LDAP Monitoring Overview


The LDAP Monitor is used to monitor the Enterprise LDAP server operation and the DirXML Synchronization servers

The LDAP Monitor implemented as a platform independent application using java servlets. The LDAP Monitor has been run on Windows and Linux in the Tomcat5 servlet container.

General Operation#

The LDAP Monitor performs three primary functions (Click on links for details):

Statistics Gathering - Various statistics will be gathered and written to a SQL Database through JDBC driver. The LDAPMonitor does not process the data collected for display.

  • LDAP Search - This operation is timed and the time is logged to a file.
  • LDAP Modify - This operation is timed and the time is logged to a file.
  • LDAP-IDM-LDAP - Modifies an attribute and Measures how long until the change is seen in the downstream LDAP server.
  • ReadRoot - A SSL bind and retrieve the information form the rootDSE. This operation is timed and the time is logged to Database.

NOTE: It is anticipated that most the statistics will be done via SNMP and this feature is being phased out. Any LDAP operation timings will still be done by the LDAPMonitor.

Event Monitoring - The following are some of the events that are monitored.

  • LDAPS Authentication - Any failure authenticating generates an alert. This process will generate several different errors based on the when in the process failure occurred.
    • Connect Error - Implies that a TCP Connection to the LDAPS port failed.
    • Bind Error - Implies we made the TCP connection, but could not bind. LDAP error code is supplied
  • Replica States - If not on, alert
  • DirXML Driver State - If NOT disabled and NOT running, alert.
  • DirXML Log Entries - Entries within the DriverSet, any Publisher or Subscriber channels are alerted if greater WARN or above.
  • Port Monitoring - A TCP nonBlockingSocket connection is performed to see if the various ports are open and Listening. Any port not accepting a conenct is alerted.
    • 524 - NDS
    • 636 - LDAPS
    • 8389 and 8636 - Our iMonitor ports

Logging - Various events are logged to a file. The level of logging is configurable. Various logging capabilities maybe implemented including a "near" realtime display via the WEB interface.

Alerting - Various events may be sent to various email addresses. All alerts are logged including that a message was sent.

Installation For LDAPMonitor#


  • Java 1.5 or later.
  • Tomcat 5.9 or Later
  • Any JDBC available data base if statistics is gathered.

More Information#

There might be more information for this subject on one of the following: