Jason Schoonover
2007-04-16
OpenLDAP monitoring and Statistic Collecing

The plugin has been successfully tested on:
	OpenLDAP 2.1
	OpenLDAP 2.2
	OpenLDAP 2.3

Currently, the OpenLDAP plugin monitors the following attributes of an
OpenLDAP database:

	- Successful Binds
	- Number of Connections
	- Number of total Operations performed
	- Number of Adds
	- Number of Deletes
	- Number of modifies
	- Number of Compares
	- Number of Searches


First, the perl modules NET::LDAP needs to be installed.

Debian:
	apt-get install libnet-ldap-perl

Other OS's, the CPAN module is available
	http://search.cpan.org/~gbarr/perl-ldap/

1. OpenLDAP configuration


** WARNING: before you do any of the following steps make sure that you
** have read the appropriate documentation for OpenLDAP.  It is
** possible that enabled stats and the block level could have a minor
** performance hit.  PLEASE READ THE OPENLDAP DOCS FIRST.

http://openldap.org

************************************************************************

Once the perl module is installed, you need to enabled monitoring and
then turn on access to the monitoring database
to match whatever you want to create):

Use a configuration option like this:

	database monitor
	access to dn.subtree="cn=Monitor"
		by users read
		by * none

That will turn on the monitoring engine, and then will give access to
the cn=Monitor basedn to all authenticated users.  See the OpenLDAP docs
for more information on tightening security for it.

3. Limitations

Currently, unnoc does not support anonymous binding, therefore you will
need to either create a login with limited access, or use an already
existing user.

Unnoc does not support SSL (yet), so all monitoring will have to be
done in the clear (port 389)
	
	OpenLDAP port is TCP 389
	OpenLDAP anonymous bind is not supported
	OpenLDAP SSL/TLS is not supported

Look for more configurations in future versions of Unnoc


3. Unnoc Configuration

In the etc/unnoc.conf file, you should tell unnoc aobut the new openldap
host.  The proper plugin is "openldap"

	host {
		hostname = server1
		communtiy = public
		updown = ping
		plugin = openldap
		openldap_basedn = dc=domain,dc=com
		openldap_binddn = uid=user,dc=domain,dc=com
		openldap_bindpw = test123
	}


vim:tw=72:wm=1