Am Tue, 26 Nov 2013 09:21:51 +0100 schrieb "Ulrich Windl" Ulrich.Windl@rz.uni-regensburg.de:
Michael Strödermichael@stroeder.com schrieb am 25.11.2013 um 18:18 in
Nachricht 52938656.3000806@stroeder.com:
ML mail wrote:
I would like to monitor connectivity to my OpenLDAP using nagios with its check_ldap script and was wondering which minimal ACL would you recommend for that purpose?
It really depends on what you want to check.
Things which come to mind:
- Performance data from cn=monitor
Can you give an example query filter? I wonder since what version cn=monitor works reasonably. I have configured it in my "somewhat older" (TM) openLDAP server, but never could get anything reasonable out of it.
There things do not appear in the naming contexts intentionally, right?
ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=backload,cn=threads,cn=monitor -s base "(objectClass=monitoredObject)" monitoredInfo
ldapsearch -Y EXTERNAL -H ldapi:/// -b 'cn=operations,cn=monitor' -s sub '(objectClass=monitorOperation)' monitorOpCompleted monitorOpInitiated
-Dieter