Nagios/checks/ldap
From S23Wiki
A check to see if LDAP is working
Contents |
[edit] Define Service check
(the actual check defanation) add this to the local services folder on the Nagios server
'/opt/nagios/etc/local/services'
- cat ldap.cfg
define service {
service_description ldap
display_name ldap Lightweight Directory Access Protocol
check_command check_ldap
use generic-service
servicegroups ldap
hostgroup_name ldap_server
}
[edit] Define a Service group
(a service group to look at all LDAP monitoring)
/opt/nagios/etc/local/servicegroups
- cat ldap.cfg
define servicegroup {
servicegroup_name ldap
alias ldap Lightweight Directory Access Protocol
}
[edit] Define a host-template
Used for adding the check to a server
/opt/nagios/etc/local/host-templates
- cat ldap.cfg
define host{
name ldap
hostgroups +ldap_server
notes ldap Lightweight Directory Access Protocol
register 0
}
[edit] Define a Hostgroup
/opt/nagios/etc/local/hostgroups
- cat ldap.cfg
define hostgroup {
hostgroup_name ldap_server
alias ldap Lightweight Directory Access Protocol
}
[edit] Define the command
/opt/nagios/etc/local/commands
- cat ldap.cfg
define command {
command_name check_ldap
command_line $USER1$/check_ldap.pl -t 30 -H $HOSTADDRESS$
}
[edit] Add check to host
define host {
use ldap
x
x
x
}
[edit] Genral
add the check script to plugins folder
'/opt/nagios/plugins/libexec/'
a quick `chown -R nagios:nagios /opt/nagios/` never did any harm
then make it exacutable
chmod u+x /opt/nagios/plugins/libexec/check_ldap.pl
[edit] Check config
/opt/nagios/bin/nagios -v /opt/nagios/etc/nagios.cfg /opt/nagios/bin/nagios -v /opt/nagios/etc/nagios.cfg
[edit] Check script [check_ldap.pl]
'/opt/nagios/plugins/libexec/'
#!/usr/bin/perl -w ####################### check_ldap.pl ####################### # Version : 1.0 # Date : 24 Jul 2007 # Author : De Bodt Lieven (Lieven.DeBodt at gmail.com) # Licence : GPL - http://www.fsf.org/licenses/gpl.txt ############################################################# # # help : ./check_ldap.pl -h use strict; use Net::LDAP; use Net::LDAPS; use Net::LDAP::Util qw(ldap_error_text); use Getopt::Long; # Nagios specific use lib "/opt/nagios/plugins/libexec"; use utils qw(%ERRORS $TIMEOUT); #my %ERRORS=('OK'=>0,'WARNING'=>1,'CRITICAL'=>2,'UNKNOWN'=>3,'DEPENDENT'=>4); # Globals my $Version='1.0'; my $Name=$0; my $o_ldap_port = 389; # ldap port my $o_ldaps_port = 636; # ldap + ssl port my $o_host = undef; # hostname my $o_login= undef; # LDAP login my $o_help= undef; # wan't some help ? my $o_passwd= undef; # LDAP password my $o_port = undef; # ldap port my $o_version= undef; # print version my $o_ssl= undef; # use ssl my $o_timeout= 15; # Default 15s Timeout # functions sub show_versioninfo { print "$Name version : $Version\n"; } sub print_usage { print "Usage: $Name -H <host> [-l login -x passwd] [-p <port>] [-s] [-t <timeout>] [-V]\n"; } # Get the alarm signal (just in case ldap timout screws up) $SIG{'ALRM'} = sub { print ("ERROR: Alarm signal (Nagios time-out)\n"); exit $ERRORS{"CRITICAL"}; }; sub help { print "\nLDAP Monitor for Nagios version ",$Version,"\n"; print "GPL licence, (c)2006-2007 De Bodt Lieven\n\n"; print_usage(); print <<EOT; -h, --help print this help message -H, --hostname=HOST name or IP address of host to check -l, --login=LOGIN Login for ldap authentication (if not specified $Name uses anonymous) -x, --passwd=PASSWD Password for ldap authentication -p, --port=PORT LDAP port (Default $o_ldap_port) -s, --ssl LDAPS (Default false, if true, default port is $o_ldaps_port ) -t, --timeout=INTEGER timeout in seconds (Default: $o_timeout) -V, --version prints version number Note : The script will return OK if we are able to connect and bind to the LDAP server, WARNING if we are able to connect but not bind to the LDAP server CRITICAL if we aren't able to connect to the LDAP server EOT } sub check_options { Getopt::Long::Configure ("bundling"); GetOptions( 'h' => \$o_help, 'help' => \$o_help, 'H:s' => \$o_host, 'hostname:s' => \$o_host, 'l:s' => \$o_login, 'login:s' => \$o_login, 'p:i' => \$o_port, 'port:i' => \$o_port, 's' => \$o_ssl, 'ssl' => \$o_ssl, 't:i' => \$o_timeout, 'timeout:i' => \$o_timeout, 'V' => \$o_version, 'version' => \$o_version, 'x:s' => \$o_passwd, 'passwd:s' => \$o_passwd ); if (defined ($o_help)) { help(); exit $ERRORS{"UNKNOWN"}}; if (defined($o_version)) { show_versioninfo(); exit $ERRORS{"UNKNOWN"}}; # check ldap login information if ((defined($o_login) && !defined($o_passwd)) || (!defined($o_login) && defined($o_passwd))) { print "Put ldap login info!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}} # Check compulsory attributes if ( !defined($o_host) ) { print_usage(); exit $ERRORS{"UNKNOWN"}}; } ########## MAIN ####### check_options(); my $ldap; if (!defined($o_ssl)) { if (defined($o_port)) { $ldap = Net::LDAP->new( $o_host, port => $o_port, version => 3, timeout => $o_timeout ); } else { $ldap = Net::LDAP->new( $o_host, port => $o_ldap_port, version => 3, timeout => $o_timeout ); } } else { if (defined($o_port)) { $ldap = Net::LDAPS->new( $o_host, port => $o_port, version => 3, timeout => $o_timeout ); } else { $ldap = Net::LDAPS->new( $o_host, port => $o_ldaps_port, version => 3, timeout => $o_timeout ); } } if ($ldap) { my $mesg; if (defined($o_login) && defined($o_passwd)) { $mesg = $ldap->bind( $o_login, password=>$o_passwd ); # Bind to the directory server by specifying a login and password } else { $mesg = $ldap->bind(); # Bind anonymously to the directory server } if ($mesg->code) { my $errstr = $mesg->code; $mesg = $ldap->unbind(); # Unbind from the directory server printf("WARNING %d: %s\n", $errstr, ldap_error_text($errstr)); exit $ERRORS{"WARNING"}; } else { $mesg= $ldap->unbind(); # Unbind from the directory server print "OK\n"; exit $ERRORS{"OK"}; } } else { print "CRITICAL\n"; exit $ERRORS{"CRITICAL"}; }
