Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
Smokeping_probes_LDAP(3)	   SmokePing	      Smokeping_probes_LDAP(3)

NAME
       Smokeping::probes::LDAP - a LDAP	probe for SmokePing

OVERVIEW
       Measures	LDAP search latency for	SmokePing

SYNOPSIS
	*** Probes ***

	+LDAP

	forks =	5
	offset = 50%
	passwordfile = /some/place/secret
	step = 300

	# The following	variables can be overridden in each target section
	attrs =	uid,someotherattr
	base = dc=foo,dc=bar
	binddn = uid=testuser,dc=foo,dc=bar
	filter = uid=testuser #	mandatory
	mininterval = 1
	password = mypass
	pings =	5
	port = 389
	scheme = ldap
	scope =	one
	start_tls = 1
	timeout	= 10
	verify = optional
	version	= 3

	# [...]

	*** Targets ***

	probe =	LDAP # if this should be the default probe

	# [...]

	+ mytarget
	# probe	= LDAP # if the	default	probe is something else
	host = my.host
	attrs =	uid,someotherattr
	base = dc=foo,dc=bar
	binddn = uid=testuser,dc=foo,dc=bar
	filter = uid=testuser #	mandatory
	mininterval = 1
	password = mypass
	pings =	5
	port = 389
	scheme = ldap
	scope =	one
	start_tls = 1
	timeout	= 10
	verify = optional
	version	= 3

DESCRIPTION
       This probe measures LDAP	query latency for SmokePing.  The query	is
       specified by the	target-specific	variable `filter' and, optionally, by
       the target-specific variable `base'. The	attributes queried can be
       specified in the	comma-separated	list `attrs'.

       The TCP port of the LDAP	server and the LDAP version to be used can be
       specified by the	variables `port' and `version'.

       The probe can issue the starttls	command	to convert the connection into
       encrypted mode, if so instructed	by the `start_tls' variable.  This
       requires	the 'IO::Socket::SSL' perl module to be	installed.

       The probe can also optionally do	an authenticated LDAP bind, if the
       `binddn'	variable is present. The password to be	used can be specified
       by the target-specific variable `password' or in	an external file.  The
       location	of this	file is	given in the probe-specific variable
       `passwordfile'. See Smokeping::probes::passwordchecker(3pm) for the
       format of this file (summary: colon-separated triplets of the form
       `<host>:<bind-dn>:<password>')

       The probe tries to be nice to the server	and does not send
       authentication requests more frequently than once every X seconds,
       where X is the value of the target-specific "min_interval" variable (1
       by default).

VARIABLES
       Supported probe-specific	variables:

       forks
	   Run this many concurrent processes at maximum

	   Example value: 5

	   Default value: 5

       offset
	   If you run many probes concurrently you may want to prevent them
	   from	hitting	your network all at the	same time. Using the probe-
	   specific offset parameter you can change the	point in time when
	   each	probe will be run. Offset is specified in % of total interval,
	   or alternatively as 'random', and the offset	from the 'General'
	   section is used if nothing is specified here. Note that this	does
	   NOT influence the rrds itself, it is	just a matter of when data
	   acqusition is initiated.  (This variable is only applicable if the
	   variable 'concurrentprobes' is set in the 'General' section.)

	   Example value: 50%

       passwordfile
	   Location of the file	containing usernames and passwords.

	   Example value: /some/place/secret

       step
	   Duration of the base	interval that this probe should	use, if
	   different from the one specified in the 'Database' section. Note
	   that	the step in the	RRD files is fixed when	they are originally
	   generated, and if you change	the step parameter afterwards, you'll
	   have	to delete the old RRD files or somehow convert them. (This
	   variable is only applicable if the variable 'concurrentprobes' is
	   set in the 'General'	section.)

	   Example value: 300

       Supported target-specific variables:

       attrs
	   The attributes queried.

	   Example value: uid,someotherattr

       base
	   The base to be used in the LDAP query

	   Example value: dc=foo,dc=bar

       binddn
	   If present, authenticate the	LDAP bind with this DN.

	   Example value: uid=testuser,dc=foo,dc=bar

       filter
	   The actual search to	be made

	   Example value: uid=testuser

	   This	setting	is mandatory.

       mininterval
	   The minimum interval	between	each query sent, in (possibly
	   fractional) second s.

	   Default value: 1

       password
	   The password	to be used, if not present in <passwordfile>.

	   Example value: mypass

       pings
	   How many pings should be sent to each target, if different from the
	   global value	specified in the Database section. Note	that the
	   number of pings in the RRD files is fixed when they are originally
	   generated, and if you change	this parameter afterwards, you'll have
	   to delete the old RRD files or somehow convert them.

	   Example value: 5

       port
	   TCP port of the LDAP	server

	   Example value: 389

       scheme
	   LDAP	scheme to use: ldap, ldaps or ldapi

	   Example value: ldap

	   Default value: ldap

       scope
	   The scope of	the query. Can be either 'base', 'one' or 'sub'. See
	   the Net::LDAP documentation for details.

	   Example value: one

	   Default value: sub

       start_tls
	   If true, encrypt the	connection with	the starttls command. Disabled
	   by default.

	   Example value: 1

       timeout
	   LDAP	query timeout in seconds.

	   Example value: 10

	   Default value: 5

       verify
	   The TLS verification	level. Can be either 'none', 'optional',
	   'require'. See the Net::LDAPS documentation for details.

	   Example value: optional

	   Default value: require

       version
	   The LDAP version to be used.

	   Example value: 3

AUTHORS
       Niko Tyni <ntyni@iki.fi>

BUGS
       There should be a way of	specifying TLS options,	such as	the
       certificates involved etc.

       The probe has an	ugly way of working around the fact that the
       IO::Socket::SSL class complains if start_tls() is done more than	once
       in the same program. But	It Works For Me	(tm).

2.7.3				  2020-08-30	      Smokeping_probes_LDAP(3)

NAME | OVERVIEW | SYNOPSIS | DESCRIPTION | VARIABLES | AUTHORS | BUGS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=Smokeping_probes_LDAP&sektion=3&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help