--- a/check_ldap_repl.pl Tue Apr 19 13:34:06 2016 +0200
+++ b/check_ldap_repl.pl Tue Apr 19 15:50:36 2016 +0200
@@ -18,6 +18,9 @@
#
# Matthias Förste <foerste@schlittermann.de>
+=encoding utf8
+=cut
+
use strict;
use warnings;
@@ -44,28 +47,24 @@
my $VERSION = "0.3.3";
my $defaults = {
- 'init|i!' => 0,
- 'delete|d!' => 0,
- 'refresh|r!' => 1,
- 'dn=s' => undef,
+ 'attribute|a=s' => 'description',
+ 'dn|d=s' => undef,
'binddn|D=s' => undef,
'password=s' => undef,
- 'wait|w=i' => 1,
'config=s' => '/etc/nagios/ius/plugins/config/check_ldap_repl.cfg',
'provider|p=s' => 'ldap://provider:389',
'consumer|c=s@' => 'ldap://consumer:389',
+ 'wait|w=i' => 1,
'help|h!' => sub { pod2usage(-verbose => 1, -exitval => $ERRORS{OK}) },
'man|m!' => sub { pod2usage(-verbose => 2, -exitval => $ERRORS{OK}) },
'version|V!' => sub { version($ME, $VERSION); exit $ERRORS{OK}; }
};
-my $attr = 'description';
-
sub critical { print STDERR "$NAME CRITICAL: ", @_; exit $ERRORS{CRITICAL}; }
- $SIG{__DIE__} = sub { print STDERR "$NAME UNKNOWN: ", @_; exit $ERRORS{UNKNOWN}; };
+$SIG{__DIE__} = sub { print STDERR "$NAME UNKNOWN: ", @_; exit $ERRORS{UNKNOWN}; };
sub stamp {
- my ($u, $dn) = @_;
+ my ($u, $dn, $attr) = @_;
my $l = ref $u eq 'Net::LDAP' ? $u : Net::LDAP->new($u, onerror => 'die') or die "$@";
my $r = $l->search(base => $dn, scope => 'base', filter => '(objectClass=*)');
@@ -111,14 +110,12 @@
my $p = Net::LDAP->new($o{provider}, onerror => 'die' ) or die $@;
$p->bind($o{binddn}, password => $o{password});
- $p->modify($o{dn}, replace => { $attr => $t });
+ $p->modify($o{dn}, replace => { $o{attribute} => $t });
- my $tp = stamp($p, $o{dn});
- if ($o{refresh}) {
- die "Provider update failed for unknown reason\n" unless $tp == $t;
- sleep $o{wait};
- }
- for (@{$o{consumer}}) { critical "'$_' out of sync\n" unless $tp == stamp($_, $o{dn}); }
+ my $tp = stamp($p, $o{dn}, $o{attribute});
+ die "Provider update failed for unknown reason\n" unless $tp == $t;
+ sleep $o{wait};
+ for (@{$o{consumer}}) { critical "'$_' out of sync\n" unless $tp == stamp($_, $o{dn}, $o{attribute}); }
print "$NAME OK: servers are in sync\n";
exit $ERRORS{OK};
@@ -127,18 +124,22 @@
__END__
+=pod
+
=head1 NAME
-check_ldap_repl - nagios/icinga plugin to check correctly working of ldap replication.
+check_ldap_repl - nagios/icinga plugin to check ldap replication. This works by
+updating an entry on the provider and checking whether the update is replicated
+by querying the consumers for the updated entry after a short waiting period.
=head1 SYNOPSIS
-check_ldap_repl [-c|--cn string]
- [-b|--binddn string]
- [-p|--password string]
- [-f|--file string]
- [-M|--master string]
- [-S|--slave string]
+check_ldap_repl [-d|--dn string]
+ [-D|--binddn string]
+ [--password string]
+ [--config string]
+ [-p|--provider string]
+ [-c|--consumer string]
[-w|--wait integer]
[-h|--help]
[-m|--man]
@@ -148,47 +149,49 @@
=over
-=item B<-c>|B<--cn> I<string>
+=item B<-a>|B<--attribute> I<string>
+
+Attribute of the entry that will be updated and checked for replication. (default: description)
-cn for the initialized object. See also the B<--init> option. (default: replcheck)
+=item B<-d>|B<--dn> I<string>
+
+DN of the entry whose attribute will be updated and checked for replication.
=item B<-b>|B<--binddn> I<string>
-DN to bind to ldap master server.
-
-=item B<-p>|B<--password> I<string>
+DN to use when binding to provider for update.
-Password for binddn to ldap master server. B<PASSWORD IS SHOWN IN PROCESSES, USE CONFIG FILE!>
+=item B<--password> I<string>
-=item B<-M>|B<--master> I<string>
+Password to use when binding to provider for update. B<PASSWORD IS SHOWN IN PROCESSES, USE CONFIG FILE!>
-LDAP master server (provider) (default: ldap://ldap-master:389/)
+=item B<-p>|B<--provider> I<string>
-=item B<-S>|B<--slave> I<string>
+provider uri (default: ldap://provider:389/)
-LDAP slave server (consumer), multiple slaves can be specified as a comma-separate list (default: ldap://ldap-slave:389/)
+=item B<-S>|B<--consumer> I<string>
-=item B<-f>|B<--file> I<string>
+consumer uri. Multiple consumers can be specified as a comma separated list (see below). (default: ldap://ldap-consumer:389/)
-Config file with B<binddn> and B<password>. Verify the file B<owner>/B<group> and B<permissions>, B<(0400)> is a good choice!
-You can also set B<master,slave> and B<cn> options. (default: /etc/nagios/ius/plugins/config/check_ldap_repl.cfg)
+=item B<--config> I<string>
- [bind]
- dn = cn=admin,dc=local,dc=site
- password = secret
+Path to configuration file. Use this to store the binddn and its password.
+Verify the ownership and B<permissions>, B<(0400)> is a good choice! (default:
+/etc/nagios/ius/plugins/config/check_ldap_repl.cfg)
+
- [master]
- server = ldap://ldap-master:389/
+Example:
- [slave]
- server = ldap://ldap-slave01:389/,ldap://ldap-slave02:389/,...
-
- [object]
- cn = replcheck
+ binddn = cn=admin,dc=local,dc=site
+ password = secret
+ provider = ldap://provider:389/
+ consumer = ldap://consumer-01:389/,ldap://consumer-02:389/,...
+ dn = cn=replcheck
+ wait = 2
=item B<-w>|B<--wait> I<integer>
-Wait I<n> seconds before check the slave servers. (default: 1)
+Wait I<n> seconds before checking the consumer servers. (default: 1)
=item B<-h>|B<--help>
@@ -210,7 +213,7 @@
=head1 VERSION
-This man page is current for version 0.3.2 of B<check_ldap_repl>.
+This man page is current for version 0.3.3 of B<check_ldap_repl>.
=head1 AUTHOR