1Smokeping_probes_LDAP(3) SmokePing Smokeping_probes_LDAP(3)
2
6 Smokeping::probes::LDAP - a LDAP probe for SmokePing
7
9 Measures LDAP search latency for SmokePing
10
12 *** Probes ***
13 +LDAP
15 forks = 5
17 offset = 50%
18 passwordfile = /some/place/secret
19 step = 300
20 # The following variables can be overridden in each target section
22 attrs = uid,someotherattr
23 base = dc=foo,dc=bar
24 binddn = uid=testuser,dc=foo,dc=bar
25 filter = uid=testuser # mandatory
26 mininterval = 1
27 password = mypass
28 pings = 5
29 port = 389
30 scheme = ldap
31 scope = one
32 start_tls = 1
33 timeout = 10
34 verify = optional
35 version = 3
36 # [...]
38 *** Targets ***
40 probe = LDAP # if this should be the default probe
42 # [...]
44 + mytarget
46 # probe = LDAP # if the default probe is something else
47 host = my.host
48 attrs = uid,someotherattr
49 base = dc=foo,dc=bar
50 binddn = uid=testuser,dc=foo,dc=bar
51 filter = uid=testuser # mandatory
52 mininterval = 1
53 password = mypass
54 pings = 5
55 port = 389
56 scheme = ldap
57 scope = one
58 start_tls = 1
59 timeout = 10
60 verify = optional
61 version = 3
62
64 This probe measures LDAP query latency for SmokePing. The query is
65 specified by the target-specific variable `filter' and, optionally, by
66 the target-specific variable `base'. The attributes queried can be
67 specified in the comma-separated list `attrs'.
68 The TCP port of the LDAP server and the LDAP version to be used can be
70 specified by the variables `port' and `version'.
71 The probe can issue the starttls command to convert the connection into
73 encrypted mode, if so instructed by the `start_tls' variable. This
74 requires the 'IO::Socket::SSL' perl module to be installed.
75 The probe can also optionally do an authenticated LDAP bind, if the
77 `binddn' variable is present. The password to be used can be specified
78 by the target-specific variable `password' or in an external file. The
79 location of this file is given in the probe-specific variable
80 `passwordfile'. See Smokeping::probes::passwordchecker(3pm) for the
81 format of this file (summary: colon-separated triplets of the form
82 `<host>:<bind-dn>:<password>')
83 The probe tries to be nice to the server and does not send
85 authentication requests more frequently than once every X seconds,
86 where X is the value of the target-specific "min_interval" variable (1
87 by default).
88
90 Supported probe-specific variables:
91 forks
93 Run this many concurrent processes at maximum
94 Example value: 5
96 Default value: 5
98 offset
100 If you run many probes concurrently you may want to prevent them
101 from hitting your network all at the same time. Using the probe-
102 specific offset parameter you can change the point in time when
103 each probe will be run. Offset is specified in % of total interval,
104 or alternatively as 'random', and the offset from the 'General'
105 section is used if nothing is specified here. Note that this does
106 NOT influence the rrds itself, it is just a matter of when data
107 acqusition is initiated. (This variable is only applicable if the
108 variable 'concurrentprobes' is set in the 'General' section.)
109 Example value: 50%
111 passwordfile
113 Location of the file containing usernames and passwords.
114 Example value: /some/place/secret
116 step
118 Duration of the base interval that this probe should use, if
119 different from the one specified in the 'Database' section. Note
120 that the step in the RRD files is fixed when they are originally
121 generated, and if you change the step parameter afterwards, you'll
122 have to delete the old RRD files or somehow convert them. (This
123 variable is only applicable if the variable 'concurrentprobes' is
124 set in the 'General' section.)
125 Example value: 300
127 Supported target-specific variables:
129 attrs
131 The attributes queried.
132 Example value: uid,someotherattr
134 base
136 The base to be used in the LDAP query
137 Example value: dc=foo,dc=bar
139 binddn
141 If present, authenticate the LDAP bind with this DN.
142 Example value: uid=testuser,dc=foo,dc=bar
144 filter
146 The actual search to be made
147 Example value: uid=testuser
149 This setting is mandatory.
151 mininterval
153 The minimum interval between each query sent, in (possibly
154 fractional) second s.
155 Default value: 1
157 password
159 The password to be used, if not present in <passwordfile>.
160 Example value: mypass
162 pings
164 How many pings should be sent to each target, if different from the
165 global value specified in the Database section. Note that the
166 number of pings in the RRD files is fixed when they are originally
167 generated, and if you change this parameter afterwards, you'll have
168 to delete the old RRD files or somehow convert them.
169 Example value: 5
171 port
173 TCP port of the LDAP server
174 Example value: 389
176 scheme
178 LDAP scheme to use: ldap, ldaps or ldapi
179 Example value: ldap
181 Default value: ldap
183 scope
185 The scope of the query. Can be either 'base', 'one' or 'sub'. See
186 the Net::LDAP documentation for details.
187 Example value: one
189 Default value: sub
191 start_tls
193 If true, encrypt the connection with the starttls command. Disabled
194 by default.
195 Example value: 1
197 timeout
199 LDAP query timeout in seconds.
200 Example value: 10
202 Default value: 5
204 verify
206 The TLS verification level. Can be either 'none', 'optional',
207 'require'. See the Net::LDAPS documentation for details.
208 Example value: optional
210 Default value: require
212 version
214 The LDAP version to be used.
215 Example value: 3
217
219 Niko Tyni <ntyni@iki.fi>
220
222 There should be a way of specifying TLS options, such as the
223 certificates involved etc.
224 The probe has an ugly way of working around the fact that the
226 IO::Socket::SSL class complains if start_tls() is done more than once
227 in the same program. But It Works For Me (tm).
2282.7.2 2019-02-02 Smokeping_probes_LDAP(3)