Oracle® Fusion Middleware Man Page Reference for Oracle Directory Server Enterprise Edition 11g Release 1 (11.1.1.7.0) Part Number E28967-01 |
|
|
PDF · Mobi · ePub |
measure rate of authentication to an LDAP directory
Synopsis
install-path/dsrk/bin/authrate [options]
Description
The authrate
command measures the rate at which a given bind DN can authenticate to an LDAP directory. As with all measures of performance, results depend on many factors, including what options you pass to the authrate
command, and also how the directory service itself is tuned.
The command uses LDAP v3, and cannot be used to authenticate to an LDAP v2 directory not supporting LDAP v3.
Options
The authrate
command supports the following options:
-C
messagesDisplay the specified number of results messages before exiting. Results messages appear by default as output on standard out, similar to the following:
Avg r=2584.00/thr (516.80/sec), total= 7752
This shows output for three threads authenticating for five seconds. The average bind rate per thread is 516.80 per thread per second for the interval measured. The total shown for all threads is 7752.
Default is to continue iterating until the command is interrupted.
-D
bindDNUse the specified bind DN to authenticate to the directory.
If the bind DN is not specified, the authrate
command attempts anonymous authentication.
You can use %d
and %s
placeholders in the —D
option in the authrate
command. Refer to Extended Description for more details.
-h
hostnameConnect to the directory on the specified host.
Enclose IPv6 addresses in brackets ([]
) as described in RFC 2732.
Default is to connect to the local host on the loopback address, 127.0.0.1
.
-i
filenameUse the file specified to read bind DNs and passwords at random.
Refer to Random Bind DN Syntax and Random Bind DN Substitution for details.
-j
secondsDisplay results each specified number of seconds.
Default is to display results every 5 seconds.
-k
Keep connections open, measuring only the time required to perform the bind operation.
Default is to measure both the bind and unbind time as part of the authentication sequence.
-m
maxAuthPerform no more than the specified number of binds per thread.
Default is for each thread to continue iterating until the command is interrupted.
-p
portConnect to the directory on the specified port.
Default is to connect to the default simple authentication port for LDAP, 389
.
-q
Run in quiet mode, not displaying results.
Default is to display results every 5 seconds, which you can adjust using the -j
option.
-r
maxRandUse the specified maximum to determine the range for random numbers replacing %d
formatting specifications when authenticating with random bind DNs and passwords.
When you use this option twice, the first occurrence generates random numbers in the range [0,maxRand1–1] for the first %d
, the second [1,maxRand2] for the second %d
.
-S
randSeedUse the specified seed, an unsigned int
, for random number generation.
Default seed is 0
.
-t
threadsUse the specified number of the threads to connect to the server.
Default is to use one thread.
-u
Do not unbind as part of the authentication sequence.
Default is to unbind as part of the authentication sequence.
-v
Display verbose output.
-W
filenameRead the bind password from the specified file.
-w
passwordUse the specified bind password to authenticate to the directory.
-w
–Prompt for the bind password so it does not appear on the command line or in a file.
Extended Description
The authrate
command repeatedly initializes a connection and binds to a directory server, without performing any other operation. Threads may be configured to keep open connections and perform LDAP binds repeatedly. The command-line options let you specify the bind credentials.
The command uses LDAP v3, and cannot be used to authenticate to an LDAP v2 directory not supporting LDAP v3. Furthermore, the authrate
command uses simple authentication, not secure binding.
By default, the authrate
command attempts to bind indefinitely, displaying results periodically, and displaying any errors encountered as well without interrupting operation.
To simulate real use conditions and reduce any artifacts due to the repetitive nature of the tests, the authrate
command provides a mechanism for generating a random bind DN for authentication.
Random Bind DN Syntax
Include randomly generated numbers by specifying %d
and %s
placeholders in the bind DN and the bind password. These placeholders are then replaced according to the following rules:
%d
Replace this placeholder with random integer values depending on the maxRand parameter to the -r
option.
The -r
option may be used at most two times to generate random bind DNs. When used in the bind DN, replacement values for the %d
placeholder range over [0,maxRand1-1] for the first use of the -r
option, and over [1,maxRand2] for the second.
The %d
may be used up to eight times to generate a random password. When used in the bind password, replacement values for the %d
placeholder range over [0,maxRand1-1] for each use of the -r
option.
When the the number of %d
placeholders exceeds the number of -r
options, only one value for each use of the -r
option is generated. Each %d
placeholder is replaced with a generated value.
