Environment
Novell Directory Services
Situation
Fine tuning the LDAP server running on NetWare.
Resolution
This document describes the syntax of these commands and explains what they do.
Conventions used in this document:
All commands are case insensitive, but are shown in uppercase letters to help them stand out from the rest of the text. All displayed information will be on the logger screen.
Items in square brackets, [ and ], are optional.
Commands that are listed in the help are shown with an asterisk ('*') below. Not all available commands are shown in the help info.
* LDAP HELP
Displays a help message describing the syntax of the LDAP REFRESH command.
* LDAP DISPLAY CONFIG
Displays the current settings for all LDAP parameters configurable via the NetWare console.
* LDAP DISPLAY ACTIVITY
Displays the current values for Connections, Monitors, Busy Workers, and Idle Workers
* LDAP DSTRACE
Displays the current LDAP DSTrace subflags. The default values are:
-Config -Conn +Crit -Decode +Error -Exten -Info -Oper
* LDAP DSTRACE [=] [[+|-] [ALL|CONFIG|CONN|CRIT|DECODE|ERROR|EXTEN|INFO|OPER]]
Allows setting or clearing any or all of the LDAP DSTrace subflags.
* LDAP REFRESH
Prints out the time and interval of the next scheduled refresh.
* LDAP REFRESH NOW
Causes the LDAP server to reread configuration information at the earliest opportunity. The current periodic set interval is unaffected.
* LDAP REFRESH [=]<date><time> <interval>
Date format is mm:dd:yyyy (if zeros are entered for all date fields, then the current date will be used)
Time format is hh:mm:ss (if zeros are entered for all time fields, then the current time will be used)
Interval format is 0 or in minutes between 1 and 2147483647. If zero is entered then the default of 30 minutes is used.
LDAP MAXIMUM THREADS [[=]<value>]
When no value is given, this command reports the maximum number of server threads that can be in use by the LDAP server.
When a value is given, the maximum number of threads that can be in use by the LDAP server is set to <value>. Valid values for <value> are 0 and between 5 and 2147483647. If 0 is given for <value>, the maximum number of threads is reset to the default of 1024.
In practice, the maximum number of LDAP threads should be kept somewhat below the maximum number of server threads to ensure that other NetWare processes will be able to spawn the threads they need. The maximum number of server threads can be adjusted using the "SET MAXIMUM SERVICE PROCESSES" command at the NetWare console. As of this writing (NetWare 6.5 sp8), the default maximum number of server threads is 750 and the absolute maximum number of server threads is 5000. Note that the default values do not give the optimal configuration.
LDAP MAXIMUM WORKERS [[=]<value>]
When no value is given, this command reports the number of LDAP worker threads (LDAP threads actually processing LDAP requests) that a single LDAP monitor thread can monitor for I/O via the select() call.
When a value is given, this parameter is set to <value>. Valid values for <value> are between 0 and the MAXIMUM THREADS value. If 0 is given for <value>, the ratio is set to the default of MAXIMUM THREADS value.
LDAP DEBUG STATS [=] [ON|OFF]
Enables or disables the collection and display of selected LDAP server statistics on the NetWare logger screen in real time. This display is refreshed every 10 seconds. NOTE: This debug info is also available in a more readable format in the NWMON tools LDAP display screen
1:4:0 L:0:0:0 M:0:0:0:0:0 H:0:0 B:0:0 S:0:0 U:0:0
The first 3 statistics are explained as follows:
# of work structures in pool
A monitor reads a client request, fills out a
work struct, and assigns the work struct to an available worker
thread.
The worker reads the data and returns the struct to the pool before
performing the operation.
If an idle worker is not available, Monitor starts another worker
thread, or if maxed out, simply queues the work struct in a FIFO
queue which is serviced by the next returning worker thread.
The work structs are kept in a pool, and this value shows the
current number of allocated work structs.
If the server is running smoothly, this number might only need to
be 3 or 4 to handle hundreds of very busy clients doing thousands
of requests.
If all worker threads are blocked on reads or writes, then this
number might grow to a very large size, but eventually shrink back
down to a sustainable size.
# of threads in pool
The NW loader provides the initial thread to run
the Listener. All other NLDAP threads come from the NLDAP thread
pool.
This number shows the current number of created threads (Connection
Thread, Background Thread, Monitor Threads, Busy/Idle Worker
Threads, Stats Thread) in the thread pool.
# of busy worker threads
The current count of worker threads that are
performing LDAP operations.
This is the same as the number of LDAP Busy Worker
threads.
The server statistics are shown in six groups of colon-separated
numbers each preceded by an uppercase letter in the following
format:
L:a:b:c M:a:b:c:d:e H:a:b B:a:b
S:a:b U:a:b
The "L" (Listener) group:
a) number of connections (useful)
b) number of times an error has occurred in the listener. This
could be for memory alloc failures, ds connection issues, ldap
thread pool limits, practically anything. (useful in that it means
the trace log should be examined)
c) number of times monitor thread has been woken up by the
connector (not useful)
The "M" (Monitor) group:
a) current number of monitors (not very useful)
b) number of times a monitor error has occurred, this could be for
anything really, low memory, memory alloc issues, mutex init
failures, thread /work scheduling failures, socket failures, tls
failures etc (useful in that it indicates that the trace log needs
to be examined)
c) incremented on tls stop/start/new operation scheduled (not very
useful)
d) incremented when when handshake socket returned to normal usage
(not useful)
e) incremented when socket is blocked and the monitor signals it to
do stuff (not useful)
The "H" (TLS Handshake group - TLS START):
a) incremented when a TLS handshake starts
b) displays number of TLS handshakes that have started but not
completed. Calculated by "H:a" - "H:internal counter that is
incremented once a TLS handshake has completed"
The "B" (LDAP Bind operation group):
a) incremented when a bind op starts
b) displays number of binds that have started but not completed.
Calculated by "B:a" - "B:internal counter that is incremented once
a bind op has completed"
The "S" (LDAP Search operation group):
a) incremented when a search op starts
b) displays number of searches that have started but not completed.
Calculated by "S:a" - "S:internal counter that is incremented once
a search op has completed"
The "U" (LDAP Unbind operation group):
a) incremented when an unbind op starts
b) displays number of unbinds that have started but not completed.
Calculated by "U:a" - "U:internal counter that is incremented once
a connection has been finalized (unbind)"
LDAP DEBUG STATS [=]
RESET
Resets the values of all statistics counters to zero.
LDAP DEBUG STATS TRACE [=] SOME
Begins logging the same stats information as
above on the DSTrace screen at 1 second intervals. Primarily
for developers.
LDAP DEBUG STATS TRACE [=] ALL
Begins logging extended debug information at 1 second intervals on the DSTrace screen. Only useful for developers.
LDAP DEBUG STATS TRACE [=] OFFTurns off the stats tracking thread started with the SOME or ALL commands.