Smokeping_probes_LDAP(3)

1Smokeping_probes_LDAP(3)           SmokePing          Smokeping_probes_LDAP(3)
2
3
4

NAME

6       Smokeping::probes::LDAP - a LDAP probe for SmokePing
7

OVERVIEW

9       Measures LDAP search latency for SmokePing
10

SYNOPSIS

12        *** Probes ***
13
14        +LDAP
15
16        forks = 5
17        offset = 50%
18        passwordfile = /some/place/secret
19        step = 300
20
21        # The following variables can be overridden in each target section
22        /^influx_.+/ = influx_location = In the basement
23        attrs = uid,someotherattr
24        base = dc=foo,dc=bar
25        binddn = uid=testuser,dc=foo,dc=bar
26        filter = uid=testuser # mandatory
27        mininterval = 1
28        password = mypass
29        pings = 5
30        port = 389
31        scheme = ldap
32        scope = one
33        start_tls = 1
34        timeout = 10
35        verify = optional
36        version = 3
37
38        # [...]
39
40        *** Targets ***
41
42        probe = LDAP # if this should be the default probe
43
44        # [...]
45
46        + mytarget
47        # probe = LDAP # if the default probe is something else
48        host = my.host
49        /^influx_.+/ = influx_location = In the basement
50        attrs = uid,someotherattr
51        base = dc=foo,dc=bar
52        binddn = uid=testuser,dc=foo,dc=bar
53        filter = uid=testuser # mandatory
54        mininterval = 1
55        password = mypass
56        pings = 5
57        port = 389
58        scheme = ldap
59        scope = one
60        start_tls = 1
61        timeout = 10
62        verify = optional
63        version = 3
64

DESCRIPTION

66       This probe measures LDAP query latency for SmokePing.  The query is
67       specified by the target-specific variable `filter' and, optionally, by
68       the target-specific variable `base'. The attributes queried can be
69       specified in the comma-separated list `attrs'.
70
71       The TCP port of the LDAP server and the LDAP version to be used can be
72       specified by the variables `port' and `version'.
73
74       The probe can issue the starttls command to convert the connection into
75       encrypted mode, if so instructed by the `start_tls' variable.  This
76       requires the 'IO::Socket::SSL' perl module to be installed.
77
78       The probe can also optionally do an authenticated LDAP bind, if the
79       `binddn' variable is present. The password to be used can be specified
80       by the target-specific variable `password' or in an external file.  The
81       location of this file is given in the probe-specific variable
82       `passwordfile'. See Smokeping::probes::passwordchecker(3pm) for the
83       format of this file (summary: colon-separated triplets of the form
84       `<host>:<bind-dn>:<password>')
85
86       The probe tries to be nice to the server and does not send
87       authentication requests more frequently than once every X seconds,
88       where X is the value of the target-specific "min_interval" variable (1
89       by default).
90

VARIABLES

92       Supported probe-specific variables:
93
94       forks
95           Run this many concurrent processes at maximum
96
97           Example value: 5
98
99           Default value: 5
100
101       offset
102           If you run many probes concurrently you may want to prevent them
103           from hitting your network all at the same time. Using the probe-
104           specific offset parameter you can change the point in time when
105           each probe will be run. Offset is specified in % of total interval,
106           or alternatively as 'random', and the offset from the 'General'
107           section is used if nothing is specified here. Note that this does
108           NOT influence the rrds itself, it is just a matter of when data
109           acquisition is initiated.  (This variable is only applicable if the
110           variable 'concurrentprobes' is set in the 'General' section.)
111
112           Example value: 50%
113
114       passwordfile
115           Location of the file containing usernames and passwords.
116
117           Example value: /some/place/secret
118
119       step
120           Duration of the base interval that this probe should use, if
121           different from the one specified in the 'Database' section. Note
122           that the step in the RRD files is fixed when they are originally
123           generated, and if you change the step parameter afterwards, you'll
124           have to delete the old RRD files or somehow convert them. (This
125           variable is only applicable if the variable 'concurrentprobes' is
126           set in the 'General' section.)
127
128           Example value: 300
129
130       Supported target-specific variables:
131
132       /^influx_.+/
133           This is a tag that will be sent to influxdb and has no impact on
134           the probe measurement. The tag name will be sent without the
135           "influx_" prefix, which will be replaced with "tag_" instead. Tags
136           can be used for filtering.
137
138           Example value: influx_location = In the basement
139
140       attrs
141           The attributes queried.
142
143           Example value: uid,someotherattr
144
145       base
146           The base to be used in the LDAP query
147
148           Example value: dc=foo,dc=bar
149
150       binddn
151           If present, authenticate the LDAP bind with this DN.
152
153           Example value: uid=testuser,dc=foo,dc=bar
154
155       filter
156           The actual search to be made
157
158           Example value: uid=testuser
159
160           This setting is mandatory.
161
162       mininterval
163           The minimum interval between each query sent, in (possibly
164           fractional) second s.
165
166           Default value: 1
167
168       password
169           The password to be used, if not present in <passwordfile>.
170
171           Example value: mypass
172
173       pings
174           How many pings should be sent to each target, if different from the
175           global value specified in the Database section. Note that the
176           number of pings in the RRD files is fixed when they are originally
177           generated, and if you change this parameter afterwards, you'll have
178           to delete the old RRD files or somehow convert them.
179
180           Example value: 5
181
182       port
183           TCP port of the LDAP server
184
185           Example value: 389
186
187       scheme
188           LDAP scheme to use: ldap, ldaps or ldapi
189
190           Example value: ldap
191
192           Default value: ldap
193
194       scope
195           The scope of the query. Can be either 'base', 'one' or 'sub'. See
196           the Net::LDAP documentation for details.
197
198           Example value: one
199
200           Default value: sub
201
202       start_tls
203           If true, encrypt the connection with the starttls command. Disabled
204           by default.
205
206           Example value: 1
207
208       timeout
209           LDAP query timeout in seconds.
210
211           Example value: 10
212
213           Default value: 5
214
215       verify
216           The TLS verification level. Can be either 'none', 'optional',
217           'require'. See the Net::LDAPS documentation for details.
218
219           Example value: optional
220
221           Default value: require
222
223       version
224           The LDAP version to be used.
225
226           Example value: 3
227

AUTHORS

229       Niko Tyni <ntyni@iki.fi>
230

BUGS

232       There should be a way of specifying TLS options, such as the
233       certificates involved etc.
234
235       The probe has an ugly way of working around the fact that the
236       IO::Socket::SSL class complains if start_tls() is done more than once
237       in the same program. But It Works For Me (tm).
238
239
240
2412.8.2                             2023-07-22          Smokeping_probes_LDAP(3)