check_ldap_repl.pl
changeset 17 6d1cf539d727
parent 16 a499a7b58da1
equal deleted inserted replaced
16:a499a7b58da1 17:6d1cf539d727
    51     'dn|d=s'        => undef,
    51     'dn|d=s'        => undef,
    52     'binddn|D=s'    => undef,
    52     'binddn|D=s'    => undef,
    53     'password=s'    => undef,
    53     'password=s'    => undef,
    54     'config=s'      => '/etc/nagios-plugins/config/ldap_repl.cfg',
    54     'config=s'      => '/etc/nagios-plugins/config/ldap_repl.cfg',
    55     'provider|p=s'  => 'ldapi:///',
    55     'provider|p=s'  => 'ldapi:///',
    56     'consumer|c=s@' => 'ldap://consumer:389',
    56     'consumer|c=s@' => undef,
    57     'wait|w=i'      => 1,
    57     'wait|w=i'      => 1,
    58     'help|h!'       => sub { pod2usage(-verbose => 1, -exitval => $ERRORS{OK}) },
    58     'help|h!'       => sub { pod2usage(-verbose => 1, -exitval => $ERRORS{OK}) },
    59     'man|m!'        => sub { pod2usage(-verbose => 2, -exitval => $ERRORS{OK}) },
    59     'man|m!'        => sub { pod2usage(-verbose => 2, -exitval => $ERRORS{OK}) },
    60     'version|V!'    => sub { version($ME, $VERSION); exit $ERRORS{OK}; }
    60     'version|V!'    => sub { version($ME, $VERSION); exit $ERRORS{OK}; }
    61 };
    61 };
   113 
   113 
   114     # make sure that command line options override any config file options
   114     # make sure that command line options override any config file options
   115     $c->getopt;
   115     $c->getopt;
   116 
   116 
   117     my %o = $c->varlist('.');
   117     my %o = $c->varlist('.');
       
   118     $o{binddn} //= $o{dn};
   118     my $t = time();
   119     my $t = time();
   119 
   120 
   120     my $p = Net::LDAP->new($o{provider}, onerror => 'die') or die $@;
   121     my $p = Net::LDAP->new($o{provider}, onerror => 'die') or die $@;
   121     $p->bind($o{binddn}, password => $o{password});
   122     $p->bind($o{binddn}, password => $o{password});
   122     $p->modify($o{dn}, replace => { $o{attribute} => $t });
   123     $p->modify($o{dn}, replace => { $o{attribute} => $t });
   169 
   170 
   170 DN of the entry whose attribute will be updated and checked for replication.
   171 DN of the entry whose attribute will be updated and checked for replication.
   171 
   172 
   172 =item B<-b>|B<--binddn> I<string>
   173 =item B<-b>|B<--binddn> I<string>
   173 
   174 
   174 DN to use when binding to provider for update.
   175 DN to use when binding to provider for update. (default: same as dn)
   175 
   176 
   176 =item B<--password> I<string>
   177 =item B<--password> I<string>
   177 
   178 
   178 Password to use when binding to provider for update. B<PASSWORD IS SHOWN IN PROCESSES, USE CONFIG FILE!>
   179 Password to use when binding to provider for update. B<PASSWORD IS SHOWN IN PROCESSES, USE CONFIG FILE!>
   179 
   180 
   181 
   182 
   182 provider uri (default: ldapi:///)
   183 provider uri (default: ldapi:///)
   183 
   184 
   184 =item B<-S>|B<--consumer> I<string>
   185 =item B<-S>|B<--consumer> I<string>
   185 
   186 
   186 consumer uri. Multiple consumers can be specified as a comma separated list (see below). (default: ldap://ldap-consumer:389/)
   187 consumer uri. Multiple consumers can be specified as a comma separated list (see below).
   187 
   188 
   188 =item B<--config> I<string>
   189 =item B<--config> I<string>
   189 
   190 
   190 Path to configuration file. Use this to store the binddn and its password.
   191 Path to configuration file. Use this to store the binddn and its password.
   191 Verify the ownership and B<permissions>, B<(0400)> is a good choice! (default:
   192 Verify the ownership and B<permissions>, B<(0400)> is a good choice! (default:
   192 /etc/nagios-plugins/config/ldap_repl.cfg)
   193 /etc/nagios-plugins/config/ldap_repl.cfg)
   193     
   194     
   194 
   195 
   195 
       
   196 Example:
   196 Example:
   197 
   197 
   198  binddn = cn=admin,dc=local,dc=site
   198  # attribute = description
       
   199  dn = cn=replcheck,dc=local,dc=site
       
   200  # binddn = # same as dn per default
   199  password = secret
   201  password = secret
   200  provider = ldap://provider:389/
   202  #provider = ldapi:///
   201  consumer = ldap://consumer-01:389/,ldap://consumer-02:389/,...
   203  consumer = ldap://consumer-01:389/,ldap://consumer-02:389/,...
   202  dn = cn=replcheck
   204  #wait = 1
   203  wait = 2
       
   204 
   205 
   205 =item B<-w>|B<--wait> I<integer>
   206 =item B<-w>|B<--wait> I<integer>
   206 
   207 
   207 Wait I<n> seconds before checking the consumer servers. (default: 1)
   208 Wait I<n> seconds before checking the consumer servers. (default: 1)
   208 
   209 
   220 
   221 
   221 =back
   222 =back
   222 
   223 
   223 =head1 DESCRIPTION
   224 =head1 DESCRIPTION
   224 
   225 
   225 This plugin checks if the ldap replication works correctly.
   226 This plugin checks if the ldap replication works correctly by updating an
       
   227 attribute of an entry on the provider and checking whether the update has been
       
   228 replicated to one or more consumers after some configurable time. It is
       
   229 recommended to run it on the provider because the directory needs to be updated
       
   230 there. The object classes for dn and binddn don't matter much, but they should
       
   231 support authentication and the chosen attribute for updates. The attribute
       
   232 should support numeric integer values (it will be updated with the current
       
   233 unix epoch). Example:
       
   234 
       
   235     430 cn=replcheck,ou=Users,dc=wiegandslide,dc=de
       
   236     objectClass: simpleSecurityObject
       
   237     objectClass: applicationProcess
       
   238     cn: replcheck
       
   239     userPassword: {SSHA}Twb/q2n4G6+PmSUfZaK09smj751ts9Rz
       
   240 
       
   241 The attribute does not neccessarily need to exist initially. It should be
       
   242 created upon first update. You may also need to update your acl.
   226 
   243 
   227 =head1 VERSION
   244 =head1 VERSION
   228 
   245 
   229 This man page is current for version 0.4 of B<check_ldap_repl>.
   246 This man page is current for version 0.4 of B<check_ldap_repl>.
   230 
   247