Ldap plugin

plugin to view metrics of your ldap server

Introduction

Ver. 4-08-2021

With this plug-in we will be able to see the metrics of your ldap server.

Type: Server or agent plug-in

Compatibility matrix

Systems where it has been tested

CentOS 7, Fedora
Systems where it should work

Any linux system 

Prerequisites

Required:

Configuration

In order to run the plugin, we must have python3 installed, this can be done with the following command :

CentOS7

yum install python3

We must install the python-ldap module in its python 3 version, this is done with the following command:

yum install python3-ldap

or with pip :

pip3 install python3-ldap

In turn, to install the previous module, we will need the following dependencies:

yum groupinstall "Development tools"
yum install openldap-devel python-devel

Fedora

sudo dnf install python3

In addition, we must have the python-ldap module installed, this is installed with :

pip install python-ldap

Fedora will need the following dependencies (from ldap) for this module to be installed:

sudo dnf install "@C Development Tools and Libraries" openldap-devel \
    python2-devel python3-devel python3-tox \
    lcov clang-analyzer valgrind

For other systems you can see the necessary python-ldap dependencies in :

https://www.python-ldap.org/en/python-ldap-3.3.0/installing.html

General plugin parameters

python3 pandora_ldap.py -s <server> -b <binding> -p <password> -a <agent> [--as_agent_plugin] [ -g <group> ] [ --data_dir <data_dir > ]

If the execution is correct we will see a 1, when executing the plugin :

image-1628163254868.png

If we want to run it as an agent plugin we will do it using the optional parameter "as_agent_plugin" with a "1" which will return an xml with the data of our server:

image-1628163294700.png

Plug-in specific parameters

The plug-in has the following parameters:

Parameter

Description

-s server, --server server

This is mandatory. You have to enter your server with the port, e.g. ldap://192.168.1.178:389

-h, --help

Show a small help message (optional, only use to view help)

-b binding, --binding binding

This is mandatory. Your ldap data to connect, e.g. cn=ldapadm,dc=sanchez,dc=com

-p password, --password password

Your ldap password is required

-a agent, --agent agent

The name of the agent to be created with all modules is mandatory.

--as_agent_plugin

It's optional, if you want the plugin to be an agent plugin and put the modules in the pandora agent, execute this with a 1

-g GROUP, --group GROUP

Pandora FMS Target Group

--data_dir DATA_DIR

Pandora FMS data directory. By default it is /var/spool/pandora/data_in/

Help example:

image-1628071303165.png

Manual execution

We can test the plugin from the terminal to see if it works, to check it, we run the plugin:

image-1628163608269.png

with "as_agent_plugin 1"

image-1628163632481.png

Ejecution help example:

image-1628163668871.png

Configuration in pandora

Console installation

To register the plugin, from the console, go to the "register plugin" section.

register_plugin.png

Click on select file.

register_plugin2.png

The .pspz2 file to be uploaded will be selected.

register1_openshift.png

A message will appear informing that you have successfully registered.

register2_openshift.png

Once the plugin is registered, we will see it in the plugins section.

serversingles.png

The plugin menu can be accessed by clicking on the plugin title

register3_openshift.png

In parameters we will see the macro used by the plugin, this is not necessary to touch it

register4_openshift.png

In the Default value field, we must enter the path to our .conf file.

register5_openshift.png

 

To register the plugin, from the console, go to the "register plugin" section.

register_plugin.png

Click on select file.

register_plugin2.png

Select the .pspz2 file containing the plugin.

register2_ldap.png

A message will appear indicating that the plugin has been uploaded successfully.

image-1651071986811.png

Once the plugin is registered, we will see it in the plugins section.

serversingles.png

If we click on its title we can navigate to the plugin menu.

register3_ldap.png

You can see the plugin parameters in the plugin menu, all of them will appear, the user must configure them according to the use that the plugin is going to give, the only essential ones are the ones that appear in the parameters section as obligatory.

register4_ldap.png

In the section below you can add a value to each macro.

register5_ldap.png

 

Manual installation

The best way to manage server plugins in Pandora is from "/usr/share/pandora_server/util/plugin" so we will send it by pscp to that path:

image-1628163722703.png

Then we will move to the folder where we have put it ("/usr/share/pandora_server/util/plugin" is the recommended one").

