Open alxArad opened 4 years ago
@alxArad from the Prometheus exporter page you are referencing, you can also find some interesting links like http://www.openldap.org/doc/admin24/backends.html#Monitor which gives you the ldif entries to be used
Further more this other link might also be useful to add the monitor module
However, section 20.1 of the OpenLDAP admin guide would have been of much more use
HTH though
Thank you. I finally made it working and I post here for others in case someone will have to do something similar.
I had to create custom ldifs for loading monitor backend, adding monitor user (user used for binding when ldapsearch for monitoring purpose) and loading monitor database
load monitor backend ldif:
dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: {4}back_monitor
add user (I used an ansible role here for adding users instead of ldif) `- name: Add Monitoring User ldap_entry: dn: cn=monitor,dc=myCompany,dc=com objectClass:
load monitor database ldif:
dn: olcDatabase={2}Monitor,cn=config objectClass: olcDatabaseConfig objectClass: olcMonitorConfig olcDatabase: {2}Monitor olcAccess: {0}to dn.subtree="cn=Monitor" by dn.base="cn=monitor,dc=myCompany,dc=com" read by * none
Put these files in a folder (like /opt/openldap/ldif) and mount it to container:
volumes:
- "/opt/openldap/ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom"
Monitoring is loaded now and can be fetched via ldapsearch. More details on this link: https://blog.kmp.or.at/monitoring-openldap/ ans this https://serverfault.com/questions/866759/openldap-monitor-access-acl-not-working
I think this issue should be closed. Perhaps is a good ideea to write something relevant to the README file with the instructions for enabling monitoring? Or just prepare a new version to make things easier and add some ENV like "ENABLE_MONITORING=true/false"?
2023-9-16 Thanks for sharing. I made out a more simple and universal version base on @alxArad solution.
// get into the container
docker exec -it openldap bash
// load monitor module
ldapmodify -Y EXTERNAL -H ldapi:/// <<EOF
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: back_monitor
EOF
// init monitor database and access permission
ldapadd -Y EXTERNAL -H ldapi:/// <<EOF
dn: olcDatabase=Monitor,cn=config
objectClass: olcMonitorConfig
olcDatabase: Monitor
olcAccess: to * by * read
EOF
// test if success
ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=monitor"
I need to get metrics from this openldap, and I need to load monitor backend/database. I need to add these in slapd.conf:
database monitor rootdn "cn=monitoring,cn=Monitor" rootpw YOUR_MONITORING_ROOT_PASSWORD
As far as I know, slapd.conf is not used and in this case, how can I achieve this? I need to add custom ldif?
P.S: I'm using this for getting metrics: https://github.com/tomcz/openldap_exporter