Enter the following (UNIX) command to see logging information:
ldapsearch -h server1 -s base -b "cn=monitor" "objectclass=*"
The following information is shown:
Server version number
Number of currently active threads used for handling requests.
Summary information for each open connection
Number of current connections
Number of connections since the directory server was started
Number of file descriptors available to the directory server
Number of threads waiting to read data from a client
Number of operations the server has started since it was started
Number of operations the server has completed since it was started
Number of entries sent to clients since the server was started
Bytes sent to clients since server start
GMT UTC time the server was started.
Number of databases served by this server
Level of thread concurrency
DN of each directory database
Database activity is monitored using a query similar to this one:
ldapsearch -h server1 -s base -b "cn=monitor,cn=your_database_name, cn=ldbm database,cn=plugins,cn=config" "objectclass=*"
The common UNIX tools and ways are your help here. First check the process ID of the slapd daemon, then go into the /proc/<slapd_PID> directory. The various files and directories there will give you a pretty good idea of what your server is doing.
If you prefer something more straight forward, use top -p slapd_PID:
17:53:16 up 30 days, 3:15, 5 users, load average: 0.25, 0.14, 0.11 1 processes: 1 sleeping, 0 running, 0 zombie, 0 stopped CPU states: 0.9% user 0.5% system 0.0% nice 0.0% iowait 98.5% idle Mem: 497652k av, 491404k used, 6248k free, 0k shrd, 126544k buff 371664k actv, 0k in_d, 10208k in_c Swap: 1044184k av, 63304k used, 980880k free 211792k cached PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND 1010 ldap 25 0 2964 2116 1084 S 0.0 0.4 0:37 0 slapd
Additionally, information about file descriptors and such may be found in the /var/log/slapd-log file(s).
Lots of tools using the Simple Network Management Protocol are available, check with FreshMeat or SourceForge. Most of the tools use SNMP commands in Perl, shell or other scripts for reporting to queries from the network.
This supposes that you have an SNMP package installed and an snmpd running and answering queries. If this is not the case, see for instance http://www.net-snmp.org/, formerly known as ucd-snmp (they have Solaris binaries too).
When using net-snmp, you will find the /etc/snmp/snmpd.conf file that comes with the package full of examples that are perfectly suited for our purposes. On the most basic level, you can have SNMP report whether your LDAP server is running, including these directives in /etc/snmp/snmpd.conf:
In the “Access Control” section, add this line for faster access (without authentication):
view systemview included .18.104.22.168.4.1
In the “Process Checks” section, add a line containing the name of the process you want to monitor, as it appears in the process list:
Using snmpwalk will generate the following output:
userprompt:~> snmpwalk -v 2c localhost -c public .22.214.171.124.4.1.2021.2 UCD-SNMP-MIB::prIndex.1 = INTEGER: 1 UCD-SNMP-MIB::prNames.1 = STRING: /usr/sbin/slapd UCD-SNMP-MIB::prMin.1 = INTEGER: 0 UCD-SNMP-MIB::prMax.1 = INTEGER: 0 UCD-SNMP-MIB::prCount.1 = INTEGER: 1 UCD-SNMP-MIB::prErrorFlag.1 = INTEGER: 0 UCD-SNMP-MIB::prErrMessage.1 = STRING: UCD-SNMP-MIB::prErrFix.1 = INTEGER: 0 UCD-SNMP-MIB::prErrFixCmd.1 = STRING:
You will get an error message in the “UCD-SNMP-MIB::prErrMessage.1” container when the daemon is not running.
Similarly, you can add lines that monitor system load, diskspace on your E-mail partition, file size and such. Or for the more advanced monitoring setup, write scripts that check on network connection, file descriptors and such, and include this in the snmpd.conf file. We included this example for testing that the server is listening on the LDAP port:
#!/bin/bash LDAP_PORT=`netstat -a | grep -i listen | grep -i ldap` if [ -n $LDAP_PORT ] ; then echo "Listening for LDAP connections." else echo "Error: No TCP port listening for LDAP connections!" fi
Place the script in your favorite scripting directory, and refer to it in the snmpd.conf file like this:
exec ldapcheck /bin/bash /your_dir/ldapcheck.sh
This script can be executed issuing the query:
snmpwalk -v 2c <your_ldap_server> -c public .126.96.36.199.4.1.2021.8
If you want to get warnings when things go wrong, you need to trap the SNMP signals. More information about this and more advanced subjects can be found in the man pages that come with the net-snmp package.