Hi @All,
i would like to ask you how could i enable the monitoring backend in Openldap.
I'am using the cn=config Backend.
A little bit "googling" does not give me the needed information.
I found something like this:
http://dkluenter.gmxhome.de/ffg-tutorium.pdf , but with no information, how to enable the monitoring.
At openldap.org, the section
http://www.openldap.org/devel/admin/monitoringslapd.html#Monitor configuration via cn=config(5)
the section "18.1. Monitor configuration via cn=config(5)" is empty.
In the archive from this list i found the following thread http://www.openldap.org/lists/openldap-technical/201110/msg00122.html but this thread don't help me to got an idea what i should do, to configure the monitoring in openldap.
Do you have a doc or howto with further information about this?
I need the documentation for the cn=config backend. I don't have an slapd.conf!
Thanks and regards,
Axel
Am Sat, 07 Jan 2012 20:00:30 +0100 schrieb Axel Birndt towerlexa@gmx.de:
Hi @All,
i would like to ask you how could i enable the monitoring backend in Openldap.
I'am using the cn=config Backend.
A little bit "googling" does not give me the needed information.
I found something like this:
http://dkluenter.gmxhome.de/ffg-tutorium.pdf , but with no information, how to enable the monitoring.
At openldap.org, the section
http://www.openldap.org/devel/admin/monitoringslapd.html#Monitor configuration via cn=config(5)
the section "18.1. Monitor configuration via cn=config(5)" is empty.
In the archive from this list i found the following thread http://www.openldap.org/lists/openldap-technical/201110/msg00122.html but this thread don't help me to got an idea what i should do, to configure the monitoring in openldap.
Do you have a doc or howto with further information about this?
I need the documentation for the cn=config backend. I don't have an slapd.conf!
add something like
dn: olcdatabase=monitor,cn=config objectclass: olcDatabaseConfig olcDatabase: monitor olcAccess: to dn.subtree=cn=monitor by users read
-Dieter
Hi Dieter,
thank you very much for your answer. But in which file (or place) should i put this lines?
I doesn't have a slapd.conf!
Am 07.01.2012 23:09, schrieb Dieter Klünter:
Do you have a doc or howto with further information about this?
I need the documentation for the cn=config backend. I don't have an slapd.conf!
add something like
dn: olcdatabase=monitor,cn=config objectclass: olcDatabaseConfig olcDatabase: monitor olcAccess: to dn.subtree=cn=monitor by users read
On Monday, 9 January 2012 12:33:43 Axel Birndt wrote:
Hi Dieter,
thank you very much for your answer. But in which file (or place) should i put this lines?
I doesn't have a slapd.conf!
Am 07.01.2012 23:09, schrieb Dieter Klünter:
Do you have a doc or howto with further information about this?
I need the documentation for the cn=config backend. I don't have an slapd.conf!
add something like
dn: olcdatabase=monitor,cn=config objectclass: olcDatabaseConfig olcDatabase: monitor olcAccess: to dn.subtree=cn=monitor by users read
You should place it at the stdin of an invocation of ldapadd with appropriate authentication as a DN that has write access to cn=config, or in an ldif file provided after the -f option of said ldapadd.
Regards, Buchan
Hi and good evening,
Am 09.01.2012 14:42, schrieb Buchan Milne:
>> > I need the documentation for the cn=config backend. I don't have an >> > slapd.conf!
add something like
dn: olcdatabase=monitor,cn=config objectclass: olcDatabaseConfig olcDatabase: monitor olcAccess: to dn.subtree=cn=monitor by users read
You should place it at the stdin of an invocation of ldapadd with appropriate authentication as a DN that has write access to cn=config, or in an ldif file provided after the -f option of said ldapadd.
i tried now to import the config from above with an ldif-file.
abirndt@ubuntunb:~/tmp/openldap_2axels-company$ 0_ldapadd_sample.bash cn_Monitor.ldif Importing the following ldif-File(s):
<cn_Monitor.ldif>
Enter LDAP Password: adding new entry "olcdatabase=monitor,cn=config" ldap_add: Other (e.g., implementation specific) error (80) additional info: <olcDatabase> failed init
But i got the failure as shown.
