Following up from my articles on Creating an LDAP Addressbook / Directory, then Securing LDAP with TLS / SSL and Multi-Master LDAP Replication; I’ll now look at monitoring LDAP with Munin as an immediate example and Nagios to follow.
First we need to enable monitoring on LDAP – execute:
1 2 3 4 5 6 |
cat <<EOF | ldapmodify -Y EXTERNAL -H ldapi:/// dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: {2}back_monitor.la EOF |
after ensuring {2} is the appropriate next sequence for oldModuleLoad. You can check this my running:
1 |
ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=module{0},cn=config |
Now create a user with access to the monitoring information:
1 2 3 4 5 6 7 8 |
cat <<EOF | ldapadd -H ldapi:/// -D cn=admin,dc=nodomain -w h.TDVyELBjm0g dn: cn=monitor,dc=nodomain objectClass: simpleSecurityObject objectClass: organizationalRole cn: monitor description: LDAP monitor userPassword: cA.5rMfzHw9vw EOF |
Lastly, configure the monitor database:
1 2 3 4 5 6 7 8 |
cat <<EOF | ldapadd -Y EXTERNAL -H ldapi:/// dn: olcDatabase={2}Monitor,cn=config objectClass: olcDatabaseConfig objectClass: olcMonitorConfig olcDatabase: {2}Monitor olcAccess: {0}to dn.subtree="cn=Monitor" by dn.base="cn=monitor,dc=nodomain" read by * none EOF |
The monitoring module should now be active and you can test with:
1 |
ldapsearch -D cn=monitor,dc=nodomain -w cA.5rMfzHw9vw -H ldapi:/// -b cn=Monitor |
Configuring Munin
“Munin is a networked resource monitoring tool that can help analyze resource trends and “what just happened to kill our performance?” problems. It is designed to be very plug and play. A default installation provides a lot of graphs with almost no work.”
On Ubuntu, you can install Munin and the required packages for LDAP monitoring with:
1 |
apt-get install munin-node libnet-ldap-perl |
Then edit /etc/munin/plugin-conf.d/munin-node and add a section such as:
1 2 3 4 |
[slapd_*] env.server 127.0.0.1 env.binddn cn=monitor,dc=nodomain env.bindpw cA.5rMfzHw9vw |
During the install, Munin may have detected OpenLDAP and added appropriate symlinks. If it didn’t, you can possibly do it from the output of:
1 |
munin-node-configure --suggest --shell |
For me (Ubuntu 12.10), slapd showed up with an error Wrong amount of autoconf which I haven’t debugged. Instead I just created the symlinks manually:
1 2 3 4 5 6 7 8 |
ln -s /usr/share/munin/plugins/slapd_ slapd_statistics_bytes ln -s /usr/share/munin/plugins/slapd_ slapd_statistics_pdu ln -s /usr/share/munin/plugins/slapd_ slapd_statistics_referrals ln -s /usr/share/munin/plugins/slapd_ slapd_operations_diff ln -s /usr/share/munin/plugins/slapd_ slapd_statistics_entries ln -s /usr/share/munin/plugins/slapd_ slapd_connections ln -s /usr/share/munin/plugins/slapd_ slapd_waiters ln -s /usr/share/munin/plugins/slapd_ slapd_operations |
And restart Munin:
1 |
service munin-node restart |