Remember: You have to install the dependencies that the python ldap module needs in your system, it is explained in the configuration section.

We move from home with :

cd /usr/share/pandora_server/util/plugin/

We run the plugin to see that it works:

python3 pandora_ldap.py -s <server> -b <binding> -p <password> -a <agent> [--as_agent_plugin] [ -g <group> ] [ --data_dir <data_dir > ]

image-1628163800459.png

With as_agent_plugin 1 we will be able to see an XML with the data that will be shown in the console:

image-1628163832028.png

If we execute it in the first way, without "as_agent_plugin 1", we will have created an agent with the name we have given it in the -a parameter with all the modules.

Anyway, if you prefer to install it manually from the console, the process would be as follows:

As a server plugin

The best way to manage server plugins in Pandora is from "/usr/share/pandora_server/util/plugin" so we will send it by pscp to that path:

image-1628163917552.png

click in "add":

image-1628163953623.png

We put in the name and description of your choice:

image-1628163980785.png

We enter as command the path to the plugin, and as parameters the ones we have entered by executing the plugin, the "_field_" fields are macros defined below.

image-1628164014266.png

We put for each macro the description of your choice and as value the data of your ldap server.

image-1628164041396.png

As agent plugin

We should enable the remote configuration, to enable it we have to open the pandora_agent.conf file:

vim /etc/pandora/pandora_agent.conf

Inside we look for the remote_config line, to enable it we set it to 1.

image-1628164126735.png

And after that we restart the agent :

/etc/init.d/pandora_agent_daemon restart

The remote configuration will have been activated, go to the agents menu and click on the remote configuration icon, which is as follows:

image-1628164250956.png

Then we go to plugin menu :

image-1628164269638.png

We enter the command, click in add:

image-1628164300076.png

Example:

python3 /usr/share/pandora_server/util/plugin/pandoraversion_ldap.py -s ldap://localhost.localdomain:389 -b cn=ldapadm,dc=sanchez,dc=com -p redhat -a ldapserver --as_agent_plugin 1

A new plugin will have been created:

image-1628164348935.png

Once this is done, we restart the agent:

/etc/init.d/pandora_agent_daemon restart

And if we go to the agent with the remote configuration, the ldap modules will have been created.

Modules generated

An agent will be created with the name we have given it in the execution, which will contain all the agents:

image-1628164454997.png

Modules generated

Name Description
Abandon operations completed Type of operation "abandon" completed
Abandon operations initiated Type of operation "abandon" initiated
active operations all active operations
Add operations completed Type of operation "add" completed
Add operations initiated Type of operation "add" initiated
authentications/sec Number of authentications(binds) per second
Bind operations completed Type of operation "bind" completed
Bind operations initiated Type of operation "bind" initiated
Bytes statics Bytes statics
cn=Operations,cn=Monitor completed All operations completed
cn=Operations,cn=Monitor initiated All operations initiated
Compare operations completed Type of operation "compare" completed
Compare operations initiated Type of operation "compare" initiated
Current connections Number of current connections
Delete operations completed Type of operation "completed" completed
Delete operations initiated Type of operation "delete" initiated
Entries statics Entries statics, sub tree statics
Extended operations completed Type of operation "extended" completed
Extended operations initiated Type of operation "extended" initiated
Max Descriptor connections Max Descriptor connections  
Modify operations completed Type of operation "modify" completed
Modify operations initiated Type of operation "modify" initiated
Modrdn completed Modrdn completed
Modrdn initiated Modrdn initiated
operations/sec number total operations per second
PDU statics PDU statics
Read waiters Read waiters
Referrals statics Referrals statics
Response time Response ldap server time
Search operations completed Type of operation "search" completed
Search operations initiated Type of operation "search" initiated
Total connections Number of total connections
Unbind Operations completed Type of operation "unbind" completed
Unbind Operations initiated Type of operation "unbind" initiated
Write waiters Write waiters

1.JPG

2.JPG

3.JPG