Network Test Technology_LDAP Protocol Test Case

1. Overview of LDAP protocol

LDAP (Light Directory Access Portocol) is a lightweight directory access protocol based on the X.500 standard and runs on TCP/IP or other connection-oriented transmission services. LDAP directory service is based on the Client/Server model. One or more LDAP servers contain data that constitutes the entire directory information tree. The LDAP client connects to the server and issues a request, and then obtains the required data.
The structure of LDAP is a tree structure, which can effectively and clearly describe information related to the characteristics of an organizational structure. Each node in this tree structure is called an “Entry”, and each entry has its own uniquely distinguishable name (Distinguished Name, DN). The DN of an entry is a combination of the parent node position (Base DN) in the tree structure where the entry is located and an attribute of the entry that can be used to identify the identity (called RDN such as uid, cn).

2. LDAP protocol simulation test on Supernova

Supports IPv4, IPv6 and IPv4 & IPv6 dual-stack operation;
LDAP search mode supports Single level and Base object;
The login mode type supports anonymous binding and simple authentication;
Supports LDAP lookup request rate limit;
Support gateway device testing, proxy device testing, application service testing, and client terminal testing

3. Applicable scenarios in Supernova tester

3.1 Gateway Mode

The tester simulates the LDAP client and server at the same time, simulating the LDAP query process. The client and server establish a TCP connection, send commands to the server to find node information, test traffic is forwarded through the gateway device, and the server performs actions and returns the search results to the client. The tester obtains the ability of the tested gateway device to process LDAP queries by counting information such as the LDAP search success rate.
##3.2 Proxy mode
The tester simulates the LDAP client and server at the same time, simulating the LDAP query process. The client and server establish a TCP connection, send commands to the server to search for node information, test traffic is forwarded through the proxy device, and the server performs actions and returns the search results to the client. The tester obtains the ability of the tested proxy device to process LDAP queries by counting the LDAP search success rate and other information.

3.3 Application Service Mode

The tester only simulates the LDAP client and sends commands to the server to find node information. The server performs actions and returns the search results to the Supernova tester client. The tester performs statistics on the LDAP search success rate and other results to obtain the LDAP performance parameters of the server.

3.4 Terminal Mode

The tester only simulates the LDAP server, receives query commands from the LDAP terminal, and responds correctly.

4. Main configuration parameters of LDAP use case

4.1 Allocate CPU cores

The running of the use case requires the allocation of a certain number of CPU cores. Maximum performance such as the LDAP login attempt rate and the LDAP query success rate in seconds requires a certain number of cores to be allocated.

4.2 Speed Limit Configuration

LDAP use cases support multiple rate limiting methods, including fixed rate, random rate, trapezoidal rate, avalanche rate, sine rate, and staircase rate.
Fixed speed: Set a speed limit value, the speed will always maintain this value during operation, and the fluctuation will not exceed 1%;
Random rate: When the speed limit mode is random rate, set the minimum and maximum speed limit values, and the rate will run from a random rate value between the minimum rate and the maximum rate every second until the end of the run;
Trapezoidal rate: When the speed limit mode is trapezoidal rate, set a speed limit value. At the beginning of the operation, the speed will increase to this value according to time or percentage. In the middle process, the set speed limit value will be maintained. Before the end of the operation, the speed will increase according to time or percentage. Decreasingly to 0, the fluctuation in the middle process does not exceed 1%;
Avalanche rate: When the speed limit mode is avalanche rate, set the maximum, minimum rate and holding time. During the test, the rate will be maintained at the maximum rate for a period of time, and then at the minimum rate for a period of time, alternately;
Sine rate: When the speed limit mode is sine rate, set the maximum, minimum rate and gradient duration. During the test, the rate will complete a sinusoidal change within each gradient duration;
Stair rate: When the speed limit mode is stair rate, set the initial, maximum, incremental rate and holding time. During the test, the rate will be maintained at the initial rate for a period of time, and will increase at the increasing rate for a period of time, and finally continue at the maximum rate. The end of the run is shaped like a staircase.

4.3 Packet capture settings

You can set the protocol type to be captured, specify the IP address, port, file size or number of packets. Packet capture can be set before running or during running.

4.4 Number of virtual users

The number of concurrent users at the same time, for example, 256 users are set, and 256 users send login attempts at the same time.

4.5 Search Type

Single level: Execute a search request for entries directly subordinate to the entry specified by Base DN;
Base object: Only perform search requests on entries of Base DN.

4.6 Login Type

Anonymous binding: that is, the user is not authenticated, and this method is only applicable to completely public methods;
Simple authentication: Identity identification through username and password, which is divided into simple password and MD5 password authentication.

4.7Base DN

Base DN of the LDAP tree to search.

4.8User DN

On the LDAP server, query the User DN subtree used by an entry.

4.9 Password

Account password for accessing the LDAP server

5. LDAP test case-test firewall LDAP performance

5.1 Test topology

Note: The tester uses “gateway mode” to simulate the client and server of LDAP respectively, passing through a firewall (gateway mode) to test the firewall performance.

5.2 Test purpose

Obtain the ability of the tested gateway device (firewall) to handle LDAP queries.

5.3 Test Steps

1. Connect the topology according to the diagram;
2. Firewall configuration: configure interface IP;
3. Create an LDAP use case on the tester and configure parameters such as virtual host, virtual host gateway, number of virtual users, login type, password, etc.;
4. After the tester configuration is completed, start the use case and view the tester statistics.

5.4 Expected results

Expected results: When there are 256 virtual users, the LDAP access query success rate per second can reach 20,000

5.5 Firewall Configuration

Configure firewall interface information and policies according to the test topology.

Note: Configuration methods vary by product, and detailed steps for third-party products are not provided here. For any questions about the configuration of the firewall, get help from the firewall's user guide.

5.6 tester configuration

(1) In gateway mode, create an LDAP use case. Since it passes through a firewall, you need to configure a gateway and select gateway mode.

(2) Allocate the number of CPU cores

(3) Packet capture settings
Capture 1000 packets

(4) Configure the number of virtual users

(5) Configure client

(6) After the configuration is completed, click to start the use case

(6) Check the running interface in monitoring. The LDAP_query success rate in seconds value in the status application layer is the key result.

5.7 Verify expected results

(1) After the use case is completed, click on the “Report” interface and click to open the test results

(2) Click the “Generate Report” button to generate a test report, which mainly includes summary information

Conclusion: In line with 5.4 expected results

5.8 View packet capture messages

Download the packet capture file on the monitoring page or report page, view it, and track a TCP flow

6. LDAP test case-test server LDAP performance

6.1 Test topology

Note: The tester only simulates the LDAP client and sends commands to the server to find node information. The server performs actions and returns the search results to the Supernova tester client. The tester performs statistics on the LDAP search success rate and other results to obtain the LDAP performance parameters of the server.

6.2 Test purpose

This test case verifies the LDAP service function of the directory server under test and obtains the ability of the directory server under test to process LDAP queries.

6.3 Test Steps

1. Connect the topology according to the diagram
2. Server configuration: configure the interface connected to the tester
3. Create an LDAP use case on the tester and configure the virtual host subnet host address or range, server IP address, number of virtual users, search type, login type and other parameters;
4. After the tester configuration is completed, start the use case and view the tester statistics