Ping Identity PingAuthorize Server - Search LDAP Health Check

PingAuthorize Server Documentation Index
Configuration Reference Home

Search LDAP Health Check

Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact support in order to understand the potential impact of that change.

The Search LDAP Health Check may be used to assess the health of an LDAP external server by issuing a search against the server and optionally examining the contents of entries returned.

If an error occurs while attempting to communicate with the server, then the server will be considered unavailable. If it takes too long for the server to return results for the search, then the server may be considered degraded or unavailable. If any available, degraded, or unavailable filters are defined for this health check, then they will be evaluated against any entries returned.

↓Parent Component
↓Properties
↓dsconfig Usage

Parent Component

The Search LDAP Health Check component inherits from the LDAP Health Check

Properties

The properties supported by this managed object are as follows:

Basic Properties:	Advanced Properties:
↓ description	None
↓ enabled
↓ use-for-all-servers
↓ base-dn
↓ scope
↓ filter
↓ maximum-local-available-response-time
↓ maximum-nonlocal-available-response-time
↓ minimum-local-degraded-response-time
↓ minimum-nonlocal-degraded-response-time
↓ maximum-local-degraded-response-time
↓ maximum-nonlocal-degraded-response-time
↓ minimum-local-unavailable-response-time
↓ minimum-nonlocal-unavailable-response-time
↓ allow-no-entries-returned
↓ allow-multiple-entries-returned
↓ available-filter
↓ degraded-filter
↓ unavailable-filter
↓ use-administrative-operation-control

Basic Properties

description

Description	A description for this LDAP Health Check
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

enabled

Description	Indicates whether this LDAP Health Check is enabled for use in the server.
Default Value	None
Allowed Values	true false
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

use-for-all-servers

Description	Indicates whether this LDAP Health Check should be automatically used for all LDAP external servers defined in the PingAuthorize Server. If this is false, then this LDAP Health Check will only be used by servers which have been explicitly configured to use it.
Default Value	false
Allowed Values	true false
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

base-dn

Description	The base DN to use for the search. If no value is provided, then the search will be based at the server's root DSE.
Default Value
Allowed Values	A valid DN.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

scope

Description	The scope to use for the search.
Default Value	base-object
Allowed Values	base-object - The search should be processed only against the entry specified by the base DN. single-level - The search should be processed only against entries which are immediate subordinates of the entry specified by the base DN, but not the base entry itself. whole-subtree - The search should be processed against the entry specified by the base DN and all of its subordinates to any depth. subordinate-subtree - The search should be processed against all entries subordinate to the entry specified by the base DN to any depth, but not to the base entry itself.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

filter

Description	The filter to use to identify entries for the search.
Default Value	(objectClass=*)
Allowed Values	A valid LDAP search filter
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

maximum-local-available-response-time

Description	The maximum length of time that a search against a local server may take to complete in order for the target server to remain classified as "available". This will only be evaluated for servers in the same location as the PingAuthorize Server with a last-known state of "available", and if the search takes longer than this length of time to complete then the server will be reclassified as either "degraded" or "unavailable". For servers with a last-known state of "degraded" or "unavailable", then the response time must be less than the minimum-local-degraded-response-time for the server state to be eligible to be upgraded to "available".
Default Value	1000 milliseconds
Allowed Values	A duration. Lower limit is 1 milliseconds.
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

maximum-nonlocal-available-response-time

Description	The maximum length of time that a search against a non-local server may take to complete in order for the target server to remain classified as "available". This will only be evaluated for servers in a different location from the PingAuthorize Server with a last-known state of "available", and if the search takes longer than this length of time to complete then the server will be reclassified as either "degraded" or "unavailable". For servers with a last-known state of "degraded" or "unavalable", then the response time must be less than the minimum-nonlocal-degraded-response-time for the server state to be eligible to be upgraded to "available".
Default Value	1000 milliseconds
Allowed Values	A duration. Lower limit is 1 milliseconds.
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

minimum-local-degraded-response-time

Description	The minimum length of time that a search against a local server may take to complete in order for the target server to be classified as "degraded". This will only be evaluated for servers in the same location as the PingAuthorize Server with a last-known state of "degraded" or "unavailable". For a server in either of those states, if the response is received in less than this time, then that server may be eligible to be upgraded to "available".
Default Value	500 milliseconds
Allowed Values	A duration. Lower limit is 1 milliseconds.
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

minimum-nonlocal-degraded-response-time

Description	The minimum length of time that a search against a non-local server may take to complete in order for the target server to be classified as "degraded". This will only be evaluated for servers in a different location from the PingAuthorize Server with a last-known state of "degraded" or "unavailable". For a server in either of those states, if the response is received in less than this time, then that server may be eligible to be upgraded to "available".
Default Value	500 milliseconds
Allowed Values	A duration. Lower limit is 1 milliseconds.
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

