1 Reply Latest reply on Apr 6, 2020 1:03 PM by User51642 Yong Huang

    Any way to find the clients using a specific connect identifier?

    User51642 Yong Huang

      Our Oracle clients connect to OID to resolve connect identifiers. Is there a simple way to find those clients using a specific connect identifier? We use Linux. I did an strace on the oidldapd process on the OID server while the client, with IP 172.18.60.194, ran "tnsping indtest":

       

      $ strace -f -s100 -p 4982 2>&1 | egrep '172.18.60.194|indtest'

      [pid  5068] recvmsg(12, {msg_name(0)=NULL, msg_iov(1)=[{"\1\0\0\0\0\0\0\0\271\34\0\0\0\0\0\0::ffff:172.18.60.194\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\255\20\377 ", 100}], msg_controllen=24, [{cmsg_len=20, cmsg_level=SOL_SOCKET, cmsg_type=SCM_RIGHTS, [128]}], msg_flags=0}, 0) = 100

      [pid  5072] read(128, "\2\1\2c\201\220\0042cn=indtest,cn=OracleContext,dc=mdacc,dc=tmc,dc=edu\n\1\0\n\1\2\2\1\0\2\1\0\1\1\0\207\vobjectclass0>\4\vobjectclas"..., 150) = 150

      [pid  5074] write(128, "0\204\0\0\1W\2\1\2d\204\0\0\1N\0042cn=indtest,cn=OracleContext,dc=mdacc,dc=tmc,dc=edu0\204\0\0\1\0240\204\0\0\0(\4\vobjectclass1\204\0\0\0\25\4\16"..., 371) = 371

       

      There's no way to tie the line showing the client IP and the lines showing the connect identifier. I wish the file descriptors (12 and 128) were the same, or the IDs of the spawned processes (5068, 5072, 5074) were the same. I expanded the output by grep -<some number>, or not doing grep at all. It still doesn't seem to give any clue to help me identify the lines showing the client IP and the identifier the client is querying.

       

      Currently, we create a new service in the database, modify the connect identifier to use that service, and check the sessions in the database using that service. I hope there's an easier way. Thanks!

       

      The version we're using:

       

      $ ORACLE_HOME=/u01/app/oracle/middleware/oid /u01/app/oracle/middleware/oid/OPatch/opatch lsinventory

      ...

      Oracle Identity Management 11g                                       11.1.1.9.0

      ...

        • 1. Re: Any way to find the clients using a specific connect identifier?
          User51642 Yong Huang

          Here's a crude way to find what client is querying what connect identifier (12590 is the PID of oidldapd; client IPs are masked here):

           

          $ strace -e trace=recvmsg,read -f -s100 -p12590 2>&1 | perl -nle 'print $1 if /recvmsg.*ffff:([^\\]+)/ or /read.*?cn=(\w+)/'

          <IP1>

          ngslimsp

          <IP2>

          <IP1>

          hdpd

          <IP3>

          confluences

          replication

          replication

          changelog

           

          (If you have collected the strace output (by -o <output file>), you can cat and pipe its content to the Perl command.)

           

          The above output says client <IP1> queried connect identifier ngslimsp, and later hdpd. Client <IP3> queried confluences. Client <IP2> appeared to query something but didn't (it was our F5 sending a "heartbeat" to check availability of the OID server). Occasionally the Perl one-liner picks up some OID maintenance work; our OID has replication set up. If needed, I can improve the regex pattern to filter them out.

           

          The raw strace output is like

          <pid> recvmsg ... ffff:<client IP>

          <pid> getpeername(<fd>, ...

          ...

          <pid> read(<fd>, ... cn=<connect identifier>, ...

          Initially, I thought I had to make sure the read() call that shows the connect identifier must be a read on the file descriptor given by the getpeername() call immediately after the recvmsg() call. It turns out that's not needed, because <fd> of this read() always matches <fd> of getpeername().

           

          To answer my question: If I want to find the clients that query a specific connect identifier say indtest, I run this:

           

          $ strace -e trace=recvmsg,read -f -s100 -p12590 2>&1 | perl -nle '$|=1; print $1 if /recvmsg.*ffff:([^\\]+)/ or /read.*?cn=(\w+)/' | grep -B1 -i indtest

          <client IP>

          indtest

           

          Option -B1 of grep allows to show the line before the pattern. Note I added $|=1 to the Perl one-liner to disable buffering. It's needed if you need further downstream grep'ing or saving to a file.

           

          As I said, this is a crude way to do the work. I hope someone can tell me a cleaner and more efficient way. Placing the running process oidldapd under strace, even if I restrict the traced functions to only two, will add some CPU overhead. I hope the official method (to be given by someone) will be lighter-weight.

           

          [2020-04 Update]

          See summary at http://yong321.freeshell.org/oranotes/LdapConnectIdentifierUsedByWhatClients.txt