Use the OpenLDAP integration to get metrics from the cn=Monitor
backend of your OpenLDAP servers.
The OpenLDAP integration is packaged with the Agent. To start gathering your OpenLDAP metrics:
Have the cn=Monitor
backend configured on your OpenLDAP servers. Install the Agent on your OpenLDAP servers.If the cn=Monitor
backend is not configured on your server, follow these steps:
Check if monitoring is enabled on your installation:
sudo ldapsearch -Y EXTERNAL -H ldapi:/// -b cn = module{ 0} ,cn= config
Copy
If you see a line with olcModuleLoad: back_monitor.la
, monitoring is already enabled, go to step 3.
Enable monitoring on your server:
cat <<EOF | sudo ldapmodify -Y EXTERNAL -H ldapi:///
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: back_monitor.la
EOF
Create an encrypted password with slappasswd
.
Add a new user:
cat <<EOF | ldapadd -H ldapi:/// -D <YOUR BIND DN HERE> -w <YOUR PASSWORD HERE>
dn: <USER_DISTINGUISHED_NAME>
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: <COMMON_NAME_OF_THE_NEW_USER>
description: LDAP monitor
userPassword:<PASSWORD>
EOF
Configure the monitor database:
cat <<EOF | sudo ldapadd -Y EXTERNAL -H ldapi:///
dn: olcDatabase=Monitor,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMonitorConfig
olcDatabase: Monitor
olcAccess: to dn.subtree='cn=Monitor' by dn.base='<USER_DISTINGUISHED_NAME>' read by * none
EOF
To configure this check for an Agent running on a host:
Metric collection Edit your openldap.d/conf.yaml
in the conf.d
folder at the root of your Agent’s configuration directory. See the sample openldap.d/conf.yaml for all available configuration options.
init_config :
instances :
## @param url - string - required
## Full URL of your ldap server. Use `ldaps` or `ldap` as the scheme to
## use TLS or not, or `ldapi` to connect to a UNIX socket.
#
- url : ldaps://localhost:636
## @param username - string - optional
## The DN of the user that can read the monitor database.
#
username : "<USER_DISTINGUISHED_NAME>"
## @param password - string - optional
## Password associated with `username`
#
password : "<PASSWORD>"
Copy
Restart the Agent .
Log collection Available for Agent versions >6.0
Collecting logs is disabled by default in the Datadog Agent. Enable it in your datadog.yaml
file:
Add this configuration block to your openldap.d/conf.yaml
file to start collecting your OpenLDAP logs:
logs :
- type : file
path : /var/log/slapd.log
source : openldap
service : "<SERVICE_NAME>"
Copy
Change the path
and service
parameter values and configure them for your environment. See the sample openldap.d/conf.yaml for all available configuration options.
Restart the Agent .
Metric collection For containerized environments, see the Autodiscovery Integration Templates for guidance on applying the parameters below.
Parameter Value <INTEGRATION_NAME>
openldap
<INIT_CONFIG>
blank or {}
<INSTANCE_CONFIG>
{"url":"ldaps://%%host%%:636","username":"<USER_DISTINGUISHED_NAME>","password":"<PASSWORD>"}
Log collection Available for Agent versions >6.0
Collecting logs is disabled by default in the Datadog Agent. To enable it, see Kubernetes Log Collection .
Parameter Value <LOG_CONFIG>
{"source": "openldap", "service": "<SERVICE_NAME>"}
Run the Agent’s status subcommand and look for openldap
under the Checks section.
The check is compatible with all major platforms.
openldap.bind_time (gauge)Time it takes the check to bind to the OpenLDAP serverShown as second openldap.connections.current (gauge)Current number of active connectionsShown as connection openldap.connections.max_file_descriptors (gauge)Maximum number of file descriptorsShown as file openldap.connections.total (count)Total number of connections since the server startedShown as connection openldap.operations.completed (count)Number of operations completed by the server tagged by operation typeShown as operation openldap.operations.completed.total (count)Total number of operations completed by the serverShown as operation openldap.operations.initiated (count)Number of operations initiated by the server tagged by operation typeShown as operation openldap.operations.initiated.total (count)Total number of operations initiated by the serverShown as operation openldap.query.duration (gauge)Time it takes to execute the queryShown as second openldap.query.entries (gauge)Number of entries returned by the queryShown as entry openldap.statistics.bytes (count)Number of bytes sent by the serverShown as byte openldap.statistics.entries (count)Number of entries sent by the serverShown as entry openldap.statistics.pdu (count)Number of PDU packets sent by the serverShown as packet openldap.statistics.referrals (count)Number of referrals sent by the serverShown as message openldap.threads (gauge)Number of threads started by the server tagged by stateShown as thread openldap.threads.max (gauge)Maximum number of threads as configuredShown as thread openldap.threads.max_pending (gauge)Maximum number of pending threadsShown as thread openldap.uptime (gauge)Uptime of the serverShown as second openldap.waiter.read (gauge)Number of current read waitersShown as worker openldap.waiter.write (gauge)Number of current writer waitersShown as worker
The openldap check does not include any events.
openldap.can_connect Returns CRITICAL
if the integration cannot bind to the monitored OpenLDAP server, OK
otherwise.Statuses: ok, critical
Need help? Contact Datadog support .