search cancel

How does the policy server trace analysis the calculate the LDAP Response?


Article ID: 33529


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On



How does the Policy Server Trace Analysis Tool calculate the LDAP Response+Wait Time from the pdf summary report? 

The customer wants to run the analysis tool in order to check the performances on the changes they are doing on their LDAP configuration.



The smtracedefault.log shows times for LDAP queries, but that was not the entire picture.  

If you only have one LDAPBank, and 50 threads, then there will only be 1 LDAP query executed at a time, and it will be very quick.   

So in our case we were getting results from the LDAP response to be very quick, LDAP server was exhibiting low CPU, but ProcessRequest time was long. 

Looking in detail we found there were up to 49 threads that were stuck at the prior trace log message step waiting to get access to the LDAPBank/ldap connection to send their query. 

So LDAPResonse is the time of the LDAPRequest , as per the split timer and returned in the message.

So LDAPResponse + WaitTime is the time since the previous log message from that thread, and the log message with the split timer (so it should capture any time the thread spent waiting for access to the connection as well as the actual query time.)

LDAPWaitTime is the difference, a high value here usually means your bottleneck is you do not have enough LDAPBanks and requests are slow because they are waiting before they can send their LDAP query. 


Component: SMPLC