It would be interesting if there were any official Prometheus exporter to monitor LDAP metrics. If we have one such exporter, does it authenticate LDAP Server to aggregate/formulate/capture metrics?
Thanks, Teja
--On Wednesday, February 23, 2022 10:45 PM +0000 vtejaswini1@gmail.com wrote:
It would be interesting if there were any official Prometheus exporter to monitor LDAP metrics. If we have one such exporter, does it authenticate LDAP Server to aggregate/formulate/capture metrics?
I'm not familiar with Prometheus, but the monitor backend to OpenLDAP provides a number of useful metrics that can be queried via standard ldap operations. You can define a seperate set of ACL rules for that backend as well.
This is an example of a dashboard I made for Grafana: https://grafana.com/grafana/dashboards/13349
Other monitoring systems (for example datadog) also have plugins for OpenLDAP that can be used to generate a similar dashboard.
Regards, Quanah
On 2/23/22 23:45, vtejaswini1@gmail.com wrote:
It would be interesting if there were any official Prometheus exporter to monitor LDAP metrics.
What does "official" mean for you? Does that mean vendor support you're willing to pay for?
Anyway...
My slapdcheck also produces OpenMetrics output to be consumed by Prometheus. But since it's a wrapper around the MRPE checks it does not feel Prometheus-like. It's on my long to-do list to refactor slapdcheck to internally already handle labels and turn that into MRPE/Nagios compatible check item names.
https://code.stroeder.com/ldap/slapdcheck
Help would be appreciated:
https://code.stroeder.com/ldap/slapdcheck/issues
You could also use mtail to extract metrics from logs which mtail also serves as Prometheus metrics:
https://github.com/google/mtail
My mtail progs extract some metrics not available in cn=monitor yet (e.g. result code counters and deferred counters).
https://code.stroeder.com/AE-DIR/ansible-ae-dir-server/src/branch/master/tem...
BTW: There are some simple exporters available out there which simply pull counters and gauges from cn=monitor and use the DN of the monitor entry as the metrics' label. Given that some cn=monitor entries contain multiple values this is not the correct approach. (And full DNs as label also makes your Prometheus queries look quite complicated.)
Ciao, Michael.
Hello Michael,
Doesn't your slapdcheck also rely on cn=monitor to query LDAP Server? Could you explain to me on a high level how slapdcheck is interacting with LDAP Server? I am happy that the source code is open-sourced and available.
Coming from a Prometheus background, when I talk about official exporters I meant the exporters listed by the Prometheus community as reliable and useful on their website. Here is such a list: https://prometheus.io/docs/instrumenting/exporters/, we have a wide range of exporters for different servers/databases.
Thanks, Teja
On 2/24/22 15:00, vtejaswini1@gmail.com wrote:
Doesn't your slapdcheck also rely on cn=monitor to query LDAP Server?
Yes.
Could you explain to me on a high level how slapdcheck is interacting with LDAP Server?
Besides accessing cn=monitor it reads the currently active configuration from a read-only(!) cn=config and e.g. trys to reach all the provider replicas configured therein, etc.
And in opposite to other slapd exporters it does not falsely assume to only read one gauge/counter per entry in cn=monitor.
Coming from a Prometheus background, when I talk about official exporters I meant the exporters listed by the Prometheus community as reliable and useful on their website.
Ah, I see.
Not sure how much the Prometheus community care about OpenLDAP though.
Ciao, Michael.
openldap-technical@openldap.org
-
Michael Ströder -
Quanah Gibson-Mount -
vtejaswini1@gmail.com