Monitoring OpenLDAP

The OpenLDAP sensor is automatically deployed and installed after you install the Instana agent.

Configuration

It is a prerequisite that the OpenLDAP monitoring module is enabled and configured.

OpenLDAP configuration

  1. Check if your monitoring module is enabled on your OpenLDAP installation:

    ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=module{0},cn=config"  
    

    If olcModuleLoad: {1}back_monitor is included in the response, the monitoring module is enabled. You can skip to step 3.

  2. To enable the monitoring module, create a module_monitoring.ldif file and run the command:

    dn: cn=module{0},cn=config
    changetype: modify
    add: olcModuleLoad
    olcModuleLoad: {1}back_monitor
    
    ldapmodify -Y EXTERNAL -H ldapi:/// -f module_monitor.ldif
    
  3. Create an encrypted password for the monitoring user:

    slappasswd -s <MONITOR_USER_PASSWORD>
    
  4. Create a cn_monitor.ldif file and run the following command to add the monitoring user:

    dn: <NEW_MONITORING_USER_DISTINGUISHED_NAME>
    objectClass: simpleSecurityObject
    objectClass: organizationalRole
    cn: <COMMON_NAME_OF_THE_NEW_MONITORING_USER>
    description: LDAP monitor
    userPassword: <ENCRYPTED_PASSWORD>
    
    ldapadd -x -D <ADMIN_DISTINGUISHED_NAME> -w <ADMIN_PASSWORD> -f cn_monitor.ldif
    
  5. Create a database_monitor.ldif file and run the following command to configure the monitoring database:

    dn: olcDatabase={2}Monitor,cn=config
    objectClass: olcDatabaseConfig
    objectClass: olcMonitorConfig
    olcDatabase: {2}Monitor
    olcAccess: {0}to dn.subtree="cn=Monitor" by dn.base="<NEW_MONITORING_USER_DISTINGUISHED_NAME>" read by * none
    
    ldapadd -Y EXTERNAL -H ldapi:/// -f database_monitor.ldif
    
  6. To test the monitoring module, run the following command:

    ldapsearch -x -D <NEW_MONITORING_USER_DISTINGUISHED_NAME> -w <MONITOR_USER_PASSWORD> -b cn=Uptime,cn=Time,cn=Monitor -s base '(objectClass=*)' '*' '+'
    

Agent configuration

To enable in-depth metric monitoring, the agent requires the credentials of the monitoring user to access monitoring information.

You can configure it in the agent here: <agent_install_dir>/etc/instana/configuration.yaml:

com.instana.plugin.openldap:
  user: '' # distinguished name of monitoring user, like 'cn=Monitor,dc=example,dc=com'
  password: '' # password for monitoring user
  port: 10389 # default is 389
  schemaPath: '/opt/GC/data/slapd.d/' # schema files location

Metrics collection

To view the metrics, select Infrastructure in the sidebar of the Instana User interface, click a specific monitored host, and then you can see a host dashboard with all the collected metrics and monitored processes.

Configuration data

OpenLDAP Server Details Description
Started At Time when OpenLDAP server started.
DN Configured Distinguished Name.
CN Configured Common Name.
Object Class Configured ObjectClass (collection of attributes).
Args file Command line args with wich OpenLDAP was started.
PID file Current PID of running OpenLDAP.
Log Level Log level of running OpenLDAP.
Tool Threads The maximum number of threads to use in tool mode.

Performance metrics

OpenLDAP Server Metrics Description
Operations Count of all operations Completed/Initiated over db.
Connections Count of all connections Total/Current.
Bytes Traffic in bytes.
Entries Number of entries.
Pdus Number of Protocol Data Unit(s).
Referrals Number of referrals.
Waiters Read The number of threads blocked waiting to read data from a client.
Waiters Write The number of threads blocked waiting to write data to a client.
Threads Active Threads (operations) currently active in slapd.
Threads Pending Threads (operations) currently pending in slapd.