OpenLDAP back-sock listeners with Python

This package provides monitoring checks for OpenLDAP's slapd(8).

Copyright & License

© 2015-2019 by Michael Ströder

  Licensed under the Apache License, Version 2.0 (the "License"); you may
  not use files and content provided on this web site except in compliance
  with the License. You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.

Download

Installation

Install via PyPI:
pip install slapdcheck

Usage

Three command-line parameters are needed:

  1. LDAP URI for local access via LDAP-over-IPC (LDAPI)
  2. LDAP URI for local access via LDAPS
  3. Expected authz-DN returned by Whoami Exteneded Operation

Example:

/usr/bin/python3.7 -m slapdcheck.checkmk \
  'ldapi://' \
  'ldaps://ae-dir-suse-p1.example.com' \
  'dn:uid=ae-dir-slapd_ae-dir-suse-p1,cn=ae,dc=ae-dir,dc=example,dc=org'

Example output

0 SlapdCert - OK - Server cert '/opt/ae-dir/etc/tls/ae-dir-suse-p1.example.com.crt' valid until 2020-02-23 13:20:20 UTC (83 days left, 77.3 % elapsed), modulus_match==True
0 SlapdConfig - OK - Successfully connected to 'ldapi://%2Fopt%2Fae-dir%2Frun%2Fslapd%2Fldapi' as 'dn:cn=root,dc=ae-dir,dc=example,dc=org' found 'cn=config' and 'cn=Monitor'
0 SlapdConns count=9|percent=7.03125 OK - 9 open connections (max. 128)
0 SlapdContextCSN_2_dc_ae_dir_dc_example_dc_org_ae_dir_deb_p1_virtnet1_stroeder_local num_csn_values=6|connect_latency=0.009424209594726562 OK - 6 contextCSN attribute values retrieved for 'dc=ae-dir,dc=example,dc=org' from 'ldaps://ae-dir-deb-p1.example.com'
0 SlapdContextCSN_2_dc_ae_dir_dc_example_dc_org_ae_dir_suse_p2_virtnet1_stroeder_local num_csn_values=6|connect_latency=0.011068105697631836 OK - 6 contextCSN attribute values retrieved for 'dc=ae-dir,dc=example,dc=org' from 'ldaps://ae-dir-suse-p2.example.com'
0 SlapdDatabases - OK - Found 2 real databases: {1}mdb: cn=accesslog-ae-dir / {2}mdb: dc=ae-dir,dc=example,dc=org
0 SlapdEntryCount_1_cn_accesslog_ae_dir count=15472 OK - 'cn=accesslog-ae-dir' has 15472 entries (response time 0.0 s)
0 SlapdEntryCount_2_dc_ae_dir_dc_example_dc_org count=6170 OK - 'dc=ae-dir,dc=example,dc=org' has 6170 entries (response time 0.0 s)
0 SlapdMDBSize_1_cn_accesslog_ae_dir mdb_pages_used=9506|mdb_pages_max=122070|mdb_use_percentage=7.787335135577947 OK - LMDB in '/opt/ae-dir/slapd-db/accesslog' uses 9506 of max. 122070 pages (7.8 %)
0 SlapdMDBSize_2_dc_ae_dir_dc_example_dc_org mdb_pages_used=5424|mdb_pages_max=24414|mdb_use_percentage=22.21676087490784 OK - LMDB in '/opt/ae-dir/slapd-db/um' uses 5424 of max. 24414 pages (22.2 %)
0 SlapdMonitor - OK - Successfully retrieved 64 entries from 'cn=Monitor' on 'ldapi://%2Fopt%2Fae-dir%2Frun%2Fslapd%2Fldapi'
0 SlapdOps ops_completed_rate=0.9036455399436838|ops_initiated_rate=0.9036455399436838|ops_waiting=1 OK - 10 operation types / completed 423 of 424 operations (0.90/s completed, 0.90/s initiated, 1 waiting)
0 SlapdOps_Abandon ops_completed_rate=0.0|ops_initiated_rate=0.0|ops_waiting=0 OK - completed 0 of 0 operations (0.00/s completed, 0.00/s initiated, 0 waiting)
0 SlapdOps_Add ops_completed_rate=0.0|ops_initiated_rate=0.0|ops_waiting=0 OK - completed 0 of 0 operations (0.00/s completed, 0.00/s initiated, 0 waiting)
0 SlapdOps_Bind ops_completed_rate=0.13902239076056674|ops_initiated_rate=0.13902239076056674|ops_waiting=0 OK - completed 58 of 58 operations (0.14/s completed, 0.14/s initiated, 0 waiting)
