diff --git a/nixos/modules/services/monitoring/prometheus/exporters.nix b/nixos/modules/services/monitoring/prometheus/exporters.nix
index 5811cda1125..5f6a86afdcd 100644
--- a/nixos/modules/services/monitoring/prometheus/exporters.nix
+++ b/nixos/modules/services/monitoring/prometheus/exporters.nix
@@ -43,6 +43,7 @@ let
"nginx"
"nginxlog"
"node"
+ "openldap"
"openvpn"
"postfix"
"postgres"
diff --git a/nixos/modules/services/monitoring/prometheus/exporters/openldap.nix b/nixos/modules/services/monitoring/prometheus/exporters/openldap.nix
new file mode 100644
index 00000000000..888611ee6fa
--- /dev/null
+++ b/nixos/modules/services/monitoring/prometheus/exporters/openldap.nix
@@ -0,0 +1,67 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+ cfg = config.services.prometheus.exporters.openldap;
+in {
+ port = 9330;
+ extraOpts = {
+ ldapCredentialFile = mkOption {
+ type = types.path;
+ example = "/run/keys/ldap_pass";
+ description = ''
+ Environment file to contain the credentials to authenticate against
+ openldap.
+
+ The file should look like this:
+
+ ---
+ ldapUser: "cn=monitoring,cn=Monitor"
+ ldapPass: "secret"
+
+ '';
+ };
+ protocol = mkOption {
+ default = "tcp";
+ example = "udp";
+ type = types.str;
+ description = ''
+ Which protocol to use to connect against openldap.
+ '';
+ };
+ ldapAddr = mkOption {
+ default = "localhost:389";
+ type = types.str;
+ description = ''
+ Address of the openldap-instance.
+ '';
+ };
+ metricsPath = mkOption {
+ default = "/metrics";
+ type = types.str;
+ description = ''
+ URL path where metrics should be exposed.
+ '';
+ };
+ interval = mkOption {
+ default = "30s";
+ type = types.str;
+ example = "1m";
+ description = ''
+ Scrape interval of the exporter.
+ '';
+ };
+ };
+ serviceOpts.serviceConfig = {
+ ExecStart = ''
+ ${pkgs.prometheus-openldap-exporter}/bin/openldap_exporter \
+ --promAddr ${cfg.listenAddress}:${toString cfg.port} \
+ --metrPath ${cfg.metricsPath} \
+ --ldapNet ${cfg.protocol} \
+ --interval ${cfg.interval} \
+ --config ${cfg.ldapCredentialFile} \
+ ${concatStringsSep " \\\n " cfg.extraFlags}
+ '';
+ };
+}
diff --git a/nixos/tests/prometheus-exporters.nix b/nixos/tests/prometheus-exporters.nix
index 290cb87abbe..c32cd341e5e 100644
--- a/nixos/tests/prometheus-exporters.nix
+++ b/nixos/tests/prometheus-exporters.nix
@@ -603,6 +603,66 @@ let
'';
};
+ openldap = {
+ exporterConfig = {
+ enable = true;
+ ldapCredentialFile = "${pkgs.writeText "exporter.yml" ''
+ ldapUser: "cn=root,dc=example"
+ ldapPass: "notapassword"
+ ''}";
+ };
+ metricProvider = {
+ services.openldap = {
+ enable = true;
+ settings.children = {
+ "cn=schema".includes = [
+ "${pkgs.openldap}/etc/schema/core.ldif"
+ "${pkgs.openldap}/etc/schema/cosine.ldif"
+ "${pkgs.openldap}/etc/schema/inetorgperson.ldif"
+ "${pkgs.openldap}/etc/schema/nis.ldif"
+ ];
+ "olcDatabase={1}mdb" = {
+ attrs = {
+ objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
+ olcDatabase = "{1}mdb";
+ olcDbDirectory = "/var/db/openldap";
+ olcSuffix = "dc=example";
+ olcRootDN = {
+ # cn=root,dc=example
+ base64 = "Y249cm9vdCxkYz1leGFtcGxl";
+ };
+ olcRootPW = {
+ path = "${pkgs.writeText "rootpw" "notapassword"}";
+ };
+ };
+ };
+ "olcDatabase={2}monitor".attrs = {
+ objectClass = [ "olcDatabaseConfig" ];
+ olcDatabase = "{2}monitor";
+ olcAccess = [ "to dn.subtree=cn=monitor by users read" ];
+ };
+ };
+ declarativeContents."dc=example" = ''
+ dn: dc=example
+ objectClass: domain
+ dc: example
+
+ dn: ou=users,dc=example
+ objectClass: organizationalUnit
+ ou: users
+ '';
+ };
+ };
+ exporterTest = ''
+ wait_for_unit("prometheus-openldap-exporter.service")
+ wait_for_open_port(389)
+ wait_for_open_port(9330)
+ wait_until_succeeds(
+ "curl -sSf http://localhost:9330/metrics | grep -q 'openldap_scrape{result=\"ok\"} 1'"
+ )
+ '';
+ };
+
openvpn = {
exporterConfig = {
enable = true;
diff --git a/pkgs/servers/monitoring/prometheus/openldap-exporter.nix b/pkgs/servers/monitoring/prometheus/openldap-exporter.nix
new file mode 100644
index 00000000000..3aabe6e7231
--- /dev/null
+++ b/pkgs/servers/monitoring/prometheus/openldap-exporter.nix
@@ -0,0 +1,29 @@
+{ buildGoPackage, lib, fetchFromGitHub }:
+
+buildGoPackage rec {
+ pname = "openldap_exporter";
+ version = "2.1";
+
+ src = fetchFromGitHub {
+ owner = "tomcz";
+ repo = pname;
+ rev = "v${version}";
+ sha256 = "sha256-Di1GiyVp/hGCFhqxhlqJSucGZK7f/FDDUFtJRaiAZu4=";
+ };
+
+ buildFlagsArray = ''
+ -ldflags=
+ -s -w
+ -X github.com/tomcz/openldap_exporter.tag=v${version}
+ -X github.com/tomcz/openldap_exporter.commit=unknown
+ '';
+
+ goPackagePath = "github.com/tomcz/openldap_exporter";
+
+ meta = with lib; {
+ homepage = "https://github.com/tomcz/openldap_exporter";
+ description = " Simple service that scrapes metrics from OpenLDAP and exports them via HTTP for Prometheus consumption";
+ license = licenses.mit;
+ maintainers = with maintainers; [ ma27 ];
+ };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index b71536e73e4..b77e6df6f0e 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -18883,6 +18883,7 @@ in
prometheus-nginx-exporter = callPackage ../servers/monitoring/prometheus/nginx-exporter.nix { };
prometheus-nginxlog-exporter = callPackage ../servers/monitoring/prometheus/nginxlog-exporter.nix { };
prometheus-node-exporter = callPackage ../servers/monitoring/prometheus/node-exporter.nix { };
+ prometheus-openldap-exporter = callPackage ../servers/monitoring/prometheus/openldap-exporter.nix { };
prometheus-openvpn-exporter = callPackage ../servers/monitoring/prometheus/openvpn-exporter.nix { };
prometheus-postfix-exporter = callPackage ../servers/monitoring/prometheus/postfix-exporter.nix { };
prometheus-postgres-exporter = callPackage ../servers/monitoring/prometheus/postgres-exporter.nix { };