1Smokeping_probes_LDAP(3) SmokePing Smokeping_probes_LDAP(3)
2
3
4
6 Smokeping::probes::LDAP - a LDAP probe for SmokePing
7
9 Measures LDAP search latency for SmokePing
10
12 *** Probes ***
13
14 +LDAP
15
16 forks = 5
17 offset = 50%
18 passwordfile = /some/place/secret
19 step = 300
20
21 # The following variables can be overridden in each target section
22 attrs = uid,someotherattr
23 base = dc=foo,dc=bar
24 binddn = uid=testuser,dc=foo,dc=bar
25 filter = uid=testuser # mandatory
26 mininterval = 1
27 password = mypass
28 pings = 5
29 port = 389
30 scheme = ldap
31 scope = one
32 start_tls = 1
33 timeout = 10
34 verify = optional
35 version = 3
36
37 # [...]
38
39 *** Targets ***
40
41 probe = LDAP # if this should be the default probe
42
43 # [...]
44
45 + mytarget
46 # probe = LDAP # if the default probe is something else
47 host = my.host
48 attrs = uid,someotherattr
49 base = dc=foo,dc=bar
50 binddn = uid=testuser,dc=foo,dc=bar
51 filter = uid=testuser # mandatory
52 mininterval = 1
53 password = mypass
54 pings = 5
55 port = 389
56 scheme = ldap
57 scope = one
58 start_tls = 1
59 timeout = 10
60 verify = optional
61 version = 3
62
64 This probe measures LDAP query latency for SmokePing. The query is
65 specified by the target-specific variable `filter' and, optionally, by
66 the target-specific variable `base'. The attributes queried can be
67 specified in the comma-separated list `attrs'.
68
69 The TCP port of the LDAP server and the LDAP version to be used can be
70 specified by the variables `port' and `version'.
71
72 The probe can issue the starttls command to convert the connection into
73 encrypted mode, if so instructed by the `start_tls' variable. This
74 requires the 'IO::Socket::SSL' perl module to be installed.
75
76 The probe can also optionally do an authenticated LDAP bind, if the
77 `binddn' variable is present. The password to be used can be specified
78 by the target-specific variable `password' or in an external file. The
79 location of this file is given in the probe-specific variable
80 `passwordfile'. See Smokeping::probes::passwordchecker(3pm) for the
81 format of this file (summary: colon-separated triplets of the form
82 `<host>:<bind-dn>:<password>')
83
84 The probe tries to be nice to the server and does not send
85 authentication requests more frequently than once every X seconds,
86 where X is the value of the target-specific "min_interval" variable (1
87 by default).
88
90 Supported probe-specific variables:
91
92 forks
93 Run this many concurrent processes at maximum
94
95 Example value: 5
96
97 Default value: 5
98
99 offset
100 If you run many probes concurrently you may want to prevent them
101 from hitting your network all at the same time. Using the probe-
102 specific offset parameter you can change the point in time when
103 each probe will be run. Offset is specified in % of total interval,
104 or alternatively as 'random', and the offset from the 'General'
105 section is used if nothing is specified here. Note that this does
106 NOT influence the rrds itself, it is just a matter of when data
107 acqusition is initiated. (This variable is only applicable if the
108 variable 'concurrentprobes' is set in the 'General' section.)
109
110 Example value: 50%
111
112 passwordfile
113 Location of the file containing usernames and passwords.
114
115 Example value: /some/place/secret
116
117 step
118 Duration of the base interval that this probe should use, if
119 different from the one specified in the 'Database' section. Note
120 that the step in the RRD files is fixed when they are originally
121 generated, and if you change the step parameter afterwards, you'll
122 have to delete the old RRD files or somehow convert them. (This
123 variable is only applicable if the variable 'concurrentprobes' is
124 set in the 'General' section.)
125
126 Example value: 300
127
128 Supported target-specific variables:
129
130 attrs
131 The attributes queried.
132
133 Example value: uid,someotherattr
134
135 base
136 The base to be used in the LDAP query
137
138 Example value: dc=foo,dc=bar
139
140 binddn
141 If present, authenticate the LDAP bind with this DN.
142
143 Example value: uid=testuser,dc=foo,dc=bar
144
145 filter
146 The actual search to be made
147
148 Example value: uid=testuser
149
150 This setting is mandatory.
151
152 mininterval
153 The minimum interval between each query sent, in (possibly
154 fractional) second s.
155
156 Default value: 1
157
158 password
159 The password to be used, if not present in <passwordfile>.
160
161 Example value: mypass
162
163 pings
164 How many pings should be sent to each target, if different from the
165 global value specified in the Database section. Note that the
166 number of pings in the RRD files is fixed when they are originally
167 generated, and if you change this parameter afterwards, you'll have
168 to delete the old RRD files or somehow convert them.
169
170 Example value: 5
171
172 port
173 TCP port of the LDAP server
174
175 Example value: 389
176
177 scheme
178 LDAP scheme to use: ldap, ldaps or ldapi
179
180 Example value: ldap
181
182 Default value: ldap
183
184 scope
185 The scope of the query. Can be either 'base', 'one' or 'sub'. See
186 the Net::LDAP documentation for details.
187
188 Example value: one
189
190 Default value: sub
191
192 start_tls
193 If true, encrypt the connection with the starttls command. Disabled
194 by default.
195
196 Example value: 1
197
198 timeout
199 LDAP query timeout in seconds.
200
201 Example value: 10
202
203 Default value: 5
204
205 verify
206 The TLS verification level. Can be either 'none', 'optional',
207 'require'. See the Net::LDAPS documentation for details.
208
209 Example value: optional
210
211 Default value: require
212
213 version
214 The LDAP version to be used.
215
216 Example value: 3
217
219 Niko Tyni <ntyni@iki.fi>
220
222 There should be a way of specifying TLS options, such as the
223 certificates involved etc.
224
225 The probe has an ugly way of working around the fact that the
226 IO::Socket::SSL class complains if start_tls() is done more than once
227 in the same program. But It Works For Me (tm).
228
229
230
2312.7.3 2021-03-11 Smokeping_probes_LDAP(3)