diff -r a499a7b58da1 -r 6d1cf539d727 check_ldap_repl.pl --- a/check_ldap_repl.pl Mon May 02 13:19:03 2016 +0200 +++ b/check_ldap_repl.pl Mon May 02 13:51:11 2016 +0200 @@ -53,7 +53,7 @@ 'password=s' => undef, 'config=s' => '/etc/nagios-plugins/config/ldap_repl.cfg', 'provider|p=s' => 'ldapi:///', - 'consumer|c=s@' => 'ldap://consumer:389', + 'consumer|c=s@' => undef, 'wait|w=i' => 1, 'help|h!' => sub { pod2usage(-verbose => 1, -exitval => $ERRORS{OK}) }, 'man|m!' => sub { pod2usage(-verbose => 2, -exitval => $ERRORS{OK}) }, @@ -115,6 +115,7 @@ $c->getopt; my %o = $c->varlist('.'); + $o{binddn} //= $o{dn}; my $t = time(); my $p = Net::LDAP->new($o{provider}, onerror => 'die') or die $@; @@ -171,7 +172,7 @@ =item B<-b>|B<--binddn> I -DN to use when binding to provider for update. +DN to use when binding to provider for update. (default: same as dn) =item B<--password> I @@ -183,7 +184,7 @@ =item B<-S>|B<--consumer> I -consumer uri. Multiple consumers can be specified as a comma separated list (see below). (default: ldap://ldap-consumer:389/) +consumer uri. Multiple consumers can be specified as a comma separated list (see below). =item B<--config> I @@ -192,15 +193,15 @@ /etc/nagios-plugins/config/ldap_repl.cfg) - Example: - binddn = cn=admin,dc=local,dc=site + # attribute = description + dn = cn=replcheck,dc=local,dc=site + # binddn = # same as dn per default password = secret - provider = ldap://provider:389/ + #provider = ldapi:/// consumer = ldap://consumer-01:389/,ldap://consumer-02:389/,... - dn = cn=replcheck - wait = 2 + #wait = 1 =item B<-w>|B<--wait> I @@ -222,7 +223,23 @@ =head1 DESCRIPTION -This plugin checks if the ldap replication works correctly. +This plugin checks if the ldap replication works correctly by updating an +attribute of an entry on the provider and checking whether the update has been +replicated to one or more consumers after some configurable time. It is +recommended to run it on the provider because the directory needs to be updated +there. The object classes for dn and binddn don't matter much, but they should +support authentication and the chosen attribute for updates. The attribute +should support numeric integer values (it will be updated with the current +unix epoch). Example: + + 430 cn=replcheck,ou=Users,dc=wiegandslide,dc=de + objectClass: simpleSecurityObject + objectClass: applicationProcess + cn: replcheck + userPassword: {SSHA}Twb/q2n4G6+PmSUfZaK09smj751ts9Rz + +The attribute does not neccessarily need to exist initially. It should be +created upon first update. You may also need to update your acl. =head1 VERSION