Nagios Support Forum

First off, not sure if this is the correct forum for such an issue, but here goes...

We want to monitor an LDAP server...

We step through the Monitoring Wizard -> LDAP Server configuration, answering the questions...the service returns with a Usage Error...
"Usage: check_ldap -H <host> -b <base_dn> [-p <port>] [-a <attr>] [-D <binddn>]
[-P <password>] [-w <warn_time>] [-c <crit_time>] [-t timeout]
[-2"

However, running on a command line...things work fine...
./check_ldap -H 192.168.1.10 -b DC=MYDOMAIN,DC=US,DC=MYCORP,DC=COM -D [email protected] -P MyPassword -p 3269 -3 -4 -S
LDAP OK - 0.018 seconds response time|time=0.018455s;;;0.000000

I've searched most of the day for specifics on this, but have not come up with anything that is concrete. Is there any recommendations on how to troubleshoot the situation since the command works but the WebUI doesn't?

Regards,

-Tony

This sounds like you are actually using nagios XI not core, so I will be moving this thread after you respond. Otherwise could you post the service and command definitions that got created when running the wizard for check_ldap please?

Mr. Reinhardt,

I appreciate your response.

You are correct...this is XI.

When the service is created the command that is created is:
check_xi_service_ldap!-b "DC=MYDOMAIN,DC=US,DC=MYCORP,DC=COM" -D "[email protected]" -P "MyPass" -p 3269 -3 -S

Regards,

-Tony

If you modify the service definition, so that the arguments do not include "" does that make any difference for the results returned? The only other thing I note is the inclusion of -4 for using ipv4 specifically, in your cli run command, but that shouldn't make too much of a difference unless dns has AAAA records for internal ipv6.

After doing some digging and trial and error I was able to resolve the issue.

The default LDAP check does not work out of the box.

I had to do two things...

1) I had to move the port switch (-p 3269) after the SSL switch (-S). When you generate using the template it puts the port before the switch and apparently doesn't get read.

2) I had to change the service account password to single quotes and escape a special character with a backslash.

example: Thanks for your assistance with the matter!

Regards,

-Tony

Great. Thanks for the breakdown and sleuthing. I have opened an internal bug report so we will look at the wizard and try to fix this up.

I just got done with the testing task for the bug fix, and it appears to be working correctly. I did not see a report for the escaping issue (just for the port argument order) so I am not sure if this was a separate bug report or if it was just not looked at. I have attached the fixed wizard and you can upload it under Admin -> Manage Wizards.