27 Managing Quality of Service Configuration
You can manage the quality of service policies by configuring the orclqosconfig
attribute using the LDAP command-line tools.
This chapter includes the following topics:
27.1 Understanding Quality of Service in Oracle Internet Directory
Oracle Internet Directory provides the capability to restrict the number of user connections or operations possible in a given duration of time.
This helps Oracle Internet Directory in maintaining its stability and performance. This is done on per DN basis and must be valid per instance basis.
Oracle Internet Directory provides the following capabilities:
-
Restrict the number of connections from one DN
-
Restrict the number of operations per minute for a DN
-
Restrict the number of operations on a DSA config entry
The configuration for this Quality of Service capability is stored in OID DSA config entry in a new multi-valued attribute orclqosconfig.
The orclqosconfig
attribute is a configuration attribute in the DSA Configuration Entry: cn=dsaconfig,cn=configsets,cn=oracle internet directory.
orclqosconfig
is a multivalued attribute, so multiple attributes and their respective values can be computed dynamically.
27.2 Configuring QoS to Restrict the Number of User Operations
You can configure the orclqosconfig
attribute to restrict the number of user connections or operations for a duration of time.
The syntax of orclqosconfig
is:
orclqosconfig;ENTRYDN:numofconns:Value,add:Value,del:Value,mod:Value,modrdn:Value,search:Value,compare:Value,allop:Value,duration:Value
where,
-
ENTRYDN:
Entry DN on which throttling has to be done. -
numofconns,Value:
Total number of simultaneous connections allowed for ENTRYDN. The number of connections must be greater than 0 (numofconns
>0). It does not accept a negative or zero value. -
add,Value:
Total number of add operations allowed per minute. -
del,Value:
Total number of delete operations allowed per minute. -
mod,Value:
Total number of modify operations allowed per minute. -
modrdn,Value:
Total number ofmodrdn
(ormoddn
) operations allowed per minute. Themodrdn
parameter includes bothmoddn
andmodrdn
operations. -
search,Value:
Total number of search operations allowed per minute. -
compare,Value:
Total number of compare operations allowed per minute. -
allop,Value:
A common configuration value for all the above operations. Instead of setting operation for each value, here you can set it once and it will be used for all. -
duration:Value:
Time period in seconds to restrict the number of user connections or operations. The default is 60 seconds.
Note:
-
All the above parameters are optional and duplicity of entry DN in configuration value is not allowed.
-
The valid values must be greater than 0.
27.3 Restricting the Number of Connections from one DN
You can control the number of connections a particular user or users can make from a single DN. This restricts some heavy usage clients, which create/delete tenants and ensures that overall experience with OID remains good for other clients.
To restrict the number of connections from a single DN, run the following command:
$ ldapmodify –h localhost –p port –D cn=orcladmin –q –f ldifFile
and with an LDIF file similar to this:
dn: cn=dsaconfig, cn=configsets, cn=oracle internet directory changetype:modify replace: orclqosconfig orclqosconfig;cn=admin,ou=hr,ou=americas,o=IMC,c=US:numofconns:3,duration:60
27.4 Restricting the Number of Operations per Minute for a DN
You can restrict the number of operations allowed per minute for a given DN.
To restrict the number of operations, run the following command:
$ ldapmodify –h localhost –p port –D cn=orcladmin –q –f ldifFile
and with an LDIF file similar to this:
dn: cn=dsaconfig, cn=configsets, cn=oracle internet directory changetype:modify replace: orclqosconfig orclqosconfig;cn=admin,ou=hr,ou=americas,o=IMC,c=US:del:3,mod:2,duration:60
27.5 Restricting the Number of Add Operations for a User
You can restrict the number of add operations with default duration for a user.
To restrict the number of add operations with default duration, run the following command:
$ ldapmodify –h localhost –p port –D cn=orcladmin –q –f ldifFile
and with an LDIF file similar to this:
dn: cn=dsaconfig, cn=configsets, cn=oracle internet directory changetype:modify replace: orclqosconfig orclqosconfig;cn=admin,ou=hr,ou=americas,o=IMC,c=US:add:5,duration:60
27.6 Restricting All Operations Using allop
You can restrict all operations for a given DN within a minute.
To restrict all operations, run the following command:
$ ldapmodify –h localhost –p port –D cn=orcladmin –q –f ldifFile
and with an LDIF file similar to this:
dn: cn=dsaconfig, cn=configsets, cn=oracle internet directory changetype:modify replace: orclqosconfig orclqosconfig;cn=admin,ou=hr,ou=americas,o=IMC,c=US: allop:2
27.7 Restricting the Number of Operations on a DSA Config Entry
You can restrict the number of modifications on a DSA config entry per minute by configuring the attribute orclqosconfig;dsaConfig:Value.
Value
denotes the number of modifies allowed per minute on a DSA config entry.
To restrict the number of modifications on a DSA config entry, run the following command:
$ ldapmodify –h localhost –p port –D cn=orcladmin –q –f ldifFile
and with an LDIF file similar to this:
dn: cn=dsaconfig, cn=configsets, cn=oracle internet directory changetype:modify replace: orclqosconfig orclqosconfig;dsaConfig:mod:5,duration:60