Skip to content

openldap

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History
 
 

openldap

README.md

OpenLDAP Integration

Overview

Use the OpenLDAP integration to get metrics from the cn=Monitor backend of your OpenLDAP servers.

Setup

Installation

The OpenLDAP integration is packaged with the Agent. To start gathering your OpenLDAP metrics, you need to:

  1. Have the cn=Monitor backend configured on your OpenLDAP servers.
  2. Install the Agent on your OpenLDAP servers.

Configuration

Prepare OpenLDAP

If the cn=Monitor backend is not configured on your server, follow these steps:

  1. Check if monitoring is enabled on your installation

        sudo ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=module{0},cn=config

If you see a line with olcModuleLoad: back_monitor.la, monitoring is already enabled, go to step 3.

  1. Enable monitoring on your server

        cat <<EOF | sudo ldapmodify -Y EXTERNAL -H ldapi:///
    dn: cn=module{0},cn=config
    changetype: modify
    add: olcModuleLoad
    olcModuleLoad: back_monitor.la
    EOF

  2. Create a user for accessing the monitoring information

    1. Create an encrypted password with slappasswd

    2. Add a new user

          cat <<EOF | ldapadd -H ldapi:/// -D <YOUR BIND DN HERE> -w <YOUR PASSWORD HERE>
    dn: <DN OF THE NEW USER>
    objectClass: simpleSecurityObject
    objectClass: organizationalRole
    cn: <COMMON NAME OF THE NEW USER>
    description: LDAP monitor
    userPassword:<ENCRYPTED PASSWORD HERE>
    EOF

  3. Configure the monitor database

        cat <<EOF | sudo ldapadd -Y EXTERNAL -H ldapi:///
    dn: olcDatabase=Monitor,cn=config
    objectClass: olcDatabaseConfig
    objectClass: olcMonitorConfig
    olcDatabase: Monitor
    olcAccess: to dn.subtree='cn=Monitor' by dn.base='<YOUR MONITOR USER DN HERE>' read by * none
    EOF

Configure the OpenLDAP integration

Add this configuration block to your openldap.yaml file to start gathering your metrics:

  init_config:

  instances:
      - url: ldaps://localhost
        port: 686
        username: <your monitor user DN>
        password: <your monitor user password>

See the sample openldap.yaml for all available configuration options.

Restart the Agent to begin sending OpenLDAP metrics to Datadog.

Validation

Run the Agent's status subcommand and look for openldap under the Checks section:

  Checks
  ======
    [...]

    openldap
    --------
      - instance #0 [OK]
      - Collected 26 metrics, 0 events & 1 service check

    [...]

Compatibility

The check is compatible with all major platforms.

Data Collected

Metrics

See metadata.csv for a list of metrics provided by this integration.

Events

The openldap check does not include any events.

Service Checks

openldap.can_connect

Returns CRITICAL if the integration cannot bind to the monitored OpenLDAP server, OK otherwise.

Troubleshooting

Need help? Contact Datadog support.

Development

See the main documentation for more details about how to test and develop Agent based integrations.