Configuring Synthetic Test Profiles : Working with Synthetic LDAP test profiles
  
Working with Synthetic LDAP test profiles
The Lightweight Directory Access Protocol (LDAP) is a protocol for querying and modifying items in a directory service provider like Active Directory.
A basic “LDAP Test” returns true or false to indicate the availability of a directory service.
An advanced “LDAP Test” tests for specific values in a directory service’s database.
This section includes the following topics:
“Preparing for an LDAP test"
“Using the wizard for an LDAP test"
Preparing for an LDAP test
For a basic Synthetic LDAP test, ascertain the following before using the wizard:
The Port number is the IP port at which the directory service listens; default 389 when the directory service is Active Directory.
For a basic test, the Username and Password are of any user with credentials in the directory service. For an advanced test, the Username and Password are of any user with authority to submit the advanced parameters below.
The URI of a directory service provider is like DirSvcOne.myCompany.com. Your company is likely to have several redundant servers, so find the full list of URIs like DirSvcOne.myCompany.com, DirSvcTwo.myCompany.com, and DirSvcThree.myCompany.com.
For an advanced Synthetic LDAP Test, also ascertain the following in advance:
A Base DN specifies the domain and top-level domain of the directory service, such as dc=myCompany,dc=com.
A Search String (also known as an LDAP Filter) is a set of keywords and values that narrow the search for a set of records in the directory service. Search the internet for “RFC 2254 String Representation of LDAP Search Filters” or just “LDAP filter syntax.” For example:
(objectCategory=user) - the set of all users,
(&(objectCategory=person)(objectClass=user)) - The set of all users that are real people.
(&(objectCategory=person)(objectClass=user)(cn=*son)) - Real people with username ending in “son.”
(&(objectCategory=person)(objectClass=user)(cn=jsmith)) - All real people with username “jsmith.”
An Expected Name is the name of a field in the returned record(s). An Expected Name might be state or memberOf.
Consult your LDAP administrator for the set of valid Expected Names. Alternatively, run a test with an arbitrary Expected Name, and the results will include a list of valid names from which to choose.
An Expected value is the value of Expected Name which constitutes a successful test. The Expected value assumes various forms, such as NY or cn=CA-office,cn=user,dc=mycompany,dc=com.
Consult your LDAP administrator for the set of valid Expected values for each Expected Name. Alternatively, run a test with an arbitrary Expected value, and the results will include a list of valid values from which to choose.
The test passes if the value in the Expected Name field of at least one record matches Expected value.
Example of an advanced Synthetic LDAP test
The goal is to prove throughout the day that Big Company’s two LDAP servers have not lost their configurations for a computer in Florida whose username is FLcardreader.
Port: 389
Username: bjohnson, Password: Bob!Pass5
URI of a directory service provider: DS1.bigco.com, and DS2.bigco.com
Base DN: dc=bigco,dc=com
Search String: (&(objectCategory=computer)(objectClass=user)(cn=FLcardreader))
Expected Name: state
Expected value: FL
Using the wizard for an LDAP test
To create, clone, edit, or delete a Synthetic LDAP test profile
1. Choose Configure > All Settings > Monitor: Synthetic Testing.
2. On the Choose Action page, select a radio button to specify whether you will Create, Clone, Edit, or Delete a Synthetic Test Profile.
If you are creating a Profile, click Next.
If you are cloning or editing a Profile, highlight the name of an existing profile in the list below, and click Next.
If you are deleting a Profile, highlight the name of an existing profile in the list below, click Next, and then typically click Finish.
3. On the Test Details page, select Active. In the Name field, enter a unique name for this Profile. In the Test Type drop-down, select LDAP. In the Test Frequency field, set how often this test will run, or accept the default of 300 seconds. Set Timeout to the number of seconds that this test must wait for a response before giving up.
If this test is associated with the performance of one or more applications, enter the Application name(s) here. Also set the name of a Device under test, if applicable. Device can also be the name of a region, business group, or other designator. These properties are passed to downstream Riverbed products for identifying and organizing Synthetic Test results.
4. Click Next.
5. On the Test Configuration page, enter the settings that enable the test to ascertain availability of an LDAP-enabled directory service: Port, Username, and Password. For details, see Preparing for an LDAP test.
With optional Advanced settings, the test will not only ascertain the availability of a the LDAP-enabled directory server, but also test the values of a named entry in the LDAP database. Enter the Base DN, Search String, Expected name, and Expected value. For details, see Preparing for an LDAP test
6. Click Next.
7. On the Test Sources page, select one or more test engines from which this test should be run and click Next.
8. On the Test Targets page, enter the URI of one or more directory service providers to be tested. Directory servers typically act as backup for each other, so in most cases, enter the names of all directory servers in the enterprise. Then click Next.
9. On the Summary page, verify all settings. Click Previous to go back and modify, or click Finish to save the profile.