---

authrate

measure rate of authentication to an LDAP directory

Synopsis

install-path/dsrk/bin/authrate 
 [options]

Description

The authrate command measures the rate at which a given bind DN can authenticate to an LDAP directory. As with all measures of performance, results depend on many factors, including what options you pass to the authrate command, and also how the directory service itself is tuned.

The command uses LDAP v3, and cannot be used to authenticate to an LDAP v2 directory not supporting LDAP v3.

Options

The authrate command supports the following options:

-C messages

Display the specified number of results messages before exiting. Results messages appear by default as output on standard out, similar to the following:

Avg r=2584.00/thr (516.80/sec), total=  7752

This shows output for three threads authenticating for five seconds. The average bind rate per thread is 516.80 per thread per second for the interval measured. The total shown for all threads is 7752.

Default is to continue iterating until the command is interrupted.

-D bindDN

Use the specified bind DN to authenticate to the directory.

If the bind DN is not specified, the authrate command attempts anonymous authentication.

You can use %d and %s placeholders in the —D option in the authrate command. Refer to Extended Description for more details.

-h hostname

Connect to the directory on the specified host.

Enclose IPv6 addresses in brackets ([]) as described in RFC 2732.

Default is to connect to the local host on the loopback address, 127.0.0.1.

-i filename

Use the file specified to read bind DNs and passwords at random.

Refer to Random Bind DN Syntax and Random Bind DN Substitution for details.

-j seconds

Display results each specified number of seconds.

Default is to display results every 5 seconds.

-k

Keep connections open, measuring only the time required to perform the bind operation.

Default is to measure both the bind and unbind time as part of the authentication sequence.

-m maxAuth

Perform no more than the specified number of binds per thread.

Default is for each thread to continue iterating until the command is interrupted.

-p port

Connect to the directory on the specified port.

Default is to connect to the default simple authentication port for LDAP, 389.

-q

Run in quiet mode, not displaying results.

Default is to display results every 5 seconds, which you can adjust using the -j option.

-r maxRand

Use the specified maximum to determine the range for random numbers replacing %d formatting specifications when authenticating with random bind DNs and passwords.

When you use this option twice, the first occurrence generates random numbers in the range [0,maxRand1–1] for the first %d, the second [1,maxRand2] for the second %d.

-S randSeed

Use the specified seed, an unsigned int, for random number generation.

Default seed is 0.

-t threads

Use the specified number of the threads to connect to the server.

Default is to use one thread.

-u

Do not unbind as part of the authentication sequence.

Default is to unbind as part of the authentication sequence.

-v

Display verbose output.

-W filename

Read the bind password from the specified file.

-w password

Use the specified bind password to authenticate to the directory.

-w –

Prompt for the bind password so it does not appear on the command line or in a file.

Extended Description

The authrate command repeatedly initializes a connection and binds to a directory server, without performing any other operation. Threads may be configured to keep open connections and perform LDAP binds repeatedly. The command-line options let you specify the bind credentials.

The command uses LDAP v3, and cannot be used to authenticate to an LDAP v2 directory not supporting LDAP v3. Furthermore, the authrate command uses simple authentication, not secure binding.

By default, the authrate command attempts to bind indefinitely, displaying results periodically, and displaying any errors encountered as well without interrupting operation.

To simulate real use conditions and reduce any artifacts due to the repetitive nature of the tests, the authrate command provides a mechanism for generating a random bind DN for authentication.

Random Bind DN Syntax

Include randomly generated numbers by specifying %d and %s placeholders in the bind DN and the bind password. These placeholders are then replaced according to the following rules:

%d

Replace this placeholder with random integer values depending on the maxRand parameter to the -r option.

The -r option may be used at most two times to generate random bind DNs. When used in the bind DN, replacement values for the %d placeholder range over [0,maxRand1-1] for the first use of the -r option, and over [1,maxRand2] for the second.

The %d may be used up to eight times to generate a random password. When used in the bind password, replacement values for the %d placeholder range over [0,maxRand1-1] for each use of the -r option.

When the the number of %d placeholders exceeds the number of -r options, only one value for each use of the -r option is generated. Each %d placeholder is replaced with a generated value.

%s

Replace this placeholder with random strings from the file specified using the -i option.

Replacement values for this placeholder are randomly selected lines of the file specified.