Could you give me a hint what i could do?
Am Fri, 13 Jan 2012 19:56:04 +0100 schrieb Axel Birndt towerlexa@gmx.de:
Hi and good evening,
Am 09.01.2012 14:42, schrieb Buchan Milne:
> >> > I need the documentation for the cn=config backend. > >> > I don't have an slapd.conf!
add something like
dn: olcdatabase=monitor,cn=config objectclass: olcDatabaseConfig olcDatabase: monitor olcAccess: to dn.subtree=cn=monitor by users read
You should place it at the stdin of an invocation of ldapadd with appropriate authentication as a DN that has write access to cn=config, or in an ldif file provided after the -f option of said ldapadd.
i tried now to import the config from above with an ldif-file.
abirndt@ubuntunb:~/tmp/openldap_2axels-company$ 0_ldapadd_sample.bash cn_Monitor.ldif Importing the following ldif-File(s):
<cn_Monitor.ldif>
Enter LDAP Password: adding new entry "olcdatabase=monitor,cn=config" ldap_add: Other (e.g., implementation specific) error (80) additional info: <olcDatabase> failed init
But i got the failure as shown.
Could you give me a hint what i could do?
Is the monitor module loaded at all? If it is not provided as module, run slapd -VVV to see whether it is build in.
-Dieter
Am 15.01.2012 09:13, schrieb Dieter Klünter:
i tried now to import the config from above with an ldif-file.
abirndt@ubuntunb:~/tmp/openldap_2axels-company$ 0_ldapadd_sample.bash cn_Monitor.ldif Importing the following ldif-File(s):
<cn_Monitor.ldif>
Enter LDAP Password: adding new entry "olcdatabase=monitor,cn=config" ldap_add: Other (e.g., implementation specific) error (80) additional info:<olcDatabase> failed init
But i got the failure as shown.
Could you give me a hint what i could do?
Is the monitor module loaded at all? If it is not provided as module, run slapd -VVV to see whether it is build in.
I put the -VVV option in /etc/default/slapd, but with this the LdapServer won't start:
Put the -VVV into the variable SLAPD_OPTIONS:
# Additional options to pass to slapd SLAPD_OPTIONS="-VVV -l LOCAL4"
abirndt@ubuntunb:/etc/init.d$ sudo ./slapd restart Stopping OpenLDAP: slapd. Starting OpenLDAP: slapd - failed: @(#) $OpenLDAP: slapd 2.4.21 (Nov 14 2011 20:35:32) $ buildd@vernadsky:/build/buildd/openldap-2.4.21/debian/build/servers/slapd
If i put a space bitween the "-" and the "VVV" => "- VVV" the ldapserver is starting, but i don't see any other behavior.
I only found the -vvv option for example with the ldapadd command:
sudo ldapadd -vvv
On Mon, Jan 16, 2012 at 2:31 PM, Axel Birndt towerlexa@gmx.de wrote:
Am 15.01.2012 09:13, schrieb Dieter Klünter:
i tried now to import the config from above with an ldif-file.
abirndt@ubuntunb:~/tmp/openldap_2axels-company$ 0_ldapadd_sample.bash cn_Monitor.ldif Importing the following ldif-File(s):
<cn_Monitor.ldif>
Enter LDAP Password: adding new entry "olcdatabase=monitor,cn=config" ldap_add: Other (e.g., implementation specific) error (80) additional info:<olcDatabase> failed init
But i got the failure as shown.
Could you give me a hint what i could do?
Is the monitor module loaded at all? If it is not provided as module, run slapd -VVV to see whether it is build in.
