top of page
  • Marty Heyman

Better Management for Directory (LDAP) Traffic

Many LDAP Directories have several servers handling requests from many clients. The load on each server varies. Redirecting traffic when a server goes away can be a challenge.

There are companies offering “network load balancers.” They are usually pretty expensive and complicated. But they don’t understand the messages they handle. LDAP Directory requests have different requirements than, say, Web requests. So, Symas built a Directory Traffic Manager (DTM). It offers improved flexibility, performance and reliability.

Many Directories have several interconnected servers. Others scatter clusters of servers. Symas’s DTM help you improve your Directory service even in those situations. By monitoring each server, DTM is fast to react to changes. When a server goes off-line, DTM’s monitoring acts fast and keeps thing as smooth as possible.


Symas’s Directory Traffic Manager is currently available for the following 64-bit platforms:

  • Red Hat Enterprise Linux Releases 6 and 7

  • SuSE Linux Enterprise Server Release 12

  • Debian Linux Release 9

  • Ubuntu Linux Release 18


Symas’s DTM monitors the load on each server in a cluster. That tells DTM how to direct traffic on a per-request (operation) basis. The monitoring itself is based on measuring server response times and operation backlogs, and so puts no additional load on the server(s) themselves. This results in excellent balance of requests among the servers. At peak moments, that gives the best performance. Because DTM is watching all the time, it spots sudden bursts of traffic or heavy requests right away. Again, balancing actions happen fast to keep things smooth. You can add a server or remove one. DTM will see it and take action. This will keep your directory traffic flowing. This feature also makes it easy to do maintenance or add capacity. You can do that on the fly. DTM is easy to manage. You configure it with familiar OpenLDAP configuration tools. DTM makes an extensive list of performance and load information available. It is easy to connect that to your normal monitoring tools. DTM has several ways to manage your Directory Traffic:

  • Round-robin

  • Weighted (server one being preferred to server two and three at a ratio 3:1:1, etc.).

  • Tiered (The main server has a back-up which has a back-up, etc. The main server fails over to its back-up)

You can mix traffic management options to achieve your performance and reliability goals.

We also made it easy to use public-key security capabilities (PKI). DTM supports the complete repertoire of PKI operations supported by OpenLDAP, including:

  • Server identity verification,

  • Client identity verifications, and

  • Encrypted communications.

DTM completely supports TLS 1.3.


We designed the Directory Traffic Manager for LDAP applications that benefit the most from load balancing. It handles requests from clients running any LDAP v3 library, but applications that use certain extended operations and server controls, such as browsers and other user interface applications, are best connected directly to the servers. This will not interfere with load balancing activities of DTM. For a complete list of supported controls and extended operations, please contact us. While DTM has been most extensively tested with OpenLDAP servers, it is designed to work with directory servers that support LDAP v3 and proxied authentication. Most types of SASL binds are also supported when the server supports the `ldapwhoami` extended operation. For more information, please contact us.

198 views0 comments

Recent Posts

See All

OpenLDAP & LMDB Sizing Guide

Jan 17, 2022 Introduction Symas OpenLDAP configured with LMDB has been extensively tested and its performance characteristics are well understood. Both OpenLDAP and LMDB’s scaling characteristics are

Implementing LDAPS in Symas OpenLDAP 2.5+

Please note that the certificates must be in a pem format (.pem or .crt). You will need three certificates: Root CA certificate, server certificate (with the fqdn of server in subject line or in the s

About the LDAP Load Gen Project

LDAP Load Generator is a tool we use at Symas to drive load tests for OpenLDAP releases. What Can It Do? Add, Modify, Delete, Read, Search, Bind and Compare operations with LDAP User and Group entries


bottom of page