Mercurial Mercurial > hg > ius > nagios > nagios-plugin-ldap-repl / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
better defaults; more documentation
authorMatthias Förste <foerste@schlittermann.de>
Mon, 02 May 2016 13:51:11 +0200
changeset 17 6d1cf539d727
parent 16 a499a7b58da1
child 18 f1990fedf314
better defaults; more documentation
check_ldap_repl.pl file | annotate | diff | comparison | revisions 
--- a/check_ldap_repl.pl	Mon May 02 13:19:03 2016 +0200
+++ b/check_ldap_repl.pl	Mon May 02 13:51:11 2016 +0200
@@ -53,7 +53,7 @@
     'password=s'    => undef,
     'config=s'      => '/etc/nagios-plugins/config/ldap_repl.cfg',
     'provider|p=s'  => 'ldapi:///',
-    'consumer|c=s@' => 'ldap://consumer:389',
+    'consumer|c=s@' => undef,
     'wait|w=i'      => 1,
     'help|h!'       => sub { pod2usage(-verbose => 1, -exitval => $ERRORS{OK}) },
     'man|m!'        => sub { pod2usage(-verbose => 2, -exitval => $ERRORS{OK}) },
@@ -115,6 +115,7 @@
     $c->getopt;
 
     my %o = $c->varlist('.');
+    $o{binddn} //= $o{dn};
     my $t = time();
 
     my $p = Net::LDAP->new($o{provider}, onerror => 'die') or die $@;
@@ -171,7 +172,7 @@
 
 =item B<-b>|B<--binddn> I<string>
 
-DN to use when binding to provider for update.
+DN to use when binding to provider for update. (default: same as dn)
 
 =item B<--password> I<string>
 
@@ -183,7 +184,7 @@
 
 =item B<-S>|B<--consumer> I<string>
 
-consumer uri. Multiple consumers can be specified as a comma separated list (see below). (default: ldap://ldap-consumer:389/)
+consumer uri. Multiple consumers can be specified as a comma separated list (see below).
 
 =item B<--config> I<string>
 
@@ -192,15 +193,15 @@
 /etc/nagios-plugins/config/ldap_repl.cfg)
     
 
-
 Example:
 
- binddn = cn=admin,dc=local,dc=site
+ # attribute = description
+ dn = cn=replcheck,dc=local,dc=site
+ # binddn = # same as dn per default
  password = secret
- provider = ldap://provider:389/
+ #provider = ldapi:///
  consumer = ldap://consumer-01:389/,ldap://consumer-02:389/,...
- dn = cn=replcheck
- wait = 2
+ #wait = 1
 
 =item B<-w>|B<--wait> I<integer>
 
@@ -222,7 +223,23 @@
 
 =head1 DESCRIPTION
 
-This plugin checks if the ldap replication works correctly.
+This plugin checks if the ldap replication works correctly by updating an
+attribute of an entry on the provider and checking whether the update has been
+replicated to one or more consumers after some configurable time. It is
+recommended to run it on the provider because the directory needs to be updated
+there. The object classes for dn and binddn don't matter much, but they should
+support authentication and the chosen attribute for updates. The attribute
+should support numeric integer values (it will be updated with the current
+unix epoch). Example:
+
+    430 cn=replcheck,ou=Users,dc=wiegandslide,dc=de
+    objectClass: simpleSecurityObject
+    objectClass: applicationProcess
+    cn: replcheck
+    userPassword: {SSHA}Twb/q2n4G6+PmSUfZaK09smj751ts9Rz
+
+The attribute does not neccessarily need to exist initially. It should be
+created upon first update. You may also need to update your acl.
 
 =head1 VERSION
ius/nagios/nagios-plugin-ldap-repl