On 21/11/2022 17:10, Tania Hagan via FreeIPA-users wrote:
I have a prometheus server and I am trying to setup an alert to test if an ldap
search succeeds. Searching there seems to be a few exporters (389ds exporter,
openldap exporter ) but all rather old and I'm struggling to get any useful
metrics out of them.
Could anyone recommend a good way to achieve this (preferably not putting a
password a text file), afraid I've had a good search, but struggling to find a
good way to do this.
Is what you're trying to test covered by one of the tests within
ipa-healthcheck? If so then process its output into a file that you
ingest via the textfile collector of the node exporter.
If not then if you've only got a few 'smoke test' type queries & you
simply, want to test whether they work, one way is to create a script
using e.g., ldapsearch and use SASL EXTERNAL authentication; run this on
a schedule and again have it produce files ingested via the textfile
collector.
# ldapwhoami -Y EXTERNAL -H ldapi://%2frun%2fslapd-IPA-EXAMPLE-COM.socket
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn: cn=Directory Manager
EXTERNAL authentication, in conjunction with ldapi authenticates the
client based on the uid/gid of the client process, so you don't need to
deal with any users/passwords.
Regards,
--
Sam Morris <https://robots.org.uk/>
PGP: rsa4096/CAAA AA1A CA69 A83A 892B 1855 D20B 4202 5CDA 27B9
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
