1Smokeping_probes_LDAP(3)           SmokePing          Smokeping_probes_LDAP(3)
2
3
4

NAME

6       Smokeping::probes::LDAP - a LDAP probe for SmokePing
7

OVERVIEW

9       Measures LDAP search latency for SmokePing
10

SYNOPSIS

12        *** Probes ***
13
14        +LDAP
15
16        forks = 5
17        offset = 50%
18        passwordfile = /some/place/secret
19        step = 300
20
21        # The following variables can be overridden in each target section
22        attrs = uid,someotherattr
23        base = dc=foo,dc=bar
24        binddn = uid=testuser,dc=foo,dc=bar
25        filter = uid=testuser # mandatory
26        mininterval = 1
27        password = mypass
28        pings = 5
29        port = 389
30        scheme = ldap
31        scope = one
32        start_tls = 1
33        timeout = 10
34        verify = optional
35        version = 3
36
37        # [...]
38
39        *** Targets ***
40
41        probe = LDAP # if this should be the default probe
42
43        # [...]
44
45        + mytarget
46        # probe = LDAP # if the default probe is something else
47        host = my.host
48        attrs = uid,someotherattr
49        base = dc=foo,dc=bar
50        binddn = uid=testuser,dc=foo,dc=bar
51        filter = uid=testuser # mandatory
52        mininterval = 1
53        password = mypass
54        pings = 5
55        port = 389
56        scheme = ldap
57        scope = one
58        start_tls = 1
59        timeout = 10
60        verify = optional
61        version = 3
62

DESCRIPTION

64       This probe measures LDAP query latency for SmokePing.  The query is
65       specified by the target-specific variable `filter' and, optionally, by
66       the target-specific variable `base'. The attributes queried can be
67       specified in the comma-separated list `attrs'.
68
69       The TCP port of the LDAP server and the LDAP version to be used can be
70       specified by the variables `port' and `version'.
71
72       The probe can issue the starttls command to convert the connection into
73       encrypted mode, if so instructed by the `start_tls' variable.  This
74       requires the 'IO::Socket::SSL' perl module to be installed.
75
76       The probe can also optionally do an authenticated LDAP bind, if the
77       `binddn' variable is present. The password to be used can be specified
78       by the target-specific variable `password' or in an external file.  The
79       location of this file is given in the probe-specific variable
80       `passwordfile'. See Smokeping::probes::passwordchecker(3pm) for the
81       format of this file (summary: colon-separated triplets of the form
82       `<host>:<bind-dn>:<password>')
83
84       The probe tries to be nice to the server and does not send
85       authentication requests more frequently than once every X seconds,
86       where X is the value of the target-specific "min_interval" variable (1
87       by default).
88

VARIABLES

90       Supported probe-specific variables:
91
92       forks
93           Run this many concurrent processes at maximum
94
95           Example value: 5
96
97           Default value: 5
98
99       offset
100           If you run many probes concurrently you may want to prevent them
101           from hitting your network all at the same time. Using the probe-
102           specific offset parameter you can change the point in time when
103           each probe will be run. Offset is specified in % of total interval,
104           or alternatively as 'random', and the offset from the 'General'
105           section is used if nothing is specified here. Note that this does
106           NOT influence the rrds itself, it is just a matter of when data
107           acqusition is initiated.  (This variable is only applicable if the
108           variable 'concurrentprobes' is set in the 'General' section.)
109
110           Example value: 50%
111
112       passwordfile
113           Location of the file containing usernames and passwords.
114
115           Example value: /some/place/secret
116
117       step
118           Duration of the base interval that this probe should use, if
119           different from the one specified in the 'Database' section. Note
120           that the step in the RRD files is fixed when they are originally
121           generated, and if you change the step parameter afterwards, you'll
122           have to delete the old RRD files or somehow convert them. (This
123           variable is only applicable if the variable 'concurrentprobes' is
124           set in the 'General' section.)
125
126           Example value: 300
127
128       Supported target-specific variables:
129
130       attrs
131           The attributes queried.
132
133           Example value: uid,someotherattr
134
135       base
136           The base to be used in the LDAP query
137
138           Example value: dc=foo,dc=bar
139
140       binddn
141           If present, authenticate the LDAP bind with this DN.
142
143           Example value: uid=testuser,dc=foo,dc=bar
144
145       filter
146           The actual search to be made
147
148           Example value: uid=testuser
149
150           This setting is mandatory.
151
152       mininterval
153           The minimum interval between each query sent, in (possibly
154           fractional) second s.
155
156           Default value: 1
157
158       password
159           The password to be used, if not present in <passwordfile>.
160
161           Example value: mypass
162
163       pings
164           How many pings should be sent to each target, if different from the
165           global value specified in the Database section. Note that the
166           number of pings in the RRD files is fixed when they are originally
167           generated, and if you change this parameter afterwards, you'll have
168           to delete the old RRD files or somehow convert them.
169
170           Example value: 5
171
172       port
173           TCP port of the LDAP server
174
175           Example value: 389
176
177       scheme
178           LDAP scheme to use: ldap, ldaps or ldapi
179
180           Example value: ldap
181
182           Default value: ldap
183
184       scope
185           The scope of the query. Can be either 'base', 'one' or 'sub'. See
186           the Net::LDAP documentation for details.
187
188           Example value: one
189
190           Default value: sub
191
192       start_tls
193           If true, encrypt the connection with the starttls command. Disabled
194           by default.
195
196           Example value: 1
197
198       timeout
199           LDAP query timeout in seconds.
200
201           Example value: 10
202
203           Default value: 5
204
205       verify
206           The TLS verification level. Can be either 'none', 'optional',
207           'require'. See the Net::LDAPS documentation for details.
208
209           Example value: optional
210
211           Default value: require
212
213       version
214           The LDAP version to be used.
215
216           Example value: 3
217

AUTHORS

219       Niko Tyni <ntyni@iki.fi>
220

BUGS

222       There should be a way of specifying TLS options, such as the
223       certificates involved etc.
224
225       The probe has an ugly way of working around the fact that the
226       IO::Socket::SSL class complains if start_tls() is done more than once
227       in the same program. But It Works For Me (tm).
228
229
230
2312.7.3                             2021-03-11          Smokeping_probes_LDAP(3)
Impressum