the DS log, for example:

[24/Mar/2015:14:41:59 -0600] category=CONFIG severity=SEVERE_ERROR msgID=3407988 msg=An error occurred while trying to initialize a backend loaded from class org.opends.server.backends.jeb.BackendImpl with the information in configuration entry ds-cfg-backend-id=userRoot,cn=Backends,cn=config: The database environment could not be opened: (JE 5.0.73) Environment must be closed, caused by: com.sleepycat.je.EnvironmentFailureException: Environment invalid because of previous exception: (JE 5.0.73) /Users/jdoe/Software/db/userRoot com.sleepycat.je.log.ChecksumException: Incomplete log entry header, size=0 lsn=0x10/0x67b292 LOG_CHECKSUM: Checksum invalid on read, log is likely invalid. Environment is invalid and must be closed. fetchTarget of 0x10/0x67b292 parent IN=3 IN class=com.sleepycat.je.tree.BIN lastFullVersion=0x1a/0x9136a5 lastLoggedVersion=0x1f/0xc74a1 parent.getDirty()=false state=0 (BackendImpl.java:1754 BackendImpl.java:319 BackendConfigManager.java:1298 BackendConfigManager.java:279 DirectoryServer.java:2210 DirectoryServer.java:1397 DirectoryServer.java:9651). This backend will be disabled

See Also

How do I perform a heartbeat check against DS (All versions)?

FAQ: Monitoring DS

How do I use cn=monitor entry in DS 5.x and 6.x for monitoring?

LDAP-Based Monitoring

Related Training

ForgeRock Directory Services Core Concepts (DS-400)

Related Issue Tracker IDs

N/A


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.