New announcements for Serverless, Network, RUM, and more from Dash! New announcements from Dash!

OpenLDAP

Agent Check Agent Check

Supported OS: Linux Mac OS Windows

Overview

Use the OpenLDAP integration to get metrics from the cn=Monitor backend of your OpenLDAP servers.

Setup

Follow the instructions below to install and configure this check for an Agent running on a host. For containerized environments, see the Autodiscovery Integration Templates for guidance on applying these instructions.

Installation

The OpenLDAP integration is packaged with the Agent. To start gathering your OpenLDAP metrics, you need to:

  1. Have the cn=Monitor backend configured on your OpenLDAP servers.
  2. Install the Agent on your OpenLDAP servers.

Configuration

Prepare OpenLDAP

If the cn=Monitor backend is not configured on your server, follow these steps:

  1. Check if monitoring is enabled on your installation

      sudo ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=module{0},cn=config
    

    If you see a line with olcModuleLoad: back_monitor.la, monitoring is already enabled, go to step 3.

  2. Enable monitoring on your server

        cat <<EOF | sudo ldapmodify -Y EXTERNAL -H ldapi:///
        dn: cn=module{0},cn=config
        changetype: modify
        add: olcModuleLoad
        olcModuleLoad: back_monitor.la
        EOF
    
  3. Create an encrypted password with slappasswd

  4. Add a new user:

        cat <<EOF | ldapadd -H ldapi:/// -D <YOUR BIND DN HERE> -w <YOUR PASSWORD HERE>
        dn: <USER_DISTINGUISHED_NAME>
        objectClass: simpleSecurityObject
        objectClass: organizationalRole
        cn: <COMMON_NAME_OF_THE_NEW_USER>
        description: LDAP monitor
        userPassword:<PASSWORD>
        EOF
    
  5. Configure the monitor database

        cat <<EOF | sudo ldapadd -Y EXTERNAL -H ldapi:///
        dn: olcDatabase=Monitor,cn=config
        objectClass: olcDatabaseConfig
        objectClass: olcMonitorConfig
        olcDatabase: Monitor
        olcAccess: to dn.subtree='cn=Monitor' by dn.base='<USER_DISTINGUISHED_NAME>' read by * none
        EOF
    

Configure the OpenLDAP integration

Add this configuration block to your openldap.yaml file to start gathering your metrics:

  init_config:

  instances:
      - url: ldaps://localhost
        port: 686
        username: <USER_DISTINGUISHED_NAME>
        password: <PASSWORD>

See the sample openldap.yaml for all available configuration options.

Restart the Agent to begin sending OpenLDAP metrics to Datadog.

Log collection

Available for Agent >6.0

  1. Collecting logs is disabled by default in the Datadog Agent, enable it in your datadog.yaml file:

      logs_enabled: true
  2. Add this configuration block to your openldap.d/conf.yaml file to start collecting your Openldap logs:

      logs:
        - type: file
          path: /var/log/slapd.log
          source: openldap
          service: <SERVICE_NAME>
    

    Change the path and service parameter values and configure them for your environment. See the sample openldap.d/conf.yaml for all available configuration options.

  3. Restart the Agent.

Validation

Run the Agent’s status subcommand and look for openldap under the Checks section.

Compatibility

The check is compatible with all major platforms.

Data Collected

Metrics

openldap.bind_time
(gauge)
Time it takes the check to bind to the OpenLDAP server
shown as second
openldap.connections.current
(gauge)
Current number of active connections
shown as connection
openldap.connections.max_file_descriptors
(gauge)
Maximum number of file descriptors
shown as file
openldap.connections.total
(count)
Total number of connections since the server started
shown as connection
openldap.operations.completed.total
(count)
Total number of operations completed by the server
shown as operation
openldap.operations.initiated.total
(count)
Total number of operations initiated by the server
shown as operation
openldap.operations.completed
(count)
Number of operations completed by the server tagged by operation type
shown as operation
openldap.operations.initiated
(count)
Number of operations initiated by the server tagged by operation type
shown as operation
openldap.statistics.bytes
(count)
Number of bytes sent by the server
shown as byte
openldap.statistics.entries
(count)
Number of entries sent by the server
shown as entry
openldap.statistics.pdu
(count)
Number of PDU packets sent by the server
shown as packet
openldap.statistics.referrals
(count)
Number of referrals sent by the server
shown as message
openldap.threads
(gauge)
Number of threads started by the server tagged by state
shown as thread
openldap.threads.max
(gauge)
Maximum number of threads as configured
shown as thread
openldap.threads.max_pending
(gauge)
Maximum number of pending threads
shown as thread
openldap.uptime
(gauge)
Uptime of the server
shown as second
openldap.waiter.read
(gauge)
Number of current read waiters
shown as worker
openldap.waiter.write
(gauge)
Number of current writer waiters
shown as worker
openldap.query.duration
(gauge)
Time it takes to execute the query
shown as second
openldap.query.entries
(gauge)
Number of entries returned by the query
shown as entry

Events

The openldap check does not include any events.

Service Checks

openldap.can_connect:
Returns CRITICAL if the integration cannot bind to the monitored OpenLDAP server, otherwise returns OK.

Troubleshooting

Need help? Contact Datadog support.


Mistake in the docs? Feel free to contribute!