I put the -VVV option in /etc/default/slapd, but with this the LdapServer won't start:
Put the -VVV into the variable SLAPD_OPTIONS:
# Additional options to pass to slapd SLAPD_OPTIONS="-VVV -l LOCAL4"
abirndt@ubuntunb:/etc/init.d$ sudo ./slapd restart Stopping OpenLDAP: slapd. Starting OpenLDAP: slapd - failed: @(#) $OpenLDAP: slapd 2.4.21 (Nov 14 2011 20:35:32) $
buildd@vernadsky:/build/buildd/openldap-2.4.21/debian/build/servers/slapd
If i put a space bitween the "-" and the "VVV" => "- VVV" the ldapserver is starting, but i don't see any other behavior.
I only found the -vvv option for example with the ldapadd command:
sudo ldapadd -vvv
You probably also need something on these lines (take with a VW worth of salt; I do a lot of typos):
dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: monitor
--
Gruß Axel
Hi @All,
Am 16.01.2012 21:06, schrieb Mauricio Tavares:
abirndt@ubuntunb:/etc/init.d$ sudo ./slapd restart Stopping OpenLDAP: slapd. Starting OpenLDAP: slapd - failed: @(#) $OpenLDAP: slapd 2.4.21 (Nov 14 2011 20:35:32) $
buildd@vernadsky:/build/buildd/openldap-2.4.21/debian/build/servers/slapd
If i put a space bitween the "-" and the "VVV" => "- VVV" the ldapserver is starting, but i don't see any other behavior.
I only found the -vvv option for example with the ldapadd command:
sudo ldapadd -vvv
You probably also need something on these lines (take with a VWworth of salt; I do a lot of typos):
dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: monitor
i'am a little bit confused...
I created a new ldif file:
#dn: olcdatabase=monitor,cn=config objectclass: olcDatabaseConfig olcDatabase: monitor olcAccess: to dn.subtree=cn=monitor by users read dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: monitor
and added it with the following command:
ldapadd -H ldap://localhost -x -D "cn=admin,cn=config" -f cn_Monitor_modify.ldif -W
ldapadd: attributeDescription "dn": (possible missing newline after line 4, entry "olcdatabase=monitor,cn=config"?) adding new entry "olcdatabase=monitor,cn=config" ldap_add: Undefined attribute type (17) additional info: dn: attribute type undefined
Is there the possibility to provide me an file in ldif-format which i could import?
Of course i'am able to provide some more information. Could someone give me some hints, what i could do?
A Lookup inside the configuration gives me no more information. I used ldapvi and phpldapadmin
ldapvi -D cn=admin,cn=config -b cn=config
But there was no content with the new olcdatabase=monitor,cn=config...
--On January 16, 2012 10:17:56 PM +0100 Axel Birndt towerlexa@gmx.de wrote:
I created a new ldif file:
# dn: olcdatabase=monitor,cn=config objectclass: olcDatabaseConfig olcDatabase: monitor olcAccess: to dn.subtree=cn=monitor by users read dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: monitor
This isn't valid LDIF, why do you expect it to work?
--Quanah
Hi Quanah,
Am 18.01.2012 02:05, schrieb Quanah Gibson-Mount:
# dn: olcdatabase=monitor,cn=config objectclass: olcDatabaseConfig olcDatabase: monitor olcAccess: to dn.subtree=cn=monitor by users read dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: monitor
This isn't valid LDIF, why do you expect it to work?
excuse me please, but this is, what recommended to me by one of the mails before...
In any way, for the configuration with the slapd.conf file i found many documents in the internet, but on this page http://www.openldap.org/devel/admin/monitoringslapd.html#Monitor The section for the cn=config backend is empty... So i put some hours in searching with google, but for configuring this in the cn=config backend i don't found helpful informations for me..
Maybe you could help me and give me some steps what i could do to enable the monitoring in my slapd.
--On January 18, 2012 7:19:51 AM +0100 Axel Birndt towerlexa@gmx.de wrote:
Hi Quanah,
Am 18.01.2012 02:05, schrieb Quanah Gibson-Mount:
# dn: olcdatabase=monitor,cn=config objectclass: olcDatabaseConfig olcDatabase: monitor olcAccess: to dn.subtree=cn=monitor by users read dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: monitor
This isn't valid LDIF, why do you expect it to work?
excuse me please, but this is, what recommended to me by one of the mails before...
