Provided by: smokeping_2.8.2+ds-1_all 
NAME
Smokeping::probes::LDAP - a LDAP probe for SmokePing
OVERVIEW
Measures LDAP search latency for SmokePing
SYNOPSIS
*** Probes ***
+LDAP
forks = 5
offset = 50%
passwordfile = /some/place/secret
step = 300
# The following variables can be overridden in each target section
/^influx_.+/ = influx_location = In the basement
attrs = uid,someotherattr
base = dc=foo,dc=bar
binddn = uid=testuser,dc=foo,dc=bar
filter = uid=testuser # mandatory
mininterval = 1
password = mypass
pings = 5
port = 389
scheme = ldap
scope = one
start_tls = 1
timeout = 10
verify = optional
version = 3
# [...]
*** Targets ***
probe = LDAP # if this should be the default probe
# [...]
+ mytarget
# probe = LDAP # if the default probe is something else
host = my.host
/^influx_.+/ = influx_location = In the basement
attrs = uid,someotherattr
base = dc=foo,dc=bar
binddn = uid=testuser,dc=foo,dc=bar
filter = uid=testuser # mandatory
mininterval = 1
password = mypass
pings = 5
port = 389
scheme = ldap
scope = one
start_tls = 1
timeout = 10
verify = optional
version = 3
DESCRIPTION
This probe measures LDAP query latency for SmokePing. The query is specified by the target-specific
variable `filter' and, optionally, by the target-specific variable `base'. The attributes queried can be
specified in the comma-separated list `attrs'.
The TCP port of the LDAP server and the LDAP version to be used can be specified by the variables `port'
and `version'.
The probe can issue the starttls command to convert the connection into encrypted mode, if so instructed
by the `start_tls' variable. This requires the 'IO::Socket::SSL' perl module to be installed.
The probe can also optionally do an authenticated LDAP bind, if the `binddn' variable is present. The
password to be used can be specified by the target-specific variable `password' or in an external file.
The location of this file is given in the probe-specific variable `passwordfile'. See
Smokeping::probes::passwordchecker(3pm) for the format of this file (summary: colon-separated triplets of
the form `<host>:<bind-dn>:<password>')
The probe tries to be nice to the server and does not send authentication requests more frequently than
once every X seconds, where X is the value of the target-specific "min_interval" variable (1 by default).
VARIABLES
Supported probe-specific variables:
forks
Run this many concurrent processes at maximum
Example value: 5
Default value: 5
offset
If you run many probes concurrently you may want to prevent them from hitting your network all at the
same time. Using the probe-specific offset parameter you can change the point in time when each probe
will be run. Offset is specified in % of total interval, or alternatively as 'random', and the offset
from the 'General' section is used if nothing is specified here. Note that this does NOT influence
the rrds itself, it is just a matter of when data acquisition is initiated. (This variable is only
applicable if the variable 'concurrentprobes' is set in the 'General' section.)
Example value: 50%
passwordfile
Location of the file containing usernames and passwords.
Example value: /some/place/secret
step
Duration of the base interval that this probe should use, if different from the one specified in the
'Database' section. Note that the step in the RRD files is fixed when they are originally generated,
and if you change the step parameter afterwards, you'll have to delete the old RRD files or somehow
convert them. (This variable is only applicable if the variable 'concurrentprobes' is set in the
'General' section.)
Example value: 300
Supported target-specific variables:
/^influx_.+/
This is a tag that will be sent to influxdb and has no impact on the probe measurement. The tag name
will be sent without the "influx_" prefix, which will be replaced with "tag_" instead. Tags can be
used for filtering.
Example value: influx_location = In the basement
attrs
The attributes queried.
Example value: uid,someotherattr
base
The base to be used in the LDAP query
Example value: dc=foo,dc=bar
binddn
If present, authenticate the LDAP bind with this DN.
Example value: uid=testuser,dc=foo,dc=bar
filter
The actual search to be made
Example value: uid=testuser
This setting is mandatory.
mininterval
The minimum interval between each query sent, in (possibly fractional) second s.
Default value: 1
password
The password to be used, if not present in <passwordfile>.
Example value: mypass
pings
How many pings should be sent to each target, if different from the global value specified in the
Database section. Note that the number of pings in the RRD files is fixed when they are originally
generated, and if you change this parameter afterwards, you'll have to delete the old RRD files or
somehow convert them.
Example value: 5
port
TCP port of the LDAP server
Example value: 389
scheme
LDAP scheme to use: ldap, ldaps or ldapi
Example value: ldap
Default value: ldap
scope
The scope of the query. Can be either 'base', 'one' or 'sub'. See the Net::LDAP documentation for
details.
Example value: one
Default value: sub
start_tls
If true, encrypt the connection with the starttls command. Disabled by default.
Example value: 1
timeout
LDAP query timeout in seconds.
Example value: 10
Default value: 5
verify
The TLS verification level. Can be either 'none', 'optional', 'require'. See the Net::LDAPS
documentation for details.
Example value: optional
Default value: require
version
The LDAP version to be used.
Example value: 3
AUTHORS
Niko Tyni <ntyni@iki.fi>
BUGS
There should be a way of specifying TLS options, such as the certificates involved etc.
The probe has an ugly way of working around the fact that the IO::Socket::SSL class complains if
start_tls() is done more than once in the same program. But It Works For Me (tm).
2.8.2 2024-02-04 Smokeping_probes_LDAP(3)