maximum-local-degraded-response-time

Description	The maximum length of time that a search against a local server may take to complete in order for the target server to be classified as "degraded". This will only be evaluated for servers in the same location as the PingAuthorize Server with a last-known state of "available" or "degraded". If the search takes longer than this length of time to complete, then the server will be classified as "unavailable". For servers with a last-known state of "unavailable", they will remain classified as "unavailable" until the search takes less time to complete than specified in the minimum-local-unavailable-response-time.
Default Value	10 seconds
Allowed Values	A duration. Lower limit is 1 milliseconds.
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

maximum-nonlocal-degraded-response-time

Description	The maximum length of time that a search against a non-local server may take to complete in order for the target server to be classified as "degraded". This will only be evaluated for servers in a different location from the PingAuthorize Server with a last-known state of "available" or "degraded". If the search takes longer than this length of time to complete, then the server will be classified as "unavailable". For servers with a last-known state of "unavailable", they will remain classified as "unavailable" until the search takes less time to complete than specified in the minimum-nonlocal-unavailable-response-time.
Default Value	10 seconds
Allowed Values	A duration. Lower limit is 1 milliseconds.
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

minimum-local-unavailable-response-time

Description	The minimum length of time that a search against a local server may take to complete in order for the target server to be classified as "unavailable". This will only be evaluated for servers in the same location as the PingAuthorize Server with a last-known state of "unavailable". For a server in that state, if the response is received in less than this time, then that server may be eligible to be upgraded to "degraded", or to "available" if the response is received in less time than the miminum-local-degraded-response-time.
Default Value	5 seconds
Allowed Values	A duration. Lower limit is 1 milliseconds.
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

minimum-nonlocal-unavailable-response-time

Description	The minimum length of time that a search against a non-local server may take to complete in order for the target server to be classified as "unavailable". This will only be evaluated for servers in a different location from the PingAuthorize Server with a last-known state of "unavailable". For a server in that state, if the response is received in less than this time, then that server may be eligible to be upgraded to "degraded", or to "available" if the response is received in less time than the miminum-nonlocal-degraded-response-time.
Default Value	5 seconds
Allowed Values	A duration. Lower limit is 1 milliseconds.
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

allow-no-entries-returned

Description	Indicates whether this health check should consider it acceptable for the search to return no entries.
Default Value	true
Allowed Values	true false
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

allow-multiple-entries-returned

Description	Indicates whether this health check should consider it acceptable for the search to return more than one entry.
Default Value	true
Allowed Values	true false
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

available-filter

Description	A search filter which must match all entries returned for that server to be considered available. If one or more available filters are defined, then a server may be considered available only if all entries returned match all available filters and do not match any degraded or unavailable filters.
Default Value	None
Allowed Values	A valid LDAP search filter
Multi-Valued	Yes
Required	No
Admin Action Required	None. Modification requires no further action

degraded-filter

Description	A search filter which may cause a server to be classified as "degraded". If one or more degraded filters are defined, then a server may be considered degraded if any entry returned matches any degraded filter and no entries match any unavailable filter.
Default Value	None
Allowed Values	A valid LDAP search filter
Multi-Valued	Yes
Required	No
Admin Action Required	None. Modification requires no further action

unavailable-filter

Description	A search filter which may cause a server to be classified as "unavailable". If one or more unavailable filters are defined, then a server may be considered unavailable if any entry returned matches any unavailable filter.
Default Value	None
Allowed Values	A valid LDAP search filter
Multi-Valued	Yes
Required	No
Admin Action Required	None. Modification requires no further action

use-administrative-operation-control

Description	Indicates whether this health check should supply the administrative operation request control on the search, provided the corresponding property on the external server configuration is enabled and the server supports the control. If the corresponding property on the external server is not enabled, or the server does not support the control, then this property has no effect. If the control is used, the server can use the indication to treat the operation differently. Possible benefits of using the control are that the server can exclude the operation from the processing time histogram, or include additional information about the purpose of the operation in the access log. A possible disadvantage of using the control is that the server might expedite the processing of the operation, such that the health check might not detect delays that are occurring for regular operations.
Default Value	true
Allowed Values	true false
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

dsconfig Usage

To list the configured LDAP Health Checks:

dsconfig list-ldap-health-checks
     [--property {propertyName}] ...

To view the configuration for an existing LDAP Health Check:

dsconfig get-ldap-health-check-prop
     --check-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing LDAP Health Check:

dsconfig set-ldap-health-check-prop
     --check-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Search LDAP Health Check:

dsconfig create-ldap-health-check
     --check-name {name}
     --type search
     --set enabled:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing LDAP Health Check:

dsconfig delete-ldap-health-check
     --check-name {name}