Your company here — click to reach over 10,000 unique daily visitors

ldclt - Man Page

load test program for LDAP


ldclt [-qQvV] [-E <max errors>] [-b <base DN>] [-h <host>] [-p <port>] [-t <timeout>] [-D <bind DN>] [-w <passwd>] [-o <SASL option>] [-e <execParams>] [-a <max pending>] [-n <nb threads>] [-i <nb times>] [-N <nb samples>] [-I <err number>] [-T <total>] [-r <low> -R <high>] [-f <filter>] [-s <scope>] [-S <consumer>] [-P<supplier port>] [-W <waitsec>] [-Z <certfile>]


This tool is a LDAP client targeted to validate the reliability of the product under a wide variety of stress conditions.


The valid options are:


Asynchronous mode, with max pending operations.


Give the base DN to use. Default "dc=example,dc=com".


Bind DN. See -w


Max errors allowed. Default 1000.


Filter for searches.


Host to connect. Default "localhost".


Ldap URL to connect to. Example, ldap://localhost:389. This takes precedence over -h and -p.


Number of times inactivity allowed. Default 3 (30 seconds)


Ignore errors (cf. -E). Default none.


Number of threads. Default 10.


Number of samples (10 seconds each). Default infinite.


SASL Option.


Server port. Default 389.


Supplier port (to check replication). Default 16000.


Quiet mode. See option -I.


Super quiet mode.


Range's low value.


Range's high value.


Scope. May be base, subtree or one. Default subtree.


Consumer to check.


LDAP operations timeout. Default 30 seconds.


Total number of operations per thread. Default infinite.




Very verbose.


Bind passwd. See -D.


Wait between two operations. Default 0 seconds.


certfile. Turn on SSL and use certfile as the certificate DB


Execution parameters:

add ldap_add() entries.
append entries to the genldif file.
ascii use ascii 7-bits strings.
attreplace=name:mask replace attribute of existing entry.
attrlist=name:name:name specify list of attribs to retrieve
attrsonly=0|1 ldap_search() parameter. Set 0 to read values.
bindeach ldap_bind() for each operation.
bindonly only bind/unbind, no other operation is performed.
close will close() the fd, rather than ldap_unbind().
cltcertname=name name of the SSL client certificate
commoncounter all threads share the same counter.
counteach count each operation not only successful ones.
delete ldap_delete() entries.
dontsleeponserverdown will loop very fast if server down.
emailPerson objectclass=emailPerson (-e add only).
esearch exact search.
genldif=filename generates a ldif file
imagesdir=path specify where are the images.
incr incremental values.
inetOrgPerson objectclass=inetOrgPerson (-e add only).
keydbfile=file filename of the key database
keydbpin=password password for accessing the key database
noglobalstats don't print periodical global statistics
noloop does not loop the incremental numbers.
object=filename build object from input file
person objectclass=person (-e add only).
random random filters, etc...
randomattrlist=name:name:name random select attrib in the list
randombase random base DN.
randombaselow=value low value for random generator.
randombasehigh=value high value for random generator.
randombinddn random bind DN.
randombinddnfromfile=fine retrieve bind DN & passwd from file
randombinddnlow=value low value for random generator.
randombinddnhigh=value high value for random generator.
rdn=attrname:value alternate for -f.
referral=on|off|rebind change referral behaviour.
scalab01 activates scalab01 scenario.
scalab01_cnxduration maximum connection duration.
scalab01_maxcnxnb modem pool size.
scalab01_wait sleep() between 2 attempts to connect.
smoothshutdown main thread waits till the worker threads exit.
string create random strings rather than random numbers.
v2 ldap v2.
withnewparent rename with newparent specified as argument.
randomauthid random SASL Authid.
randomauthidlow=value low value for random SASL Authid.
randomauthidhigh=value high value for random SASL Authid.


To populate a database with 1000 user objects create a file template.ldif containing:

    objectClass: top
    objectclass: person
    objectClass: organizationalPerson
    objectClass: inetorgperson
    objectClass: posixAccount
    objectClass: shadowAccount
    sn: user[A]
    cn: user[A]
    givenName: user[A]
    description: description[A]
    userPassword: password[A]
    mail: user[A]@example.com
    uidNumber: 1[A]
    gidNumber: 1[A]
    shadowMin: 0
    shadowMax: 99999
    shadowInactive: 30
    shadowWarning: 7
    homeDirectory: /home/uid[A]

This can now be loaded to the database using:

    ldclt -h localhost -p 389 -D "cn=Directory Manager" -w password -b "ou=people,dc=example,dc=com" -I 68 -e add,commoncounter -e "object=/tmp/template.ldif,rdn=uid:user[A=INCRNNOLOOP(0;999;4)]"

Using these created users you can test binding to the accounts with:

    ldclt -h localhost -p 389 -e bindeach,bindonly -D uid=user0XXX,dc=example,dc=com -w password0XXX -e randombinddn,randombinddnlow=0,randombinddnhigh=0999 -e esearch -f "(&(objectClass=posixAccount)(uid=user*)(uidNumber=*)(gidNumber=*))"


ldclt was written by the 389 Project.

Reporting Bugs

Report bugs to https://github.com/389ds/389-ds-base/issues/new


March 31, 2017