Monitoring server performance


Enter the following (UNIX) command to see logging information:

ldapsearch -h server1 -s base -b "cn=monitor" "objectclass=*"

The following information is shown:

  • Server version number

  • Number of currently active threads used for handling requests.

  • Summary information for each open connection

  • Number of current connections

  • Number of connections since the directory server was started

  • Number of file descriptors available to the directory server

  • Number of threads waiting to read data from a client

  • Number of operations the server has started since it was started

  • Number of operations the server has completed since it was started

  • Number of entries sent to clients since the server was started

  • Bytes sent to clients since server start

  • Current time

  • GMT UTC time the server was started.

  • Number of databases served by this server

  • Level of thread concurrency

  • DN of each directory database

Database activity is monitored using a query similar to this one:

ldapsearch -h server1 -s base -b "cn=monitor,cn=your_database_name, cn=ldbm database,cn=plugins,cn=config" "objectclass=*"

OpenLDAP monitoring

The common UNIX tools and ways are your help here. First check the process ID of the slapd daemon, then go into the /proc/<slapd_PID> directory. The various files and directories there will give you a pretty good idea of what your server is doing.

If you prefer something more straight forward, use top -p slapd_PID:

17:53:16  up 30 days,  3:15,  5 users,  load average: 0.25, 0.14, 0.11
1 processes: 1 sleeping, 0 running, 0 zombie, 0 stopped
CPU states:   0.9% user   0.5% system   0.0% nice   0.0% iowait  98.5% idle
Mem: 497652k av,  491404k used, 6248k free,  0k shrd, 126544k buff
     371664k actv,     0k in_d, 10208k in_c
Swap: 1044184k av,   63304k used,  980880k free    211792k cached
1010 ldap   25  0 2964 2116  1084 S     0.0  0.4 0:37   0 slapd

Additionally, information about file descriptors and such may be found in the /var/log/slapd-log file(s).

Monitoring with SNMP

Lots of tools using the Simple Network Management Protocol are available, check with FreshMeat or SourceForge. Most of the tools use SNMP commands in Perl, shell or other scripts for reporting to queries from the network.

This supposes that you have an SNMP package installed and an snmpd running and answering queries. If this is not the case, see for instance, formerly known as ucd-snmp (they have Solaris binaries too).

When using net-snmp, you will find the /etc/snmp/snmpd.conf file that comes with the package full of examples that are perfectly suited for our purposes. On the most basic level, you can have SNMP report whether your LDAP server is running, including these directives in /etc/snmp/snmpd.conf:

In the “Access Control” section, add this line for faster access (without authentication):

view	systemview	included	.

In the “Process Checks” section, add a line containing the name of the process you want to monitor, as it appears in the process list:

proc /usr/sbin/slapd

Using snmpwalk will generate the following output:

userprompt:~> snmpwalk -v 2c localhost -c public .
UCD-SNMP-MIB::prIndex.1 = INTEGER: 1
UCD-SNMP-MIB::prNames.1 = STRING: /usr/sbin/slapd
UCD-SNMP-MIB::prCount.1 = INTEGER: 1
UCD-SNMP-MIB::prErrorFlag.1 = INTEGER: 0
UCD-SNMP-MIB::prErrMessage.1 = STRING:

You will get an error message in the “UCD-SNMP-MIB::prErrMessage.1” container when the daemon is not running.

Similarly, you can add lines that monitor system load, diskspace on your E-mail partition, file size and such. Or for the more advanced monitoring setup, write scripts that check on network connection, file descriptors and such, and include this in the snmpd.conf file. We included this example for testing that the server is listening on the LDAP port:

LDAP_PORT=`netstat -a | grep -i listen | grep -i ldap`
if [ -n $LDAP_PORT ] ; then
	echo "Listening for LDAP connections."
	echo "Error: No TCP port listening for LDAP connections!"

Place the script in your favorite scripting directory, and refer to it in the snmpd.conf file like this:

exec ldapcheck /bin/bash /your_dir/

This script can be executed issuing the query:

snmpwalk -v 2c <your_ldap_server> -c public .

If you want to get warnings when things go wrong, you need to trap the SNMP signals. More information about this and more advanced subjects can be found in the man pages that come with the net-snmp package.