This is a simple service that scrapes metrics from OpenLDAP and exports them via HTTP for Prometheus consumption.
This exporter is based on the ideas in https://github.com/jcollie/openldap_exporter, but it is written in golang to allow for simpler distribution and installation.
slapd supports an optional LDAP monitoring interface you can use to obtain information regarding the current state of your slapd instance. Documentation for this backend can be found in the OpenLDAP backend guide and administration guide.
To enable the backend add the following to the bottom of your slapd.conf
file:
database monitor
rootdn "cn=monitoring,cn=Monitor"
rootpw YOUR_MONITORING_ROOT_PASSWORD
Technically you don't need rootdn
or rootpw
, but having unauthenticated access to slapd feels a little wrong.
You may need to also load the monitoring backend module if your slapd installation needs to load backends as modules by adding this to your slapd.conf
:
moduleload back_monitor
Once you've built the exporter (see below), or downloaded the latest release, you can install it on the same server as your slapd instance, and run it as a service. You can then configure Prometheus to pull metrics from the exporter's /metrics
endpoint on port 9330, and check to see that it is working via curl:
$> curl -s http://localhost:9330/metrics
...
# HELP openldap_monitor_counter_object cn=Monitor (objectClass=monitorCounterObject) monitorCounter
# TYPE openldap_monitor_counter_object gauge
openldap_monitor_counter_object{dn="cn=Bytes,cn=Statistics,cn=Monitor"} 1.857812777e+09
openldap_monitor_counter_object{dn="cn=Current,cn=Connections,cn=Monitor"} 50
openldap_monitor_counter_object{dn="cn=Entries,cn=Statistics,cn=Monitor"} 4.226632e+06
openldap_monitor_counter_object{dn="cn=Max File Descriptors,cn=Connections,cn=Monitor"} 1024
openldap_monitor_counter_object{dn="cn=PDU,cn=Statistics,cn=Monitor"} 4.446117e+06
openldap_monitor_counter_object{dn="cn=Read,cn=Waiters,cn=Monitor"} 31
openldap_monitor_counter_object{dn="cn=Referrals,cn=Statistics,cn=Monitor"} 0
openldap_monitor_counter_object{dn="cn=Total,cn=Connections,cn=Monitor"} 65383
openldap_monitor_counter_object{dn="cn=Write,cn=Waiters,cn=Monitor"} 0
# HELP openldap_monitor_operation cn=Operations,cn=Monitor (objectClass=monitorOperation) monitorOpCompleted
# TYPE openldap_monitor_operation gauge
openldap_monitor_operation{dn="cn=Abandon,cn=Operations,cn=Monitor"} 0
openldap_monitor_operation{dn="cn=Add,cn=Operations,cn=Monitor"} 0
openldap_monitor_operation{dn="cn=Bind,cn=Operations,cn=Monitor"} 57698
openldap_monitor_operation{dn="cn=Compare,cn=Operations,cn=Monitor"} 0
openldap_monitor_operation{dn="cn=Delete,cn=Operations,cn=Monitor"} 0
openldap_monitor_operation{dn="cn=Extended,cn=Operations,cn=Monitor"} 0
openldap_monitor_operation{dn="cn=Modify,cn=Operations,cn=Monitor"} 0
openldap_monitor_operation{dn="cn=Modrdn,cn=Operations,cn=Monitor"} 0
openldap_monitor_operation{dn="cn=Search,cn=Operations,cn=Monitor"} 161789
openldap_monitor_operation{dn="cn=Unbind,cn=Operations,cn=Monitor"} 9336
# HELP openldap_monitored_object cn=Monitor (objectClass=monitoredObject) monitoredInfo
# TYPE openldap_monitored_object gauge
openldap_monitored_object{dn="cn=Active,cn=Threads,cn=Monitor"} 1
openldap_monitored_object{dn="cn=Backload,cn=Threads,cn=Monitor"} 1
openldap_monitored_object{dn="cn=Max Pending,cn=Threads,cn=Monitor"} 0
openldap_monitored_object{dn="cn=Max,cn=Threads,cn=Monitor"} 16
openldap_monitored_object{dn="cn=Open,cn=Threads,cn=Monitor"} 8
openldap_monitored_object{dn="cn=Pending,cn=Threads,cn=Monitor"} 0
openldap_monitored_object{dn="cn=Starting,cn=Threads,cn=Monitor"} 0
openldap_monitored_object{dn="cn=Uptime,cn=Time,cn=Monitor"} 1.225737e+06
# HELP openldap_scrape successful vs unsuccessful ldap scrape attempts
# TYPE openldap_scrape counter
openldap_scrape{result="ok"} 6985
...
The binary itself is configured via command line flags:
Usage of ./openldap_exporter-linux:
-interval duration
Scrape interval (default 30s)
-ldapAddr string
Address of OpenLDAP server (default "ldap://localhost:389")
-ldapUser string
OpenLDAP bind username (optional)
-ldapPass string
OpenLDAP bind password (optional)
-ldapUseStartTLS
Use start TLS (optional)
-ldapCACrt string
Path to CA certificate for LDAPS (optional)
-promAddr string
Bind address for prometheus HTTP metrics server (default ":9330")
-promCrt string
Path to PEM Certificate (chain) file to run metrics server in https mode (optional, required if CrtKey is used)
-promCrtKey string
Path to PEM Certificate Key file to run metrics server in https mode (optional, required if Crt is used)
-version
Show version and exit
-skipVerifyTLS
Skip verify certificate. Default is True (optional)
-ldapAddr
supports ldaps://
and ldap://
scheme uri's. (defaults to ldap:// scheme)
using the LDAPS scheme will open a connection using TLS.
To use StartTLS use ldap:// scheme and the command line flag -ldapStartTLS
-ldapCACrt
if the ldap server uses a custom CA certificate, add the path to the public CA Cert in PEM format
- Install Go from https://golang.org/
- Install
dep
from https://github.com/golang/dep - Clone this repository and
cd
into its root. - Fetch the third-party libraries:
make deps
- Build the binary:
make build