LDAP and SigNoz Integration

Input and output integration overview

The LDAP plugin collects monitoring metrics from LDAP servers, including OpenLDAP and 389 Directory Server. This plugin is essential for tracking the performance and health of LDAP services, enabling administrators to gain insights into their directory operations.

This configuration turns any Telegraf agent into a Remote Write publisher for SigNoz, streaming rich metrics straight into the SigNoz backend with a single URL change.

Integration details

LDAP

This plugin gathers metrics from LDAP servers’ monitoring backend, specifically from the cn=Monitor entries. It supports two prominent LDAP implementations: OpenLDAP and 389 Directory Server (389ds). With a focus on collecting various operational metrics, the LDAP plugin enables administrators to monitor performance, connection status, and server health in real-time, which is vital for maintaining robust directory services. By allowing customizable connection parameters and security configurations, such as TLS support, the plugin ensures compliance with best practices for security and performance. Metrics gathered can be instrumental in identifying trends, optimizing server configurations, and enforcing service-level agreements with stakeholders.

SigNoz

SigNoz is an open source observability platform that stores metrics, traces, and logs. When you deploy SigNoz, its signoz-otel-collector-metrics service exposes a Prometheus Remote Write receiver (default :13133/api/v1/write). By configuring Telegraf’s Prometheus plugin to point at this endpoint, you can push any Telegraf collected metrics, SNMP counters, cloud services, or business KPIs—directly into SigNoz. The plugin natively serializes metrics in the Remote Write protobuf format, supports external labels, metadata export, retries, and TLS or bearer-token auth, so it fits zero-trust and multi-tenant SigNoz clusters. Inside SigNoz, the data lands in ClickHouse tables that back Metrics Explorer, alert rules, and unified dashboards. This approach lets organizations unify Prometheus and OTLP pipelines, enables long-term retention powered by ClickHouse compression, and avoids vendor lock-in while retaining PromQL-style queries.

Configuration

LDAP

[[inputs.ldap]]
  ## Server to monitor
  ## The scheme determines the mode to use for connection with
  ##    ldap://...      -- unencrypted (non-TLS) connection
  ##    ldaps://...     -- TLS connection
  ##    starttls://...  --  StartTLS connection
  ## If no port is given, the default ports, 389 for ldap and starttls and
  ## 636 for ldaps, are used.
  server = "ldap://localhost"

  ## Server dialect, can be "openldap" or "389ds"
  # dialect = "openldap"

  # DN and password to bind with
  ## If bind_dn is empty an anonymous bind is performed.
  bind_dn = ""
  bind_password = ""

  ## Reverse the field names constructed from the monitoring DN
  # reverse_field_names = false

  ## Optional TLS Config
  ## Set to true/false to enforce TLS being enabled/disabled. If not set,
  ## enable TLS only if any of the other options are specified.
  # tls_enable =
  ## Trusted root certificates for server
  # tls_ca = "/path/to/cafile"
  ## Used for TLS client certificate authentication
  # tls_cert = "/path/to/certfile"
  ## Used for TLS client certificate authentication
  # tls_key = "/path/to/keyfile"
  ## Password for the key file if it is encrypted
  # tls_key_pwd = ""
  ## Send the specified TLS server name via SNI
  # tls_server_name = "kubernetes.example.com"
  ## Minimal TLS version to accept by the client
  # tls_min_version = "TLS12"
  ## List of ciphers to accept, by default all secure ciphers will be accepted
  ## See https://pkg.go.dev/crypto/tls#pkg-constants for supported values.
  ## Use "all", "secure" and "insecure" to add all support ciphers, secure
  ## suites or insecure suites respectively.
  # tls_cipher_suites = ["secure"]
  ## Renegotiation method, "never", "once" or "freely"
  # tls_renegotiation_method = "never"
  ## Use TLS but skip chain & host verification
  # insecure_skip_verify = false

SigNoz

[[outputs.prometheusremotewrite]]
  ## SigNoz OTEL-Collector metrics endpoint (Prometheus Remote Write receiver)
  ## Default port is 13133 when you install SigNoz with the Helm chart
  url = "http://signoz-otel-collector-metrics.monitoring.svc.cluster.local:13133/api/v1/write"

  ## Add identifying labels so you can slice & dice the data later
  external_labels = { host = "${HOSTNAME}", agent = "telegraf" }

  ## Forward host metadata for richer dashboards (SigNoz maps these to ClickHouse columns)
  send_metadata = true

  ## ----- Authentication (comment out what you don’t need) -----
  # bearer_token   = "$SIGNOZ_TOKEN"          # SaaS tenant token
  # basic_username = "signoz"                 # Basic auth (self-hosted)
  # basic_password = "secret"

  ## ----- TLS options (for SaaS or HTTPS self-hosted) -----
  # tls_ca                  = "/etc/ssl/certs/ca.crt"
  # tls_cert                = "/etc/telegraf/certs/telegraf.crt"
  # tls_key                 = "/etc/telegraf/certs/telegraf.key"
  # insecure_skip_verify    = false

  ## ----- Performance tuning -----
  max_batch_size = 10000      # samples per POST
  timeout        = "10s"
  retry_max      = 3

Input and output integration examples

LDAP

1. Monitoring Directory Performance: Use the LDAP Telegraf plugin to continuously track and analyze the number of operations completed, initiated connections, and server response times. By visualizing this data over time, administrators can identify performance bottlenecks in directory services, enabling proactive optimization.

2. Alerting on Security Events: Integrate the plugin with an alerting system to notify administrators when certain metrics, such as bind_security_errors or unauth_binds, exceed predefined thresholds. This setup can enhance security monitoring by providing real-time insights into potential unauthorized access attempts.

3. Capacity Planning: Leverage the metrics collected by the LDAP plugin to perform capacity planning. Analyze connection trends, maximum threads in use, and operational statistics to forecast future resource needs, ensuring the LDAP server can handle expected peak loads without degrading performance.

4. Compliance and Auditing: Use the operational metrics obtained via this plugin to assist in compliance audits. By regularly checking metrics like anonymous_binds and security_errors, organizations can ensure that their directory services adhere to security policies and regulatory requirements.

SigNoz

1. Multi-Cluster Federated Monitoring: Drop a Telegraf DaemonSet into each Kubernetes cluster, tag metrics with cluster=<name>, and Remote Write them to a central SigNoz instance. Ops teams get a single PromQL window across prod, staging, and edge clusters without running Thanos sidecars.

2. Factory-Floor Edge Gateway: A rugged Intel NUC on the shop floor runs Telegraf to scrape Modbus PLCs and environmental sensors. It batches readings every 5 seconds and pushes them over an intermittent 4G link to SigNoz SaaS. ClickHouse compression keeps costs low while AI-based outlier detection in SigNoz flags overheating motors before failure.

3. SaaS Usage Metering: Telegraf runs alongside each micro-service, exporting per-tenant counters (api_calls, gigabytes_processed). Remote Write streams the data to SigNoz where a scheduled ClickHouse materialized view aggregates usage for monthly billing—no separate metering stack required.

4. Autoscaling Feedback Loop: Combine Telegraf’s Kubernetes input with the Remote Write output to publish granular pod CPU and queue-length metrics into SigNoz. A custom SigNoz alert fires when P95 latency breaches 200 ms and a GitOps controller reads that alert to trigger a HorizontalPodAutoscaler tweak—closing the loop between observability and automation.

Feedback

Thank you for being part of our community! If you have any general feedback or found any bugs on these pages, we welcome and encourage your input. Please submit your feedback in the InfluxDB community Slack.