The Lightweight Directory Access Protocol (LDAP) monitor is used to access stand-alone LDAP directory services or directory services with an X.500 backend.
LDAP runs directly over TCP and stores information in a database structure about users, including the network privileges assigned to each user. You can revoke or change privileges using one entry in the LDAP directory, rather than separate entries for each machine across the network.
This monitor supports LDAP version 2—the most commonly supported version. Most LDAP version 3 servers support LDAP version 2 client requests.
The LDAP Monitor performs the following tasks:
- Establishes an LDAP connection.
- Sends a bind request, indicating that it is making an LDAP v2 request.
- Sends a search request, asking which LDAP versions the LDAP server supports.
- Sends an unbind request for the LDAP server to close the TCP connection.
Use the LDAP monitor to test whether:
- An LDAP client can open a connection with an LDAP server.
- The server adheres to the LDAP protocol by responding with the correct codes.
- The server responds within a required number of seconds.
Create an LDAP monitor
- Click Devices in the toolbar.
- Locate and click the targeted device you want to monitor.
In the toolbar, click Add > Add New Monitor.
- In the Select Monitor menu, click LDAP.
Under Identification, enter information about the monitor.
Select Enabled to enable the monitor.
When enabled, the monitor tests the specified resource using the settings you enter under Test Parameters. You can disable the monitor later if required.
- Select Store Monitor Statistics for Recent Activity and Historical Reports to enable this functionality.
Under Test Parameters, enter the monitor testing parameters.
- Enter the IP address or domain name of the resource you want to monitor.
- Enter the UDP port number that the targeted resource responds on. The default is TCP port 389.
Under Timing, configure the fields for the monitor testing states.
- In the Maximum Test Duration field, enter the maximum test duration rate (in seconds) that the monitor times out before the test is considered a failure.
In the remaining fields, enter the number of second between each test while the monitor is in an OK state (Up), a failed state while alerts are processed (Down), and a failed state and the maximum number of alerts have been processed (Lost).
In the Lost state, no additional failure alerts are processed. However, a recovery notification is sent if the monitor recovers.
Under Notification Control, complete the fields to determine how many test failures must occur before an alert is sent.
- Enter the number of test failures that occur for each alert before ipMonitor generates an alert for the monitor. The default option is 3.
Enter the maximum number of alerts to send before the monitor enters a Lost state.
The monitor must be assigned to a notification alert to generate an action.
Under Recovery Parameters, complete the fields to indicate the corrective action used to automatically restore a resource using the External Process Recovery, Reboot Server Recovery, or Restart Service Recovery action.
- Enter the Fully Qualified Domain Name (FQDN), NetBIOS, or IP Address of the machine hosting the service that needs a restart or the machine that needs a restart. You can also click Browse to locate and select the machine.
- Select the set of credentials used by the recovery alert. You can select a specific credential to execute recovery alerts that require access to restricted resources, such as Reboot Server, Restart Service, or External Process.
- Select the list of services to restart on the target machine specified in the FQDN/NetBIOS/IP Address field. This field is only required for the Restart Service alert. If a service has dependencies, select all dependent services.
- Click OK.