Monitoring OpenLDAP
You can monitor OpenLDAP server by using the Instana OpenLDAP sensor. The Instana OpenLDAP sensor is automatically deployed and installed after you install the Instana agent. You can view metrics that are related to the OpenLDAP server in the Instana UI.
Support information
To make sure that the OpenLDAP sensor is compatible with your current setup, check the following support information sections:
Supported versions and support policy
The OpenLDAP sensor now supports the OpenLDAP versions: 2.4.x, 2.5.x and 2.6.x
The following table shows the latest supported version and support policy:
| Technology | Support policy | Latest version | Latest supported version |
|---|---|---|---|
| OpenLDAP | 45 days | 2.6.9 | 2.6.9 |
For more information about the support policy, see Support strategy for sensors.
Configuration
It is a prerequisite that the OpenLDAP monitoring module is enabled and configured.
OpenLDAP configuration
To enable and configure the OpenLDAP monitoring module, complete the following steps:
-
Check whether your monitoring module is enabled on your OpenLDAP installation:
ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=module{0},cn=config"If
olcModuleLoad: {1}back_monitoris included in the response, the monitoring module is enabled. You can skip to step 3. -
To enable the monitoring module, create a
module_monitoring.ldiffile and run the command:dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: {1}back_monitorldapmodify -Y EXTERNAL -H ldapi:/// -f module_monitor.ldif -
Create an encrypted password for the monitoring user:
slappasswd -s <MONITOR_USER_PASSWORD> -
Create a
cn_monitor.ldiffile and run the following command to add the monitoring user:dn: <NEW_MONITORING_USER_DISTINGUISHED_NAME> objectClass: simpleSecurityObject objectClass: organizationalRole cn: <COMMON_NAME_OF_THE_NEW_MONITORING_USER> description: LDAP monitor userPassword: <ENCRYPTED_PASSWORD>ldapadd -x -D <ADMIN_DISTINGUISHED_NAME> -w <ADMIN_PASSWORD> -f cn_monitor.ldif -
Create a
database_monitor.ldiffile and run the following command to configure the monitoring database:dn: olcDatabase={2}Monitor,cn=config objectClass: olcDatabaseConfig objectClass: olcMonitorConfig olcDatabase: {2}Monitor olcAccess: {0}to dn.subtree="cn=Monitor" by dn.base="<NEW_MONITORING_USER_DISTINGUISHED_NAME>" read by * noneldapadd -Y EXTERNAL -H ldapi:/// -f database_monitor.ldif -
To test the monitoring module, run the following command:
ldapsearch -x -D <NEW_MONITORING_USER_DISTINGUISHED_NAME> -w <MONITOR_USER_PASSWORD> -b cn=Uptime,cn=Time,cn=Monitor -s base '(objectClass=*)' '*' '+'
Agent configuration
To enable in-depth metric monitoring, the agent requires the credentials of the monitoring user to access monitoring information.
You can configure it in the agent here: <agent_install_dir>/etc/instana/configuration.yaml:
com.instana.plugin.openldap:
user: '' # distinguished name of monitoring user, like 'cn=Monitor,dc=example,dc=com'
password: '' # password for monitoring user
port: 10389 # default is 389
schemaPath: '/opt/GC/data/slapd.d/' # schema files location
Metrics collection
To view the metrics, select Infrastructure in the sidebar of the Instana User interface, click a specific monitored host, and then you can see a host dashboard with all the collected metrics and monitored processes.
Configuration data
The following table outlines the configuration data that the sensor collects from the OpenLDAP server:
| OpenLDAP server details | Description |
|---|---|
| Version | Version of OpenLDAP |
| Started At | Time when OpenLDAP server started |
| DN | Configured Distinguished Name |
| CN | Configured Common Name |
| Object Class | Configured ObjectClass (collection of attributes) |
| Args file | Command line args with which OpenLDAP was started |
| PID file | Current PID of running OpenLDAP |
| Log Level | Log level of running OpenLDAP |
| Tool Threads | The maximum number of threads to use in tool mode |
Performance metrics
The following table outlines the performance metrics that the sensor collects from the OpenLDAP server:
| OpenLDAP server metrics | Description |
|---|---|
| Operations | Count of all operations Completed/Initiated over db |
| Connections | Count of all connections Total/Current |
| Bytes | Traffic in bytes |
| Entries | Number of entries |
| Pdus | Number of Protocol Data Units |
| Referrals | Number of referrals |
| Waiters Read | The number of threads that are blocked waiting to read data from a client |
| Waiters Write | The number of threads that are blocked waiting to write data to a client |
| Threads Active | Threads (operations) currently active in slapd |
| Threads Pending | Threads (operations) currently pending in slapd |