Ldap plugin
plugin to view metrics of your ldap server
- Introduction
- Compatibility matrix
- Prerequisites
- Configuration
- General plugin parameters
- Plug-in specific parameters
- Manual execution
- Configuration in pandora
- Modules generated
Introduction
Ver. 4-08-2021
With this plug-in we will be able to see the metrics of your ldap server.
Type: Server or agent plug-in
Compatibility matrix
Systems where it has been tested |
CentOS 7, Fedora |
Systems where it should work |
Any linux system |
Prerequisites
Required:
- An installation of ldap
- Python3 installed
- The python-ldap module installed.
- To have installed a series of ldap dependencies, which vary depending on the operating system used, these are described in the "Configuration" section.
- Have Pandora FMS Data Server enabled.
- Have Pandora FMS Plugin Server enabled.
Configuration
In order to run the plugin, we must have python3 installed, this can be done with the following command :
CentOS7
yum install python3
We must install the python-ldap module in its python 3 version, this is done with the following command:
yum install python3-ldap
or with pip :
pip3 install python3-ldap
In turn, to install the previous module, we will need the following dependencies:
yum groupinstall "Development tools"
yum install openldap-devel python-devel
Fedora
sudo dnf install python3
In addition, we must have the python-ldap module installed, this is installed with :
pip install python-ldap
Fedora will need the following dependencies (from ldap) for this module to be installed:
sudo dnf install "@C Development Tools and Libraries" openldap-devel \
python2-devel python3-devel python3-tox \
lcov clang-analyzer valgrind
For other systems you can see the necessary python-ldap dependencies in :
https://www.python-ldap.org/en/python-ldap-3.3.0/installing.html
General plugin parameters
python3 pandora_ldap.py -s <server> -b <binding> -p <password> -a <agent> [--as_agent_plugin] [ -g <group> ] [ --data_dir <data_dir > ]
If the execution is correct we will see a 1, when executing the plugin :
If we want to run it as an agent plugin we will do it using the optional parameter "as_agent_plugin" with a "1" which will return an xml with the data of our server:
Plug-in specific parameters
The plug-in has the following parameters:
Parameter |
Description |
-s server, --server server |
This is mandatory. You have to enter your server with the port, e.g. ldap://192.168.1.178:389 |
-h, --help |
Show a small help message (optional, only use to view help) |
-b binding, --binding binding |
This is mandatory. Your ldap data to connect, e.g. cn=ldapadm,dc=sanchez,dc=com |
-p password, --password password |
Your ldap password is required |
-a agent, --agent agent |
The name of the agent to be created with all modules is mandatory. |
--as_agent_plugin |
It's optional, if you want the plugin to be an agent plugin and put the modules in the pandora agent, execute this with a 1 |
-g GROUP, --group GROUP |
Pandora FMS Target Group |
--data_dir DATA_DIR |
Pandora FMS data directory. By default it is /var/spool/pandora/data_in/ |
Help example:
Manual execution
We can test the plugin from the terminal to see if it works, to check it, we run the plugin:
with "as_agent_plugin 1"
Ejecution help example:
Configuration in pandora
Console installation
To register the plugin, from the console, go to the "register plugin" section.
Click on select file.
The .pspz2 file to be uploaded will be selected.
A message will appear informing that you have successfully registered.
Once the plugin is registered, we will see it in the plugins section.
The plugin menu can be accessed by clicking on the plugin title
In parameters we will see the macro used by the plugin, this is not necessary to touch it
In the Default value field, we must enter the path to our .conf file.
To register the plugin, from the console, go to the "register plugin" section.
Click on select file.
Select the .pspz2 file containing the plugin.
A message will appear indicating that the plugin has been uploaded successfully.
Once the plugin is registered, we will see it in the plugins section.
If we click on its title we can navigate to the plugin menu.
You can see the plugin parameters in the plugin menu, all of them will appear, the user must configure them according to the use that the plugin is going to give, the only essential ones are the ones that appear in the parameters section as obligatory.
