Antw: Re: Recommended ACL for nagios monitoring

["Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>]

>>> Michael StrÃder<michael@stroeder.com> schrieb am 25.11.2013 um 18:18 in
Nachricht <52938656.3000806@stroeder.com>:
> ML mail wrote:
>> I would like to monitor connectivity to my OpenLDAP using nagios with its
>> check_ldap script and was wondering which minimal ACL would you recommend
>> for that purpose?
> 
> It really depends on what you want to check.
> 
> Things which come to mind:
> 
> 1. Performance data from cn=monitor

Can you give an example query filter? I wonder since what version cn=monitor
works reasonably. I have configured it in my "somewhat older" (TM) openLDAP
server, but never could get anything reasonable out of it.

There things do not appear in the naming contexts intentionally, right?

Regards,
Ulrich

> 
> 2. Count entries in your databases with noop-search control (does not scale
> for many entries)
> 
> 3. Read syncrepl topology from cn=config to automatigally check connection 
> to
> the replicas found therein and compare contextCSN values in DB suffixes.
> 
> Ciao, Michael.