In any way, for the configuration with the slapd.conf file i found many documents in the internet, but on this page http://www.openldap.org/devel/admin/monitoringslapd.html#Monitor The section for the cn=config backend is empty... So i put some hours in searching with google, but for configuring this in the cn=config backend i don't found helpful informations for me..
Maybe you could help me and give me some steps what i could do to enable the monitoring in my slapd.
I would start by reading:
http://en.wikipedia.org/wiki/LDAP_Data_Interchange_Format
so that you can gain comprehension as to what is invalid about the LDIF file you pasted. You only need to tweak it a little bit to make it actually be correct.
--Quanah
Am Mon, 16 Jan 2012 20:31:49 +0100 schrieb Axel Birndt towerlexa@gmx.de:
Am 15.01.2012 09:13, schrieb Dieter Klünter:
i tried now to import the config from above with an ldif-file.
abirndt@ubuntunb:~/tmp/openldap_2axels-company$ 0_ldapadd_sample.bash cn_Monitor.ldif Importing the following ldif-File(s):
<cn_Monitor.ldif>
Enter LDAP Password: adding new entry "olcdatabase=monitor,cn=config" ldap_add: Other (e.g., implementation specific) error (80) additional info:<olcDatabase> failed init
But i got the failure as shown.
Could you give me a hint what i could do?
Is the monitor module loaded at all? If it is not provided as module, run slapd -VVV to see whether it is build in.
I put the -VVV option in /etc/default/slapd, but with this the LdapServer won't start:
Put the -VVV into the variable SLAPD_OPTIONS:
No, this is not the intended option! Just run slapd -VVV without any further options in an terminal.
/usr/lib/openldap> ./slapd -VVV @(#) $OpenLDAP: slapd 2.4.26 $ opensuse-buildservice@opensuse.org
Included static overlays: ppolicy syncprov Included static backends: config ldif monitor bdb hdb ldap relay
-Dieter
Hi Dieter,
Am 17.01.2012 08:38, schrieb Dieter Klünter:
Is the monitor module loaded at all?
If it is not provided as module, run slapd -VVV to see whether it is build in.
I put the -VVV option in /etc/default/slapd, but with this the LdapServer won't start:
Put the -VVV into the variable SLAPD_OPTIONS:
No, this is not the intended option! Just run slapd -VVV without any further options in an terminal.
/usr/lib/openldap> ./slapd -VVV @(#) $OpenLDAP: slapd 2.4.26 $ opensuse-buildservice@opensuse.org
Included static overlays: ppolicy syncprov Included static backends: config ldif monitor bdb hdb ldap relay
abirndt@ubuntunb:/usr/sbin$ sudo ./slapd -VVV @(#) $OpenLDAP: slapd 2.4.21 (Nov 14 2011 20:35:32) $ buildd@vernadsky:/build/buildd/openldap-2.4.21/debian/build/servers/slapd
i'am confused, while the output is so different to this one provided from you...
This is the commandline from my running slapd:
abirndt@ubuntunb:/usr/sbin$ ps -ef | grep slap openldap 4887 1 0 Jan16 ? 00:00:00 /usr/sbin/slapd -h ldap:/// ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d/ -l LOCAL4
Am Tue, 17 Jan 2012 20:37:40 +0100 schrieb Axel Birndt towerlexa@gmx.de:
Hi Dieter,
Am 17.01.2012 08:38, schrieb Dieter Klünter:
Is the monitor module loaded at all?
If it is not provided as module, run slapd -VVV to see whether it is build in.
I put the -VVV option in /etc/default/slapd, but with this the LdapServer won't start:
Put the -VVV into the variable SLAPD_OPTIONS:
No, this is not the intended option! Just run slapd -VVV without any further options in an terminal.
/usr/lib/openldap> ./slapd -VVV @(#) $OpenLDAP: slapd 2.4.26 $ opensuse-buildservice@opensuse.org
Included static overlays: ppolicy syncprov Included static backends: config ldif monitor bdb hdb ldap relay
abirndt@ubuntunb:/usr/sbin$ sudo ./slapd -VVV @(#) $OpenLDAP: slapd 2.4.21 (Nov 14 2011 20:35:32) $ buildd@vernadsky:/build/buildd/openldap-2.4.21/debian/build/servers/slapd
i'am confused, while the output is so different to this one provided from you...
If the above is the only output of the command, than there are no staticly build in databases and overlays, but only loadable modules which have to be loaded explicitly.
-Dieter
Hi Dieter,
Am 18.01.2012 09:09, schrieb Dieter Klünter:
abirndt@ubuntunb:/usr/sbin$ sudo ./slapd -VVV
@(#) $OpenLDAP: slapd 2.4.21 (Nov 14 2011 20:35:32) $ buildd@vernadsky:/build/buildd/openldap-2.4.21/debian/build/servers/slapd
i'am confused, while the output is so different to this one provided from you...
If the above is the only output of the command, than there are no staticly build in databases and overlays, but only loadable modules which have to be loaded explicitly.
Ok, thanks for the explainings. Could you or someone help me to identify how i could do this?
In my mind this is the behavior from the cn=config backend, Right??
Now i have to configure this cn=config backend to be able to become monitored.
Could anyone be so kind to help me here? Please let us try to configure this out with the cn=config backend.
Thanks in advance
Am Wed, 18 Jan 2012 11:37:21 +0100 schrieb Axel Birndt towerlexa@gmx.de:
Hi Dieter,
Am 18.01.2012 09:09, schrieb Dieter Klünter:
abirndt@ubuntunb:/usr/sbin$ sudo ./slapd -VVV
@(#) $OpenLDAP: slapd 2.4.21 (Nov 14 2011 20:35:32) $ buildd@vernadsky:/build/buildd/openldap-2.4.21/debian/build/servers/slapd
i'am confused, while the output is so different to this one provided from you...
If the above is the only output of the command, than there are no staticly build in databases and overlays, but only loadable modules which have to be loaded explicitly.
Ok, thanks for the explainings. Could you or someone help me to identify how i could do this?
In my mind this is the behavior from the cn=config backend, Right??
Now i have to configure this cn=config backend to be able to become monitored.
Could anyone be so kind to help me here? Please let us try to configure this out with the cn=config backend.
Thanks in advance
If there are modules loaded already, modify the apropriate entry: ldapmodify -D xxx -W -H ldap://some.host dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: monitor.la
or better, use a decent ldap client like web2ldap, ldapvi or Apache Directory Studio.
-Dieter
Hello Dieter,
Am 18.01.2012 12:34, schrieb Dieter Klünter:
In my mind this is the behavior from the cn=config backend, Right??
Now i have to configure this cn=config backend to be able to become monitored.
Could anyone be so kind to help me here? Please let us try to configure this out with the cn=config backend.
Thanks in advance
If there are modules loaded already, modify the apropriate entry: ldapmodify -D xxx -W -Hldap://some.host dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: monitor.la
or better, use a decent ldap client like web2ldap, ldapvi or Apache Directory Studio.
I've found a back_monitor.la in /usr/lib/ldap/.
Added in ldapvi the following lines:
(ldapvi -D cn=admin,cn=config -b cn=config)
---- 12 cn=module{0},cn=config objectClass: olcModuleList cn: module{0} olcModulePath: /usr/lib/ldap olcModuleLoad: {2}back_monitor
13 olcDatabase={2}monitor,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}back_monitor olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break olcRootDN: cn=monitor,cn=config olcRootPW: {CRYPT}3B64HY27EjB5I -----
Now i got the following failure:
----- Error: Invalid key: `12'. What now? [eQ?] -----
If i only add the lines from the key "13" i got the same error.
Now next try:
---- 12 cn=module{1},cn=config objectClass: olcModuleList cn: module{1} olcModulePath: /usr/lib/ldap olcModuleLoad: {2}back_monitor ----
result: the same error - Invalid Key: `12`
I don't have any more ideas.
==========================================================================
Now i've created the following cn=module entry:
ldapadd -H ldap://localhost -x -D "cn=admin,cn=config" -f "cn_Monitor_add.ldif" -W Enter LDAP Password: modifying entry "cn=module{1},cn=config"
--------- dn: cn=module{1},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: back_monitor.la
----------
Now i have the following entry for the module{1}
--------- # Eintrag 1: cn=module{1},cn=config dn: cn=module{1},cn=config cn: module{1} objectclass: olcModuleList objectclass: top olcmoduleload: {0}back_monitor olcmoduleload: {1}back_monitor.la olcmodulepath: /usr/lib/ldap ---------
Now I'am not sure if the monitorbackend is now well configured... but i will add now the monitoring with munin and try to access to the monitoringbackend.
--On January 18, 2012 10:06:58 PM +0100 Axel Birndt towerlexa@gmx.de wrote:
Added in ldapvi the following lines:
(ldapvi -D cn=admin,cn=config -b cn=config)
12 cn=module{0},cn=config objectClass: olcModuleList cn: module{0} olcModulePath: /usr/lib/ldap olcModuleLoad: {2}back_monitor
13 olcDatabase={2}monitor,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}back_monitor olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break olcRootDN: cn=monitor,cn=config olcRootPW: {CRYPT}3B64HY27EjB5I
Once again, this is clearly not valid LDIF. If you would just simply take the time to read up on the LDIF standard, you would save yourself, and everyone else, a lot of time and trouble. You're 99% of the way to valid LDIF.
--Quanah
Am 18.01.2012 12:34, schrieb Dieter Klünter:
If there are modules loaded already, modify the apropriate entry: ldapmodify -D xxx -W -Hldap://some.host dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: monitor.la
or better, use a decent ldap client like web2ldap, ldapvi or Apache Directory Studio.
In the last few days i configured "wildly" on my ldapserver...
Now i asked him for some data and got this one:
----------------------- root@ubuntunb:/etc/munin# ldapsearch -x -D 'cn=admin,dc=2axels-company,dc=de' -W -b 'cn=Monitor' -s base '(objectClass=*)' '*' '+' Enter LDAP Password: # extended LDIF # # LDAPv3 # base <cn=Monitor> with scope baseObject # filter: (objectClass=*) # requesting: * + #
# Monitor dn: cn=Monitor objectClass: monitorServer structuralObjectClass: monitorServer cn: Monitor creatorsName: cn=admin,dc=2axels-company,dc=de modifiersName: cn=admin,dc=2axels-company,dc=de createTimestamp: 20120120203804Z modifyTimestamp: 20120120203804Z description: This subtree contains monitoring/managing objects. description: This object contains information about this server. description: Most of the information is held in operational attributes, which must be explicitly requested. monitoredInfo: OpenLDAP: slapd 2.4.21 (Nov 14 2011 20:35:32) entryDN: cn=Monitor subschemaSubentry: cn=Subschema hasSubordinates: TRUE
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1 -------------------
How could i access the monitoring data and is the monitor backend now working ?? For me it looks so.
Does someone of you use munin to monitor the slapd? I don't see any data there, but of course this is Off Topic now. Isn't it?
--On Friday, January 20, 2012 9:47 PM +0100 Axel Birndt towerlexa@gmx.de wrote:
How could i access the monitoring data and is the monitor backend now working ?? For me it looks so.
There is lots of monitoring data available, but you have to request it.
http://www.openldap.org/doc/admin24/monitoringslapd.html
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
Am Fri, 20 Jan 2012 21:47:20 +0100 schrieb Axel Birndt towerlexa@gmx.de:
Am 18.01.2012 12:34, schrieb Dieter Klünter:
If there are modules loaded already, modify the apropriate entry: ldapmodify -D xxx -W -Hldap://some.host dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: monitor.la
or better, use a decent ldap client like web2ldap, ldapvi or Apache Directory Studio.
