Michael Strödermichael@stroeder.com schrieb am 25.11.2013 um 18:18 in
Nachricht 52938656.3000806@stroeder.com:
ML mail wrote:
I would like to monitor connectivity to my OpenLDAP using nagios with its check_ldap script and was wondering which minimal ACL would you recommend for that purpose?
It really depends on what you want to check.
Things which come to mind:
- Performance data from cn=monitor
Can you give an example query filter? I wonder since what version cn=monitor works reasonably. I have configured it in my "somewhat older" (TM) openLDAP server, but never could get anything reasonable out of it.
There things do not appear in the naming contexts intentionally, right?
Regards, Ulrich
- Count entries in your databases with noop-search control (does not scale
for many entries)
- Read syncrepl topology from cn=config to automatigally check connection
to the replicas found therein and compare contextCSN values in DB suffixes.
Ciao, Michael.