27 Managing Quality of Service Configuration

You can manage the quality of service policies by configuring the orclqosconfig attribute using the LDAP command-line tools.

This chapter includes the following topics:

• Understanding Quality of Service in Oracle Internet Directory

• Configuring QoS to Restrict the Number of User Operations

• Restricting the Number of Connections from one DN

• Restricting the Number of Operations per Minute for a DN

• Restricting the Number of Add Operations for a User

• Restricting All Operations Using allop

• Restricting the Number of Operations on a DSA Config Entry

27.1 Understanding Quality of Service in Oracle Internet Directory

Oracle Internet Directory provides the capability to restrict the number of user connections or operations possible in a given duration of time.

This helps Oracle Internet Directory in maintaining its stability and performance. This is done on per DN basis and must be valid per instance basis.

Oracle Internet Directory provides the following capabilities:

• Restrict the number of connections from one DN

• Restrict the number of operations per minute for a DN

• Restrict the number of operations on a DSA config entry

The configuration for this Quality of Service capability is stored in OID DSA config entry in a new multi-valued attribute orclqosconfig. The orclqosconfig attribute is a configuration attribute in the DSA Configuration Entry: cn=dsaconfig,cn=configsets,cn=oracle internet directory.

orclqosconfig is a multivalued attribute, so multiple attributes and their respective values can be computed dynamically.

27.2 Configuring QoS to Restrict the Number of User Operations

You can configure the orclqosconfig attribute to restrict the number of user connections or operations for a duration of time.

The syntax of orclqosconfig is:

orclqosconfig;ENTRYDN:numofconns:Value,add:Value,del:Value,mod:Value,modrdn:Value,search:Value,compare:Value,allop:Value,duration:Value

where,

• ENTRYDN: Entry DN on which throttling has to be done.

• numofconns,Value: Total number of simultaneous connections allowed for ENTRYDN. The number of connections must be greater than 0 (numofconns >0). It does not accept a negative or zero value.

• add,Value: Total number of add operations allowed per minute.

• del,Value: Total number of delete operations allowed per minute.

• mod,Value: Total number of modify operations allowed per minute.

• modrdn,Value: Total number of modrdn (or moddn) operations allowed per minute. The modrdn parameter includes both moddn and modrdn operations.

• search,Value: Total number of search operations allowed per minute.

• compare,Value: Total number of compare operations allowed per minute.

• allop,Value: A common configuration value for all the above operations. Instead of setting operation for each value, here you can set it once and it will be used for all.

• duration:Value: Time period in seconds to restrict the number of user connections or operations. The default is 60 seconds.

Note:

• All the above parameters are optional and duplicity of entry DN in configuration value is not allowed.

• The valid values must be greater than 0.

27.3 Restricting the Number of Connections from one DN

You can control the number of connections a particular user or users can make from a single DN. This restricts some heavy usage clients, which create/delete tenants and ensures that overall experience with OID remains good for other clients.

To restrict the number of connections from a single DN, run the following command:

$ ldapmodify –h localhost –p port –D cn=orcladmin –q –f ldifFile

and with an LDIF file similar to this:

dn: cn=dsaconfig, cn=configsets, cn=oracle internet directory 
changetype:modify 
replace: orclqosconfig 
orclqosconfig;cn=admin,ou=hr,ou=americas,o=IMC,c=US:numofconns:3,duration:60

27.4 Restricting the Number of Operations per Minute for a DN

You can restrict the number of operations allowed per minute for a given DN.

To restrict the number of operations, run the following command:

$ ldapmodify –h localhost –p port –D cn=orcladmin –q –f ldifFile

and with an LDIF file similar to this:

dn: cn=dsaconfig, cn=configsets, cn=oracle internet directory 
changetype:modify 
replace: orclqosconfig 
orclqosconfig;cn=admin,ou=hr,ou=americas,o=IMC,c=US:del:3,mod:2,duration:60

27.5 Restricting the Number of Add Operations for a User

You can restrict the number of add operations with default duration for a user.

To restrict the number of add operations with default duration, run the following command:

$ ldapmodify –h localhost –p port –D cn=orcladmin –q –f ldifFile

and with an LDIF file similar to this:

dn: cn=dsaconfig, cn=configsets, cn=oracle internet directory 
changetype:modify 
replace: orclqosconfig 
orclqosconfig;cn=admin,ou=hr,ou=americas,o=IMC,c=US:add:5,duration:60

27.6 Restricting All Operations Using allop

You can restrict all operations for a given DN within a minute.

To restrict all operations, run the following command:

$ ldapmodify –h localhost –p port –D cn=orcladmin –q –f ldifFile

and with an LDIF file similar to this:

dn: cn=dsaconfig, cn=configsets, cn=oracle internet directory 
changetype:modify 
replace: orclqosconfig 
orclqosconfig;cn=admin,ou=hr,ou=americas,o=IMC,c=US: allop:2

27.7 Restricting the Number of Operations on a DSA Config Entry

You can restrict the number of modifications on a DSA config entry per minute by configuring the attribute orclqosconfig;dsaConfig:Value. Value denotes the number of modifies allowed per minute on a DSA config entry.

To restrict the number of modifications on a DSA config entry, run the following command:

$ ldapmodify –h localhost –p port –D cn=orcladmin –q –f ldifFile

and with an LDIF file similar to this:

dn: cn=dsaconfig, cn=configsets, cn=oracle internet directory 
changetype:modify 
replace: orclqosconfig 
orclqosconfig;dsaConfig:mod:5,duration:60