[smokeping-users] Use of Smokeping for LDAPS checks.

[Tom Throckmorton]

Hello Tim;

On 5/25/12 3:20 PM, Tim Peiffer wrote:
> 
> We have been instrumenting a number of our services with smokeping for 
> some time.  I have been interested in getting a little better visibility 
> into our X500 directory since we have some dependencies that need to be 
> there in order to make our wireless and vpn services work correctly.  Is 
> it possible to do LDAPS monitoring using the exisiting LDAP probe?

I believe that is dependent on echoping, which does not appear to
support ldaps - are you not able to query your host over the non-ssl port?

> How do you specifying where the SSL/TLS certificate is stored?

OpenSSL-ish things usually want them in /etc/pki/tls/certs; some
OpenLDAP-ish tools prefer /etc/openldap/cacerts/ - depends on the code.
 Doesn't matter in this case.

> Do you need to specify all of the attributes or or is uid good enough?

The request filter should reflect what you want to measure/model; the
fetching of 1 or many entries.  I suggest running echoping on the
commandline to get a sense of which filter best captures what you're
looking for.  Note that echoping will perform an initial dummy request
using objectclass='*' against the base you specify, so if you're
pointing it at a directory base with many entries, you might be issuing
more queries than you originally thought.  If you're just looking to
measure some generic response times, choose a base without much in it.

You may also want to poke around at cn=monitor, if it is supported on
your server.

Cheers,

-tt