Following up from my articles on Creating an LDAP Addressbook / Directory, then Securing LDAP with TLS / SSL and Multi-Master LDAP Replication; I’ll now look at monitoring LDAP with Munin as an immediate example and Nagios to follow.
First we need to enable monitoring on LDAP – execute:
cat <<EOF | ldapmodify -Y EXTERNAL -H ldapi:///
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: {2}back_monitor.la
EOF
after ensuring {2} is the appropriate next sequence for oldModuleLoad. You can check this my running:
ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=module{0},cn=config
Now create a user with access to the monitoring information:
cat <<EOF | ldapadd -H ldapi:/// -D cn=admin,dc=nodomain -w h.TDVyELBjm0g dn: cn=monitor,dc=nodomain objectClass: simpleSecurityObject objectClass: organizationalRole cn: monitor description: LDAP monitor userPassword: cA.5rMfzHw9vw EOF
Lastly, configure the monitor database:
cat <<EOF | ldapadd -Y EXTERNAL -H ldapi:///
dn: olcDatabase={2}Monitor,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMonitorConfig
olcDatabase: {2}Monitor
olcAccess: {0}to dn.subtree="cn=Monitor"
by dn.base="cn=monitor,dc=nodomain" read by * none
EOF
The monitoring module should now be active and you can test with:
ldapsearch -D cn=monitor,dc=nodomain -w cA.5rMfzHw9vw -H ldapi:/// -b cn=Monitor
Configuring Munin
“Munin is a networked resource monitoring tool that can help analyze resource trends and “what just happened to kill our performance?” problems. It is designed to be very plug and play. A default installation provides a lot of graphs with almost no work.”
On Ubuntu, you can install Munin and the required packages for LDAP monitoring with:
apt-get install munin-node libnet-ldap-perl
Then edit /etc/munin/plugin-conf.d/munin-node and add a section such as:
[slapd_*] env.server 127.0.0.1 env.binddn cn=monitor,dc=nodomain env.bindpw cA.5rMfzHw9vw
During the install, Munin may have detected OpenLDAP and added appropriate symlinks. If it didn’t, you can possibly do it from the output of:
munin-node-configure --suggest --shell
For me (Ubuntu 12.10), slapd showed up with an error Wrong amount of autoconf which I haven’t debugged. Instead I just created the symlinks manually:
ln -s /usr/share/munin/plugins/slapd_ slapd_statistics_bytes ln -s /usr/share/munin/plugins/slapd_ slapd_statistics_pdu ln -s /usr/share/munin/plugins/slapd_ slapd_statistics_referrals ln -s /usr/share/munin/plugins/slapd_ slapd_operations_diff ln -s /usr/share/munin/plugins/slapd_ slapd_statistics_entries ln -s /usr/share/munin/plugins/slapd_ slapd_connections ln -s /usr/share/munin/plugins/slapd_ slapd_waiters ln -s /usr/share/munin/plugins/slapd_ slapd_operations
And restart Munin:
service munin-node restart