OpenLDAP

Version 3

    This template assesses the performance of the OpenLDAP server by retrieving performance data from the cn=Monitor sub-tree.

    Prerequisites:

    • Perl must be installed on the target server.
    • SNMP must be installed on the target server
    • You must have permission to monitor slapd processes on the target server.
    • The OpenLDAP monitoring branch must be enabled. You can enable this by adding the following lines to the slapd.conf file, which is located here:
      /etc/openldap
      /slapd.conf.

          database monitor

          access to dn.subtree="cn=Monitor"

          by * read

          by * none

     

    Create a user on the Linux/Unix server with the same, case sensitive, username and password, as it is for OpenLDAP. OpenLDAP has Manager  as the default user, which is equivalent to the OpenLDAP administrator. Create the user, Manager, on the server and set the password to be the same for Manager in OpenLDAP. See the following example:

     

    [root@centos56 ~]# useradd Manager

    [root@centos56 ~]# passwd Manager

    Changing password for user Manager.

    New UNIX password:

    Retype new UNIX password:

    passwd: all authentication tokens updated successfully.

    [root@centos56 ~]#

     

    Credentials: User with access to the OpenLDAP and Linux/Unix servers.

     

    Component Arguments and Syntax

    All components use the ldapsearch command with arguments to get the required values, as in the following:


    ldapsearch -x -D 'cn=User,dc=your,dc=domain' -w password -b 'cn=Monitor' -s base '(objectClass=*)' '+'

     

    The three arguments below are used in the following order:

    perl ${SCRIPT} cn=${USER} ${PASSWORD} dc=your,dc=domain

     

    1. Username – This argument specifies which user will get the required statistic from the OpenLDAP server using the following format: cn=${USER}. By default, this argument will use the username from the application. Normally, this argument should remain unchanged.
    2. Password – This argument specifies the user's password. By default,  it will use the password from the application's username. Normally, this argument should remain unchanged.
    3. Domain – This argument specifies the domain name and should be formatted in the following manner: dc=your,dc=domain. This is where you set your domain. For example: dc=example,dc=com or dc=test1,dc=testing,dc=com.

     

    Below is an example using the Command Line field with arguments used in any component monitor:

    perl ${SCRIPT} cn=${USER} ${PASSWORD} dc=example,dc=com

     

    Monitored Components:

     

    Operations Rate Per Sec

    This monitor returns the rates per second of different LDAP operations. All rates are calculated as the number of specific queries for five seconds, and then divided by five. Information about LDAP operations are taken from the cn=Operations,cn=Monitor sub-tree. Returned values are as follows:

    Note: It is possible that scripts will return non-integer values.

         Total – This component returns the total number of LDAP operations.

         Bind – This component returns the number of Bind operations occurring on the server. The LDAP Bind operation can be used to authenticate to the LDAP Server.

         Unbind – This component returns the number of Unbind operations occurring on the server. The LDAP Unbind operation is used to indicate that the client wants to disconnect from the server.

         Add – This component returns the number of Add operations occurring on the server. The LDAP Add operation can be used to create an entry in the LDAP Server.

         Delete – This component returns the number of Delete operations occurring on the server. The LDAP Delete operation can be used to remove an entry or sub-tree from the server.

         Modify – This component returns the number of Modify operations occurring on the server. The LDAP Modify operation can be used to alter an existing entry in the LDAP Server.

         Compare – This component returns the number of Compare operations occurring on the server. The LDAP Compare operation can be used to determine whether a specified entry contains a given attribute value.

         Search – This component returns the number of Search operations occurring on the server. The LDAP Search operation can be used to identify entries in the LDAP Server that match a given set of criteria.

     

    Active Operations

    This monitor returns the number of active operations.

     

    Current Connections

    This monitor returns the number of current OpenLDAP connections.

     

    Bytes Sent Rate Per Sec

    This monitor returns the number of bytes sent, per second, by the server.

     

    Uptime

    This monitor shows the server uptime, in seconds. The returning message shows the time in days, hours, minutes, and seconds.

     

    Read Waiters

    This monitor returns the number of connections that are waiting to read data.

     

    Write Waiters

    This monitor returns the number of connections that are waiting to write data.

     

    Process Monitor – SNMP: slapd

    This component monitor returns CPU and memory usage of the slapd daemon. If this counter is unavailable, there may be a problem with your SNMP configuration or the slapd service has stopped.

     

    LDAP User Experience Monitor

    This component monitor tests the capabilities of the Light Weight Directory Access Protocol (LDAP) server and measures the time it takes to perform an LDAP query.

    Note: By default, this monitor is disabled.

     

    Portions of this document were originally created by and are excerpted from the following sources:

    Oracle Corporation, “Oracle System Administration Guide: Printing,” Copyright © 2012 Oracle Corporation. All rights reserved. Available at http://www.openldap.org/doc/admin24/monitoringslapd.html.

    Last Updated: 4/23/2015