1Smokeping_probes_LDAP(3) SmokePing Smokeping_probes_LDAP(3)
2
3
4
6 Smokeping::probes::LDAP - a LDAP probe for SmokePing
7
9 Measures LDAP search latency for SmokePing
10
12 *** Probes ***
13
14 +LDAP
15
16 forks = 5
17 offset = 50%
18 passwordfile = /some/place/secret
19 step = 300
20
21 # The following variables can be overridden in each target section
22 /^influx_.+/ = influx_location = In the basement
23 attrs = uid,someotherattr
24 base = dc=foo,dc=bar
25 binddn = uid=testuser,dc=foo,dc=bar
26 filter = uid=testuser # mandatory
27 mininterval = 1
28 password = mypass
29 pings = 5
30 port = 389
31 scheme = ldap
32 scope = one
33 start_tls = 1
34 timeout = 10
35 verify = optional
36 version = 3
37
38 # [...]
39
40 *** Targets ***
41
42 probe = LDAP # if this should be the default probe
43
44 # [...]
45
46 + mytarget
47 # probe = LDAP # if the default probe is something else
48 host = my.host
49 /^influx_.+/ = influx_location = In the basement
50 attrs = uid,someotherattr
51 base = dc=foo,dc=bar
52 binddn = uid=testuser,dc=foo,dc=bar
53 filter = uid=testuser # mandatory
54 mininterval = 1
55 password = mypass
56 pings = 5
57 port = 389
58 scheme = ldap
59 scope = one
60 start_tls = 1
61 timeout = 10
62 verify = optional
63 version = 3
64
66 This probe measures LDAP query latency for SmokePing. The query is
67 specified by the target-specific variable `filter' and, optionally, by
68 the target-specific variable `base'. The attributes queried can be
69 specified in the comma-separated list `attrs'.
70
71 The TCP port of the LDAP server and the LDAP version to be used can be
72 specified by the variables `port' and `version'.
73
74 The probe can issue the starttls command to convert the connection into
75 encrypted mode, if so instructed by the `start_tls' variable. This
76 requires the 'IO::Socket::SSL' perl module to be installed.
77
78 The probe can also optionally do an authenticated LDAP bind, if the
79 `binddn' variable is present. The password to be used can be specified
80 by the target-specific variable `password' or in an external file. The
81 location of this file is given in the probe-specific variable
82 `passwordfile'. See Smokeping::probes::passwordchecker(3pm) for the
83 format of this file (summary: colon-separated triplets of the form
84 `<host>:<bind-dn>:<password>')
85
86 The probe tries to be nice to the server and does not send
87 authentication requests more frequently than once every X seconds,
88 where X is the value of the target-specific "min_interval" variable (1
89 by default).
90
92 Supported probe-specific variables:
93
94 forks
95 Run this many concurrent processes at maximum
96
97 Example value: 5
98
99 Default value: 5
100
101 offset
102 If you run many probes concurrently you may want to prevent them
103 from hitting your network all at the same time. Using the probe-
104 specific offset parameter you can change the point in time when
105 each probe will be run. Offset is specified in % of total interval,
106 or alternatively as 'random', and the offset from the 'General'
107 section is used if nothing is specified here. Note that this does
108 NOT influence the rrds itself, it is just a matter of when data
109 acquisition is initiated. (This variable is only applicable if the
110 variable 'concurrentprobes' is set in the 'General' section.)
111
112 Example value: 50%
113
114 passwordfile
115 Location of the file containing usernames and passwords.
116
117 Example value: /some/place/secret
118
119 step
120 Duration of the base interval that this probe should use, if
121 different from the one specified in the 'Database' section. Note
122 that the step in the RRD files is fixed when they are originally
123 generated, and if you change the step parameter afterwards, you'll
124 have to delete the old RRD files or somehow convert them. (This
125 variable is only applicable if the variable 'concurrentprobes' is
126 set in the 'General' section.)
127
128 Example value: 300
129
130 Supported target-specific variables:
131
132 /^influx_.+/
133 This is a tag that will be sent to influxdb and has no impact on
134 the probe measurement. The tag name will be sent without the
135 "influx_" prefix, which will be replaced with "tag_" instead. Tags
136 can be used for filtering.
137
138 Example value: influx_location = In the basement
139
140 attrs
141 The attributes queried.
142
143 Example value: uid,someotherattr
144
145 base
146 The base to be used in the LDAP query
147
148 Example value: dc=foo,dc=bar
149
150 binddn
151 If present, authenticate the LDAP bind with this DN.
152
153 Example value: uid=testuser,dc=foo,dc=bar
154
155 filter
156 The actual search to be made
157
158 Example value: uid=testuser
159
160 This setting is mandatory.
161
162 mininterval
163 The minimum interval between each query sent, in (possibly
164 fractional) second s.
165
166 Default value: 1
167
168 password
169 The password to be used, if not present in <passwordfile>.
170
171 Example value: mypass
172
173 pings
174 How many pings should be sent to each target, if different from the
175 global value specified in the Database section. Note that the
176 number of pings in the RRD files is fixed when they are originally
177 generated, and if you change this parameter afterwards, you'll have
178 to delete the old RRD files or somehow convert them.
179
180 Example value: 5
181
182 port
183 TCP port of the LDAP server
184
185 Example value: 389
186
187 scheme
188 LDAP scheme to use: ldap, ldaps or ldapi
189
190 Example value: ldap
191
192 Default value: ldap
193
194 scope
195 The scope of the query. Can be either 'base', 'one' or 'sub'. See
196 the Net::LDAP documentation for details.
197
198 Example value: one
199
200 Default value: sub
201
202 start_tls
203 If true, encrypt the connection with the starttls command. Disabled
204 by default.
205
206 Example value: 1
207
208 timeout
209 LDAP query timeout in seconds.
210
211 Example value: 10
212
213 Default value: 5
214
215 verify
216 The TLS verification level. Can be either 'none', 'optional',
217 'require'. See the Net::LDAPS documentation for details.
218
219 Example value: optional
220
221 Default value: require
222
223 version
224 The LDAP version to be used.
225
226 Example value: 3
227
229 Niko Tyni <ntyni@iki.fi>
230
232 There should be a way of specifying TLS options, such as the
233 certificates involved etc.
234
235 The probe has an ugly way of working around the fact that the
236 IO::Socket::SSL class complains if start_tls() is done more than once
237 in the same program. But It Works For Me (tm).
238
239
240
2412.8.2 2022-07-23 Smokeping_probes_LDAP(3)