To Limit LDAP Operations Rates
Directory Proxy Server lets you set a threshold for the maximum number of LDAP operations allowed in a given time period. You set the operations rate limit per connection handler using a resource limits policy. The settings effectively allow you to limit the LDAP operation rate for an LDAP client application. For example you can use this capability to ensure that one LDAP client application can perform a maximum of 2500 LDAP operations per second, whereas another LDAP client operation is limited to a maximum of 1200 operations per second.
First set up a connection handler to describe connections from the client application whose LDAP operation rate you want to limit. Then create a resource limits policy for the connection handler. Finally follow the steps here to limit the operation rate using the resource limits policy on the connection handler.
-
Enable the operations rate limit counters.
$ dpconf set-resource-limits-policy-prop -h host -p port policy-name \ max-op-count-per-interval:2500 $ dpconf set-resource-limits-policy-prop -h host -p port policy-name \ op-count-per-interval-timeout:1s
-
When an LDAP client exceeds the operation rate limit you set, Directory Proxy Server can raise an alert provided you set up Directory Proxy Server as described in the Configuring Administrative Alerts for Directory Proxy Server section.
To add an alert about operation rate limits being reached, run this command:
$ dpconf set-server-prop -h host -p port\ enabled-admin-alerts+:error-resource-limit-exceeded
Directory Proxy Server raises an alert when the operations rate limit is exceeded. Directory Proxy Server also writes a message in the access log each time an operation is refused because the application exceeds its limit.
- © 2010, Oracle Corporation and/or its affiliates