Random Bind DN Substitution

The authrate command requires that you apply the following rules for substitutions, displaying an error message when the used incorrectly:

• Use only one type of placeholder, either %d or %s, per invocation of the authrate command.

• Use %%d and %%s to specify literal strings %d and %s, respectively.

In order to use this random authentication mechanism, you must populate your directory accordingly. For example, you can measure the authentication rate using the following command:

$ authrate -D "uid=test%d,ou=test,dc=example,dc=com" -w "auth%d%d" -r 100

In order for the authrate command to bind effectively, your directory must contain entries corresponding to the following LDIF excerpt:

dn: uid=test0,ou=test,dc=example,dc=com
userPassword: auth00

dn: uid=test1,ou=test,dc=example,dc=com
userPassword: auth11

dn: uid=test2,ou=test,dc=example,dc=com
userPassword: auth22
…

dn: uid=test10,ou=test,dc=example,dc=com
userPassword: auth1010
…

dn: uid=test99,ou=test,dc=example,dc=com
userPassword: auth9999

Examples

Examples in this section use the following conventions:

• The authrate command is found in a directory present in the PATH used for the examples.

• The directory server is located on a system named host.

• The directory has been configured to support anonymous access for search and read. Therefore, you do not have to specify bind information.

• The directory server listens on port 389, the default for non-SSL connections.

Example 1   authrate: Sample Output

The following command performs anonymous binds until it has displayed five results messages. Notice that each line concerns only the elapsed interval.

$ authrate -C 5
Avg r=1952.00/thr (390.40/sec), total=  1952
Avg r=1937.00/thr (387.40/sec), total=  1937
Avg r=1938.00/thr (387.60/sec), total=  1938
Avg r=1921.00/thr (384.20/sec), total=  1921
Avg r=1921.00/thr (384.20/sec), total=  1921
All threads exited

Notice also that a result message provides the following items of information:

• The average rate of authentication per thread of execution

• The average rate of authentication per second

• The total number of authentication operations performed during the interval the results message concerns

Example 2   authrate: Two Threads

The following command performs anonymous binds until it has displayed five results messages, using three threads to bind. Notice that each line concerns only the elapsed interval.

$ authrate -C 5 -t 3
Avg r= 300.00/thr (180.00/sec), total=   900
Avg r= 300.00/thr (180.00/sec), total=   900
Avg r= 299.67/thr (179.80/sec), total=   899
Avg r= 298.00/thr (178.80/sec), total=   894
Avg r= 299.33/thr (179.60/sec), total=   898
All threads exited

Here the average per thread, approximate 300 binds, is shown for each interval of three seconds. The averages given in parentheses, approximately 180 per second, represent the average bind rate over the interval. The totals shown represent the total number of binds over the interval.

Example 3   authrate: Full Authentication Rate

The following command applies the mechanism described in Random Bind DN Substitution, performing full authentication (open, bind, unbind, close) with randomly generated bind DNs and passwords.

$ authrate -D "uid=test%d,ou=test,dc=example,dc=com" -w "auth%d%d" -r 100 -C 5
Avg r=1301.00/thr (260.20/sec), total=  1301
Avg r=1307.00/thr (261.40/sec), total=  1307
Avg r=1281.00/thr (256.20/sec), total=  1281
Avg r=1316.00/thr (263.20/sec), total=  1316
Avg r=1313.00/thr (262.60/sec), total=  1313
All threads exited

Example 4   authrate: Bind Rate Alone

The following command applies the mechanism described in Random Bind DN Substitution, keeping the connection open and binding repeatedly with randomly generated bind DNs and passwords.

$ authrate -D "uid=test%d,ou=test,dc=example,dc=com" -w "auth%d%d" -r 100 -k -C 5
Avg r=2584.00/thr (516.80/sec), total=  2584
Avg r=2603.00/thr (520.60/sec), total=  2603
Avg r=2592.00/thr (518.40/sec), total=  2592
Avg r=2613.00/thr (522.60/sec), total=  2613
Avg r=2560.00/thr (512.00/sec), total=  2560
All threads exited

Exit Status

The authrate command returns the following exit status codes.

0

Successful completion.

non-zero

An error occurred.

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	Zip distribution only
Stability Level	Evolving

See Also

makeldif(1), modrate(1), searchrate(1)