%s
Replace this placeholder with random strings from the file specified using the -i
option.
Replacement values for this placeholder are randomly selected lines of the file specified.
Random Bind DN Substitution
The authrate
command requires that you apply the following rules for substitutions, displaying an error message when the used incorrectly:
Use only one type of placeholder, either %d
or %s
, per invocation of the authrate
command.
Use %%d
and %%s
to specify literal strings %d
and %s
, respectively.
In order to use this random authentication mechanism, you must populate your directory accordingly. For example, you can measure the authentication rate using the following command:
$ authrate -D "uid=test%d,ou=test,dc=example,dc=com" -w "auth%d%d" -r 100
In order for the authrate
command to bind effectively, your directory must contain entries corresponding to the following LDIF excerpt:
dn: uid=test0,ou=test,dc=example,dc=com userPassword: auth00 dn: uid=test1,ou=test,dc=example,dc=com userPassword: auth11 dn: uid=test2,ou=test,dc=example,dc=com userPassword: auth22 … dn: uid=test10,ou=test,dc=example,dc=com userPassword: auth1010 … dn: uid=test99,ou=test,dc=example,dc=com userPassword: auth9999
Examples
Examples in this section use the following conventions:
The authrate
command is found in a directory present in the PATH
used for the examples.
The directory server is located on a system named host
.
The directory has been configured to support anonymous access for search and read. Therefore, you do not have to specify bind information.
The directory server listens on port 389, the default for non-SSL connections.
authrate
: Sample OutputThe following command performs anonymous binds until it has displayed five results messages. Notice that each line concerns only the elapsed interval.
$ authrate -C 5
Avg r=1952.00/thr (390.40/sec), total= 1952
Avg r=1937.00/thr (387.40/sec), total= 1937
Avg r=1938.00/thr (387.60/sec), total= 1938
Avg r=1921.00/thr (384.20/sec), total= 1921
Avg r=1921.00/thr (384.20/sec), total= 1921
All threads exited
Notice also that a result message provides the following items of information:
The average rate of authentication per thread of execution
The average rate of authentication per second
The total number of authentication operations performed during the interval the results message concerns
authrate
: Two ThreadsThe following command performs anonymous binds until it has displayed five results messages, using three threads to bind. Notice that each line concerns only the elapsed interval.
$ authrate -C 5 -t 3
Avg r= 300.00/thr (180.00/sec), total= 900
Avg r= 300.00/thr (180.00/sec), total= 900
Avg r= 299.67/thr (179.80/sec), total= 899
Avg r= 298.00/thr (178.80/sec), total= 894
Avg r= 299.33/thr (179.60/sec), total= 898
All threads exited
Here the average per thread, approximate 300 binds, is shown for each interval of three seconds. The averages given in parentheses, approximately 180 per second, represent the average bind rate over the interval. The totals shown represent the total number of binds over the interval.
authrate
: Full Authentication RateThe following command applies the mechanism described in Random Bind DN Substitution, performing full authentication (open, bind, unbind, close) with randomly generated bind DNs and passwords.
$ authrate -D "uid=test%d,ou=test,dc=example,dc=com" -w "auth%d%d" -r 100 -C 5
Avg r=1301.00/thr (260.20/sec), total= 1301
Avg r=1307.00/thr (261.40/sec), total= 1307
Avg r=1281.00/thr (256.20/sec), total= 1281
Avg r=1316.00/thr (263.20/sec), total= 1316
Avg r=1313.00/thr (262.60/sec), total= 1313
All threads exited
authrate
: Bind Rate AloneThe following command applies the mechanism described in Random Bind DN Substitution, keeping the connection open and binding repeatedly with randomly generated bind DNs and passwords.
$ authrate -D "uid=test%d,ou=test,dc=example,dc=com" -w "auth%d%d" -r 100 -k -C 5
Avg r=2584.00/thr (516.80/sec), total= 2584
Avg r=2603.00/thr (520.60/sec), total= 2603
Avg r=2592.00/thr (518.40/sec), total= 2592
Avg r=2613.00/thr (522.60/sec), total= 2613
Avg r=2560.00/thr (512.00/sec), total= 2560
All threads exited
Exit Status
The authrate
command returns the following exit status codes.
0
Successful completion.
An error occurred.
Attributes
See attributes
(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
---|---|
Availability |
Zip distribution only |
Stability Level |
Evolving |
See Also