發佈於 作者: t850008

以 Nagios 偵測 LDAP Server

1. 檢查是否有 check_ldap 檢查指令
一個是使用採用簡單認證,另外一個是支援加密傳輸
# locate check_ldap
/usr/lib64/nagios/plugins/check_ldap
/usr/lib64/nagios/plugins/check_ldaps

2. 檢查一下,check_ldap 須要加入的參數
# /usr/lib64/nagios/plugins/check_ldap -h
Options:
 -h, –help
    Print detailed help screen
 -V, –version
    Print version information
 –extra-opts=[section][@file]
    Read options from an ini file. See http://nagiosplugins.org/extra-opts
    for usage and examples.
 -H, –hostname=ADDRESS
    Host name, IP Address, or unix socket (must be an absolute path)
 -p, –port=INTEGER
    Port number (default: 389)
 -4, –use-ipv4
    Use IPv4 connection
 -6, –use-ipv6
    Use IPv6 connection
 -a [–attr]
    ldap attribute to search (default: “(objectclass=*)”
 -b [–base]
    ldap base (eg. ou=my unit, o=my org, c=at
 -D [–bind]
    ldap bind DN (if required)
 -P [–pass]
    ldap password (if required)
 -T [–starttls]
    use starttls mechanism introduced in protocol version 3
 -S [–ssl]
    use ldaps (ldap v2 ssl method). this also sets the default port to 636
 -2 [–ver2]
    use ldap protocol version 2
 -3 [–ver3]
    use ldap protocol version 3
    (default protocol version: 2)
 -w, –warning=DOUBLE
    Response time to result in warning status (seconds)
 -c, –critical=DOUBLE
    Response time to result in critical status (seconds)
 -t, –timeout=INTEGER
    Seconds before connection times out (default: 10)
 -v, –verbose
    Show details for command-line debugging (Nagios may truncate output)
[@more@]3. 測試一下
# /usr/lib64/nagios/plugins/check_ldap -H ldap.test.ilc.edu.tw -b dc=ldap,dc=test.ilc.edu.tw -p 389
LDAP OK – 0.026 seconds response time|time=0.026050s;;;0.000000

4. 在 /etc/nagios/objects/commands.cfg 檔案加入

# ‘check_ldap’ command definition
define command{
        command_name    check_ldap
        command_line    $USER1$/check_ldap -H $HOSTADDRESS$ -b $ARG1$ -p $ARG2$
        }

5. 在要偵測的 DNS 主機加入
# vim /etc/nagios/servers/ldap.cfg
define service{
        use                             generic-service         ; Name of service template to use
        host_name                       ldap.test.ilc.edu.tw
        service_description              LDAP
        check_command                   check_ldap!dc=ldap,dc=test.ilc.edu.tw!389
        notifications_enabled           1
        }

重新啟動 Nagios
# service nagios restart
Running configuration check…done.
Stopping nagios: .done.
Starting nagios: done.

如果沒有出現錯誤訊息,代表設定成功

這時候應該可以看到下面的圖