Here's a crude way to find what client is querying what connect identifier (12590 is the PID of oidldapd; client IPs are masked here):
$ strace -e trace=recvmsg,read -f -s100 -p12590 2>&1 | perl -nle 'print $1 if /recvmsg.*ffff:([^\\]+)/ or /read.*?cn=(\w+)/'
(If you have collected the strace output (by -o <output file>), you can cat and pipe its content to the Perl command.)
The above output says client <IP1> queried connect identifier ngslimsp, and later hdpd. Client <IP3> queried confluences. Client <IP2> appeared to query something but didn't (it was our F5 sending a "heartbeat" to check availability of the OID server). Occasionally the Perl one-liner picks up some OID maintenance work; our OID has replication set up. If needed, I can improve the regex pattern to filter them out.
The raw strace output is like
<pid> recvmsg ... ffff:<client IP>
<pid> getpeername(<fd>, ...
<pid> read(<fd>, ... cn=<connect identifier>, ...
Initially, I thought I had to make sure the read() call that shows the connect identifier must be a read on the file descriptor given by the getpeername() call immediately after the recvmsg() call. It turns out that's not needed, because <fd> of this read() always matches <fd> of getpeername().
To answer my question: If I want to find the clients that query a specific connect identifier say indtest, I run this:
$ strace -e trace=recvmsg,read -f -s100 -p12590 2>&1 | perl -nle '$|=1; print $1 if /recvmsg.*ffff:([^\\]+)/ or /read.*?cn=(\w+)/' | grep -B1 -i indtest
Option -B1 of grep allows to show the line before the pattern. Note I added $|=1 to the Perl one-liner to disable buffering. It's needed if you need further downstream grep'ing or saving to a file.
As I said, this is a crude way to do the work. I hope someone can tell me a cleaner and more efficient way. Placing the running process oidldapd under strace, even if I restrict the traced functions to only two, will add some CPU overhead. I hope the official method (to be given by someone) will be lighter-weight.