In the last few days i configured "wildly" on my ldapserver...
Now i asked him for some data and got this one:
root@ubuntunb:/etc/munin# ldapsearch -x -D 'cn=admin,dc=2axels-company,dc=de' -W -b 'cn=Monitor' -s base '(objectClass=*)' '*' '+' Enter LDAP Password: # extended LDIF # # LDAPv3 # base <cn=Monitor> with scope baseObject # filter: (objectClass=*) # requesting: * + #
# Monitor dn: cn=Monitor objectClass: monitorServer structuralObjectClass: monitorServer cn: Monitor creatorsName: cn=admin,dc=2axels-company,dc=de modifiersName: cn=admin,dc=2axels-company,dc=de createTimestamp: 20120120203804Z modifyTimestamp: 20120120203804Z description: This subtree contains monitoring/managing objects. description: This object contains information about this server. description: Most of the information is held in operational attributes, which must be explicitly requested. monitoredInfo: OpenLDAP: slapd 2.4.21 (Nov 14 2011 20:35:32) entryDN: cn=Monitor subschemaSubentry: cn=Subschema hasSubordinates: TRUE
# search result search: 2 result: 0 Success
# numResponses: 2
# numEntries: 1
How could i access the monitoring data and is the monitor backend now working ?? For me it looks so.
Does someone of you use munin to monitor the slapd? I don't see any data there, but of course this is Off Topic now. Isn't it?
Mot of the attributes ar operational, you may request the database by applying the 'all operational attributes' extension (RFC-3673) which is the + character, or you may ask for attribute monitoredInfo explicitly.
ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=monitor -s one + "*"
-Dieter
tis 2012-01-17 klockan 20:37 +0100 skrev Axel Birndt:
Hi Dieter,
Am 17.01.2012 08:38, schrieb Dieter Klünter:
No, this is not the intended option! Just run slapd -VVV without any further options in an terminal.
/usr/lib/openldap> ./slapd -VVV @(#) $OpenLDAP: slapd 2.4.26 $ opensuse-buildservice@opensuse.org
Included static overlays: ppolicy syncprov Included static backends: config ldif monitor bdb hdb ldap relay
abirndt@ubuntunb:/usr/sbin$ sudo ./slapd -VVV @(#) $OpenLDAP: slapd 2.4.21 (Nov 14 2011 20:35:32) $ buildd@vernadsky:/build/buildd/openldap-2.4.21/debian/build/servers/slapd
i'am confused, while the output is so different to this one provided from you...
This is the commandline from my running slapd:
abirndt@ubuntunb:/usr/sbin$ ps -ef | grep slap openldap 4887 1 0 Jan16 ? 00:00:00 /usr/sbin/slapd -h ldap:/// ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d/ -l LOCAL4
This is the output which i get from an slapd invocation as my normal user (not root or the openldap user, and this is for debian wheezy): ----------- stefan@compaq:~$ /usr/sbin/slapd -VVV @(#) $OpenLDAP: slapd (Jan 18 2012 22:06:41) $
buildd@biber:/build/buildd-openldap_2.4.28-1.1-i386-mT8fV5/openldap-2.4.28/debian/build/servers/slapd
Included static backends: config ldif --------
Which means that i would have to load loadable modules for slapd to do any work which is usable (no hdb or bdb module which is 2 backends for storing application data)
When dpkg installs slapd in debian wheezy it uses /usr/share/slapd/slapd.init.ldif as an template for bootstraping slapd. Look inside the slapd deb and you should be able to find the install shell scripts which contains the slapcat invocations.
The install shell-script takes the selection which debconf asks and which you probably did answer and with that transforms (a simple m4 invocation is good enough) the template ldif-file into the final potent init ldif-file. That ldif file is then interpreted by slapcat and slapcat can now create an working slapd configuration. ̈́ Now slapd can start and the first thing which is done is the insertion of the root node in the ldap-tree.
The ldif template shows you a number of examles of how to do continuation lines in ldif which is one of the reason why the ldif inside your other letters was bad.
slapcat is in fact a special version of slapd (it is an alias.)
