How to activate LDAP monitoring backend and query available statistics

The LDAP server provides a monitoring backend, where some useful statistical information could be querryed at runtime. The monitoring backend has to be activated first in order to query these values.

Environment

Run the following commands at your LDAP master to activate the monitoring backend and query available statistics.

Step 1

Set UCR variable and restart LDAP

ucr set ldap/monitor=true
systemctl restart slapd.service

Security notice: If you want to allow other users than members of Domain Admins to query these statistics, use the UCR variable “ldap/monitor/acl/read/groups/” to add them to the ACLs.

Step 2

Query available statistics

i.e. view all Search Operations:

ldapsearch -LLL -x -D 'uid=Administrator,cn=users,dc=ucs,dc=example' -W -b 'cn=Search,cn=Operations,cn=Monitor' -s sub +

[…]
monitorOpInitiated: 194
monitorOpCompleted: 193

i.e. view Total Connections

ldapsearch -LLL -x -D 'uid=Administrator,cn=users,dc=ucs,dc=example' -W -b 'cn=Total,cn=Connections,cn=Monitor' -s sub +

[…]
monitorCounter: 1029

i.e. view Current Connections:

ldapsearch -LLL -x -D 'uid=Administrator,cn=users,dc=ucs,dc=example' -W -b 'cn=Current,cn=Connections,cn=Monitor' -s sub +

[…]
monitorCounter: 1

Performs a search of cn=Monitor with subtree scope and (objectClass=*) filter and requesting all attributes be returned

ldapsearch -LLL -x -D 'uid=Administrator,cn=users,dc=ucs,dc=example' -W -b 'cn=Monitor' -s sub + | less

Step 3

Detailed overview about the monitoring backend at openldap.org