Results 1 to 7 of 7

Thread: [RESOLVED] Problem to check ldap service that work via cli ? (expanding macro)

  1. #1
    Junior Member
    Join Date
    Jul 2011
    Location
    Paris, France
    Posts
    10

    [RESOLVED] Problem to check ldap service that work via cli ? (expanding macro)

    Hi,

    I have problem because a check_ldap command says in (Thruk interface) "Could not bind to the LDAP server" even if launching the command from cli works :
    Code:
    my-monitoring-host:~$ /usr/lib/nagios/plugins/check_ldap -H myad.foo.bar -b "dc=FOO,dc=BAR" -D "CN=My User,OU=Som_OU,OU=Company,dc=FOO,dc=BAR" -P "42"
    LDAP OK - 0.013 seconds response time|time=0.013191s;;;0.000000
    my-monitoring-host:~$
    In the Thruk interface I can see :
    Note: could not expand all macros!

    $PLUGINSDIR$/check_ldap -H 192.168.1.239 -b "$LDAPBASE$" -D "$DOMAINUSER$" -P "$DOMAINPASSWORD$"
    my resource.cfg file include the following options :
    Code:
    ##Now Activie directory and Ldap
    $DOMAINUSER$='CN=My User,OU=Som_OU,OU=Company,dc=FOO,dc=BAR'
    $DOMAINPASSWORD$='42'
    $LDAPBASE$='dc=FOO,dc=BAR'
    Have you a clue on how to debug ?

    Thank you for your help.

  2. #2
    Administrator Frescha's Avatar
    Join Date
    May 2011
    Posts
    183

    Re: Problem to check a service that work via command line ? (expanding macro)

    Did you try to launch the command with your shinken user or/and without the Quotation marks?

  3. #3
    Junior Member
    Join Date
    Jul 2011
    Location
    Paris, France
    Posts
    10

    Re: Problem to check a service that work via command line ? (expanding macro)

    Hi,

    Thank you for your contribution.
    Yes, I did the test with and without quotation mark without any success.

    I finally make it work with the following configuration.
    in command.cfg :
    Code:
    #redefine my check ldap command to use argument instead of variable
    define command {
        command_name   check_myldap
        command_line   $PLUGINSDIR$/check_ldap -H $HOSTADDRESS$ -b $ARG1$ -D "$ARG2$" -P $ARG3$
    }
    in my service definition:
    Code:
    define service {
     service_description   LDAP
     use          generic-service
     check_command     check_myldap!dc=FOO,dc=BAR!CN=My User,OU=Som_OU,OU=Company,dc=FOO,dc=BAR!42
     host_name        myad.foo.bar
    }
    But that doesn't make me happy, I'd prefer to use the resource.cfg variable.
    I think that maybe I should open an issue for the developpers.

    What do you think ?

  4. #4
    Administrator Frescha's Avatar
    Join Date
    May 2011
    Posts
    183

    Re: Problem to check a service that work via command line ? (expanding macro)

    Mh, I must confess thats a little bit strange for me.

    I'm sure you tried following configuration

    check command
    Code:
    check_ldap -H 192.168.1.239 -b $LDAPBASE$ -D $DOMAINUSER$ -P $DOMAINPASSWORD$
    resource.cfg
    Code:
    $DOMAINUSER$="CN=My User,OU=Som_OU,OU=Company,dc=FOO,dc=BAR"
    $DOMAINPASSWORD$="42"
    $LDAPBASE$="dc=FOO,dc=BAR"
    or

    Code:
    $DOMAINUSER$='"CN=My User,OU=Som_OU,OU=Company,dc=FOO,dc=BAR"'
    $DOMAINPASSWORD$='"42"'
    $LDAPBASE$='"dc=FOO,dc=BAR"'

  5. #5
    Junior Member
    Join Date
    Jul 2011
    Location
    Paris, France
    Posts
    10

    Re: Problem to check a service that work via command line ? (expanding macro)

    Following your advice I have respectively the following result :

    Code:
    Could not search/find objectclasses in dc -D CN
    and
    Code:
    Could not search/find objectclasses in "dc -D "CN
    It looks like there is a bug in the parsing. (and not just because it's easier to think the error is not from me

  6. #6
    Junior Member
    Join Date
    Jul 2011
    Location
    Paris, France
    Posts
    10

    Re: Problem to check a service that work via command line ? (expanding macro)

    "With a little help from my friend" as the song goes...
    A friend of mine found the bug in the parsing function of the configuration files.
    My server is patched and it works.
    He is now looking at the github of shinken to propose his patch.

    Stay tuned...

  7. #7
    Shinken project leader
    Join Date
    May 2011
    Location
    Bordeaux (France)
    Posts
    2,131

    Re: Problem to check a service that work via command line ? (expanding macro)

    Hi,

    Thanks for the bug hunt

    I'll be happy to commit this patch

    For the Thruk, I think it's because it do not kown about PLUGINDIR, it's a Shinken new type (Nagios user USERN, Shinken use WHATEVERYOUWANTTONAMEIT) ;D
    No direct support by personal message. Please open a thread so everyone can see the solution

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •