Monitoring OpenLDAP

20. Juli 2012
von Hödlmoser
Debian / LDAP

due to OpenLDAP went for on-line configuration (OLC) its not that easy to enable Monitoring.

Monitoring in this context here means to at least be able to run a Munin plugin to get nice graphs for OpenLDAP as I do here.

first step is to enable the monitorung module in slapd, so just create the following module_monitor.ldif file.

dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: {1}back_monitor

be careful with the number in front of back_monitor. its numbering all your already enabled modules, so to be sure, just have a look with:

ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=module{0},cn=config"

if you have chosen the correct number for the monitor module, just put the ldif into your database.

ldapmodify -Y EXTERNAL -H ldapi:/// -f module_monitor.ldif

let’s create a dedicated LDAP user. passwords are normally hashed, we can also do this with the help of slapdpasswd. default hash is SSHA, read the man page. 🙂

slapdpasswd -s <monitor password>

will give an output like this:

{SSHA}HF3/T4VdTBr4X0dtzyR33bD7dUgHjsEb

create the cn_monitor.ldif file for adding the monitor user.

dn: cn=monitor,dc=rekmp,dc=net
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: monitor
description: LDAP monitor
userPassword:{SSHA}HF3/T4VdTBr4X0dtzyR33bD7dUgHjsEb

we use ldapadd to add this new user.

ldapadd -x -D cn=admin,dc=rekmp,dc=net -w <admins password> -f cn_monitor.ldif

don’t be surprised if you do a ldapsearch of your new created user and the userPassword doesn’t look like as before: its base_64 encoded.

finally setup the monitor database, create the file database_monitor.ldif.

dn: olcDatabase={2}Monitor,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMonitorConfig
olcDatabase: {2}Monitor
olcAccess: {0}to dn.subtree="cn=Monitor" by dn.base="cn=monitor,dc=rekmp,dc=net" read by * none

and add it to the database with:

ldapadd -Y EXTERNAL -H ldapi:/// -f database_monitor.ldif

now you can monitor eg the uptime of slapd:

ldapsearch -x -D cn=monitor,dc=rekmp,dc=net -w <monitor password> -b cn=Uptime,cn=Time,cn=Monitor -s base '(objectClass=*)' '*' '+'

 

2 Kommentare

  1. Rafael Chicoli sagt

    Great documentation.. I followed right away the steps.. it works perfectly. Thx m8… and keep sharing 😉

  2. environmental monitoring sagt

    Fascinating blog! Is your theme custom made or did you download it from somewhere?

    A theme like yours with a few simple adjustements
    would really make my blog shine. Please let me know where you got your design.

    Thanks

Kommentare sind geschlossen.