Monitoring OpenLDAP with Munin is quite simple. There's a few Munin plugins written for this purpose. Some plugins monitor the slapd process and communicate with the cn=monitor DIT, while other plugins monitor the OpenLDAP database files (Berkeley DB) directly.


The slapd plugin will monitor different aspects of the LDAP server itself. It is written in Perl and uses the Net::LDAP Perl module, make sure to install this on your system. The Munin plugin will autoconfigure and autoinstall if the following requirements are in place:

  • Net::LDAP is installed
  • The cn=monitor branch is configured
  • The cn=monitor branch is readable when binding anonymously or the proper credentials are configured in /etc/munin/plugin-conf.d/

Installing Net::LDAP

From source

Use Perl's CPAN interface:

perl -MCPAN -e 'install Net::LDAP'

On Debian based systems

aptitude install libnet-ldap-perl

On Red Hat based systems

yum install Net-LDAP

Configuring cn=monitor

Please refer to monitor-backend for details on how to configure the monitor backend.

Configuring Munin to access cn=monitor

If your cn=monitor branch requires valid credentials, you will need to let the Munin agent know. This is done by creating a file in /etc/munin/plugin-conf.d/ (or by adding to an existing file), and adding content like shown below:

# "server" defaults to localhost, use this if your OpenLDAP server is not local
# Bind DN for a user with access to cn=monitor
env.binddn cn=munin,dc=example,dc=com
# And the user's password
env.bindpw SikritPassword

Installing the plugin

Most distributions will autoinstall all suitable plugins when installing the Munin agent (munin-node). Other plugins may be activated at a later time by running the command

# munin-node-configure --shell --suggest

and then copy/paste the result in your shell.

If the above command doesn't result in any symlinks, try the following command and search for the “slapd_” line. The plugin will let you know what's missing. You might get something like this, indicating what needs to be done:

# munin-node-configure --suggest
slapd_                     | no   | no [Net::LDAP not found]               

The current slapd plugin is a so-called wildcard plugin. If successfully installed, one plugin file is symlinked with different names and is called through the different symlinks for reading the various metrics. If all goes well, the above command will result in a set of symlinks named slapd_connections, slapd_waiters etc. Now please restart the Munin agent (service munin-node restart).

Testing the plugin

After installation, the plugin may be tested with the command “munin-run”, executed as root:

# munin-run slapd_connections
connections.value 19363

If it fails at this stage, the Munin debugging tips might prove helpful.

On the other hand, if you get some values, you can sit back and relax and wait for your graphs to appear.

openldap/cookbook/chapter12/munin.txt · Last modified: d/m/Y H:i by bruberg
Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki