- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Supported OS
Use the OpenLDAP integration to get metrics from the cn=Monitor
backend of your OpenLDAP servers.
The OpenLDAP integration is packaged with the Agent. To start gathering your OpenLDAP metrics:
cn=Monitor
backend configured on your OpenLDAP servers.If the cn=Monitor
backend is not configured on your server, follow these steps:
Check if monitoring is enabled on your installation:
sudo ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=module{0},cn=config
If you see a line with olcModuleLoad: back_monitor.la
, monitoring is already enabled, go to step 3.
Enable monitoring on your server:
cat <<EOF | sudo ldapmodify -Y EXTERNAL -H ldapi:///
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: back_monitor.la
EOF
Create an encrypted password with slappasswd
.
Add a new user:
cat <<EOF | ldapadd -H ldapi:/// -D <YOUR BIND DN HERE> -w <YOUR PASSWORD HERE>
dn: <USER_DISTINGUISHED_NAME>
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: <COMMON_NAME_OF_THE_NEW_USER>
description: LDAP monitor
userPassword:<PASSWORD>
EOF
Configure the monitor database:
cat <<EOF | sudo ldapadd -Y EXTERNAL -H ldapi:///
dn: olcDatabase=Monitor,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMonitorConfig
olcDatabase: Monitor
olcAccess: to dn.subtree='cn=Monitor' by dn.base='<USER_DISTINGUISHED_NAME>' read by * none
EOF
To configure this check for an Agent running on a host:
Edit your openldap.d/conf.yaml
in the conf.d
folder at the root of your Agent’s configuration directory. See the sample openldap.d/conf.yaml for all available configuration options.
init_config:
instances:
## @param url - string - required
## Full URL of your ldap server. Use `ldaps` or `ldap` as the scheme to
## use TLS or not, or `ldapi` to connect to a UNIX socket.
#
- url: ldaps://localhost:636
## @param username - string - optional
## The DN of the user that can read the monitor database.
#
username: "<USER_DISTINGUISHED_NAME>"
## @param password - string - optional
## Password associated with `username`
#
password: "<PASSWORD>"
Available for Agent versions >6.0
Collecting logs is disabled by default in the Datadog Agent. Enable it in your datadog.yaml
file:
logs_enabled: true
Add this configuration block to your openldap.d/conf.yaml
file to start collecting your OpenLDAP logs:
logs:
- type: file
path: /var/log/slapd.log
source: openldap
service: "<SERVICE_NAME>"
Change the path
and service
parameter values and configure them for your environment. See the sample openldap.d/conf.yaml for all available configuration options.
For containerized environments, see the Autodiscovery Integration Templates for guidance on applying the parameters below.
Parameter | Value |
---|---|
<INTEGRATION_NAME> | openldap |
<INIT_CONFIG> | blank or {} |
<INSTANCE_CONFIG> | {"url":"ldaps://%%host%%:636","username":"<USER_DISTINGUISHED_NAME>","password":"<PASSWORD>"} |
Available for Agent versions >6.0
Collecting logs is disabled by default in the Datadog Agent. To enable it, see Kubernetes Log Collection.
Parameter | Value |
---|---|
<LOG_CONFIG> | {"source": "openldap", "service": "<SERVICE_NAME>"} |
Run the Agent’s status subcommand and look for openldap
under the Checks section.
The check is compatible with all major platforms.
openldap.bind_time (gauge) | Time it takes the check to bind to the OpenLDAP server Shown as second |
openldap.connections.current (gauge) | Current number of active connections Shown as connection |
openldap.connections.max_file_descriptors (gauge) | Maximum number of file descriptors Shown as file |
openldap.connections.total (count) | Total number of connections since the server started Shown as connection |
openldap.operations.completed (count) | Number of operations completed by the server tagged by operation type Shown as operation |
openldap.operations.completed.total (count) | Total number of operations completed by the server Shown as operation |
openldap.operations.initiated (count) | Number of operations initiated by the server tagged by operation type Shown as operation |
openldap.operations.initiated.total (count) | Total number of operations initiated by the server Shown as operation |
openldap.query.duration (gauge) | Time it takes to execute the query Shown as second |
openldap.query.entries (gauge) | Number of entries returned by the query Shown as entry |
openldap.statistics.bytes (count) | Number of bytes sent by the server Shown as byte |
openldap.statistics.entries (count) | Number of entries sent by the server Shown as entry |
openldap.statistics.pdu (count) | Number of PDU packets sent by the server Shown as packet |
openldap.statistics.referrals (count) | Number of referrals sent by the server Shown as message |
openldap.threads (gauge) | Number of threads started by the server tagged by state Shown as thread |
openldap.threads.max (gauge) | Maximum number of threads as configured Shown as thread |
openldap.threads.max_pending (gauge) | Maximum number of pending threads Shown as thread |
openldap.uptime (gauge) | Uptime of the server Shown as second |
openldap.waiter.read (gauge) | Number of current read waiters Shown as worker |
openldap.waiter.write (gauge) | Number of current writer waiters Shown as worker |
The openldap check does not include any events.
openldap.can_connect
Returns CRITICAL
if the integration cannot bind to the monitored OpenLDAP server, OK
otherwise.
Statuses: ok, critical
Need help? Contact Datadog support.