0 SlapdOps_Compare ops_completed_rate=0.0|ops_initiated_rate=0.0|ops_waiting=0 OK - completed 0 of 0 operations (0.00/s completed, 0.00/s initiated, 0 waiting)
0 SlapdOps_Delete ops_completed_rate=0.0|ops_initiated_rate=0.0|ops_waiting=0 OK - completed 0 of 0 operations (0.00/s completed, 0.00/s initiated, 0 waiting)
0 SlapdOps_Extended ops_completed_rate=0.13902239076056674|ops_initiated_rate=0.13902239076056674|ops_waiting=0 OK - completed 51 of 51 operations (0.14/s completed, 0.14/s initiated, 0 waiting)
0 SlapdOps_Modify ops_completed_rate=0.0|ops_initiated_rate=0.0|ops_waiting=0 OK - completed 0 of 0 operations (0.00/s completed, 0.00/s initiated, 0 waiting)
0 SlapdOps_Modrdn ops_completed_rate=0.0|ops_initiated_rate=0.0|ops_waiting=0 OK - completed 0 of 0 operations (0.00/s completed, 0.00/s initiated, 0 waiting)
0 SlapdOps_Search ops_completed_rate=0.4865783676619836|ops_initiated_rate=0.4865783676619836|ops_waiting=1 OK - completed 265 of 266 operations (0.49/s completed, 0.49/s initiated, 1 waiting)
0 SlapdOps_Unbind ops_completed_rate=0.13902239076056674|ops_initiated_rate=0.13902239076056674|ops_waiting=0 OK - completed 49 of 49 operations (0.14/s completed, 0.14/s initiated, 0 waiting)
1 SlapdProviders count=2|total=3|percent=66.66666666666666|avg_latency=0.0102461576461792|max_latency=0.011068105697631836 WARNING - Connected to 2 of 3 (66.7%) providers: Error connecting to 'ldaps://ae-dir-centos-p2.example.com' (10.54.1.52): {'desc': b"Can't contact LDAP server", 'errno': 107, 'info': b'Transport endpoint is not connected'}
0 SlapdReplTopology - OK - successfully retrieved syncrepl topology with 3 items: {'ldaps://ae-dir-deb-p1.example.com': [(2, 'dc=ae-dir,dc=example,dc=org', SyncReplDesc(rid=001))], 'ldaps://ae-dir-suse-p2.example.com': [(2, 'dc=ae-dir,dc=example,dc=org', SyncReplDesc(rid=003))], 'ldaps://ae-dir-centos-p2.example.com': [(2, 'dc=ae-dir,dc=example,dc=org', SyncReplDesc(rid=005))]}
0 SlapdSASLHostname - OK - olcSaslHost 'ae-dir-suse-p1.example.com' found
0 SlapdSelfConn connect_latency=0.004731416702270508 OK - successfully bound to 'ldaps://ae-dir-suse-p1.example.com' as 'dn:uid=ae-dir-slapd_ae-dir-suse-p1,cn=ae,dc=ae-dir,dc=example,dc=org'
0 SlapdSock - OK - Found 1 back-sock listeners
0 SlapdSock__opt_ae_dir_run_hotp_validator_socket sockAvgResponseTime=3e-05|sockBytesReceived=347.0|sockBytesSent=839.0|sockHOTPKeyCount=0.0|sockHOTPMaxLookAheadSeen=0.0|sockLogLevel=20.0|sockMaxResponseTime=0.00206|sockRequestAll=4.0|sockRequestBindCount=1.0|sockRequestMonitorCount=3.0|sockThreadCount=1.0 OK - Connected to bind/compare listener '/opt/ae-dir/run/hotp_validator/socket' and received 416 bytes
0 SlapdStart - OK - slapd[866] started at 2019-12-01 19:03:07, 1:23:29.815011 ago
0 SlapdStats bytes=292.642132550993|entries=1.784120681427273|pdu=2.5487438306103902|referrals=502.3574090133079 OK - Stats: 6298235 bytes (292.6 bytes/sec) / 21308 entries (1.8 entries/sec) / 21681 PDUs (2.5 PDUs/sec) / 0 referrals (502.4 referrals/sec)
1 SlapdSyncRepl_2_dc_ae_dir_dc_example_dc_org max_csn_timedelta=0.0 WARNING - 'dc=ae-dir,dc=example,dc=org' max. contextCSN delta: 0.0 / KeyError for 'ldaps://ae-dir-centos-p2.example.com' / 'dc=ae-dir,dc=example,dc=org': 'ldaps://ae-dir-centos-p2.example.com'
0 SlapdThreads threads_active=1|threads_pending=0 OK - Thread counts active:1 pending: 0