In the section below you can add a value to each macro.
Manual installation
The best way to manage server plugins in Pandora is from "/usr/share/pandora_server/util/plugin" so we will send it by pscp to that path:
Then we will move to the folder where we have put it ("/usr/share/pandora_server/util/plugin" is the recommended one").
Remember: You have to install the dependencies that the python ldap module needs in your system, it is explained in the configuration section.
We move from home with :
cd /usr/share/pandora_server/util/plugin/
We run the plugin to see that it works:
python3 pandora_ldap.py -s <server> -b <binding> -p <password> -a <agent> [--as_agent_plugin] [ -g <group> ] [ --data_dir <data_dir > ]
With as_agent_plugin 1 we will be able to see an XML with the data that will be shown in the console:
If we execute it in the first way, without "as_agent_plugin 1", we will have created an agent with the name we have given it in the -a parameter with all the modules.
Anyway, if you prefer to install it manually from the console, the process would be as follows:
As a server plugin
click in "add":
We put in the name and description of your choice:
We enter as command the path to the plugin, and as parameters the ones we have entered by executing the plugin, the "_field_" fields are macros defined below.
We put for each macro the description of your choice and as value the data of your ldap server.
As agent plugin
We should enable the remote configuration, to enable it we have to open the pandora_agent.conf file:
vim /etc/pandora/pandora_agent.conf
Inside we look for the remote_config line, to enable it we set it to 1.
And after that we restart the agent :
/etc/init.d/pandora_agent_daemon restart
The remote configuration will have been activated, go to the agents menu and click on the remote configuration icon, which is as follows:
Then we go to plugin menu :
We enter the command, click in add:
Example:
python3 /usr/share/pandora_server/util/plugin/pandoraversion_ldap.py -s ldap://localhost.localdomain:389 -b cn=ldapadm,dc=sanchez,dc=com -p redhat -a ldapserver --as_agent_plugin 1
A new plugin will have been created:
Once this is done, we restart the agent:
/etc/init.d/pandora_agent_daemon restart
And if we go to the agent with the remote configuration, the ldap modules will have been created.
Modules generated
An agent will be created with the name we have given it in the execution, which will contain all the agents:
Modules generated
Name | Description |
Abandon operations completed | Type of operation "abandon" completed |
Abandon operations initiated | Type of operation "abandon" initiated |
active operations | all active operations |
Add operations completed | Type of operation "add" completed |
Add operations initiated | Type of operation "add" initiated |
authentications/sec | Number of authentications(binds) per second |
Bind operations completed | Type of operation "bind" completed |
Bind operations initiated | Type of operation "bind" initiated |
Bytes statics | Bytes statics |
cn=Operations,cn=Monitor completed | All operations completed |
cn=Operations,cn=Monitor initiated | All operations initiated |
Compare operations completed | Type of operation "compare" completed |
Compare operations initiated | Type of operation "compare" initiated |
Current connections | Number of current connections |
Delete operations completed | Type of operation "completed" completed |
Delete operations initiated | Type of operation "delete" initiated |
Entries statics | Entries statics, sub tree statics |
Extended operations completed | Type of operation "extended" completed |
Extended operations initiated | Type of operation "extended" initiated |
Max Descriptor connections | Max Descriptor connections |
Modify operations completed | Type of operation "modify" completed |
Modify operations initiated | Type of operation "modify" initiated |
Modrdn completed | Modrdn completed |
Modrdn initiated | Modrdn initiated |
operations/sec | number total operations per second |
PDU statics | PDU statics |
Read waiters | Read waiters |
Referrals statics | Referrals statics |
Response time | Response ldap server time |
Search operations completed | Type of operation "search" completed |
Search operations initiated | Type of operation "search" initiated |
Total connections | Number of total connections |
Unbind Operations completed | Type of operation "unbind" completed |
Unbind Operations initiated | Type of operation "unbind" initiated |
Write waiters | Write waiters |