Check out the inode number and link counts for the slap-something files in /usr/sbin :-)
I think i need to modify my text a litte :-)
ons 2012-01-25 klockan 16:18 +0100 skrev Stefan Skoglund:
When dpkg installs slapd in debian wheezy it uses /usr/share/slapd/slapd.init.ldif as an template for bootstraping slapd. Look inside the slapd deb and you should be able to find the install shell scripts which contains the slapcat invocations.
Which is executed (the script) at slapd install time!
The install shell-script takes the selection which debconf asks and which you probably did answer and with that transforms (a simple m4 invocation is good enough) the template ldif-file into the final potent init ldif-file. That ldif file is then interpreted by slapcat and slapcat can now create an working slapd configuration.
...such that slapcat generates an working slapd config.
slapcat,slapadd,slapindex and slapd is different names for the same executable.
̈́ Now slapd can start and the first thing which is done is the insertion of the root node in the ldap-tree.
The ldif template shows you a number of examles of how to do continuation lines in ldif which is one of the reason why the ldif inside your other letters was bad.
The falty line continuations in the ldif fragments in your emails explains a number of your problems.
For ldapvi you should understand that ldapvi uses an modified ldif, for example for adding nodes in an ldif tree.
The syntax for ldapvi and ldapadd differs.
Hi Stefan,
at first thank you very much for your answer and the your effort.
Am 25.01.2012 16:49, schrieb Stefan Skoglund:
I think i need to modify my text a litte :-)
ons 2012-01-25 klockan 16:18 +0100 skrev Stefan Skoglund:
When dpkg installs slapd in debian wheezy it uses /usr/share/slapd/slapd.init.ldif as an template for bootstraping slapd.
... As i wrote in one of my last emails i've done the configuration from my ldap server with the documentation from the ubuntuusers wiki (this is in german, but the steps should be clear)
Which is executed (the script) at slapd install time!
The install shell-script takes the selection which debconf asks and which you probably did answer and with that transforms (a simple m4 invocation is good enough) the template ldif-file into the final potent init ldif-file. That ldif file is then interpreted by slapcat and slapcat can now create an working slapd configuration.
...such that slapcat generates an working slapd config.
slapcat,slapadd,slapindex and slapd is different names for the same executable.
Thanks for this hint. I never had have a look at this before... These binaries are hardlinked ;-) Fine.
ls -li slap* 1045854 -rwxr-xr-x 9 root root 1284316 2011-11-14 22:27 slapacl
̈́ Now slapd can start and the first thing which is done is the insertion of the root node in the ldap-tree.
My ldap directory (with cn=config Backend - i never had have a slapd.conf!) is working fine
The ldif template shows you a number of examles of how to do continuation lines in ldif which is one of the reason why the ldif inside your other letters was bad.
Oh ok, i think this is what Quannah mentioned in his mails. I'll try to understand this in the next few days.
The falty line continuations in the ldif fragments in your emails explains a number of your problems.
Excuse me please, but my english isn't good enough to understand this sentence. Could give me some more explanations?
For ldapvi you should understand that ldapvi uses an modified ldif, for example for adding nodes in an ldif tree.
The syntax for ldapvi and ldapadd differs.
Ok, i shoud read not only the documentation belonging the ldif format... The description for ldapvi should be the next one...
Anyway, the monitoring backend is still working, but the script from https://github.com/munin-monitoring/contrib/blob/master/plugins/other/slapd_
does not work for me...
Unfortunately i have not so much time to check all details... and my programming skill does not touch the perl language...
The idea of activate the monitoring in slapd, was the showing from the ldap state in the munin tool... I also opened a thread in the munin-users mailinglist, but they couldn't help me...
PS: So please excuse my english writing. I hope its understandable for this technical facts.
openldap-technical@openldap.org
-
Axel Birndt -
Buchan Milne -
Dieter Klünter -
Mauricio Tavares -
Quanah Gibson-Mount -
Stefan Skoglund