check_ldap Ignores -a (ldap attribute to search)

[SteveBeauchemin]

Has anyone tried to use the 'Match this' parameter of check_ldap?

It seems that the parameter is happy as long as there is an equal sign in it after some text.

for example:

./check_ldap -H [IP] -b "[my stuff]" -p 3890 -D "[more of my stuff]" -P [my pasword] -w 8 -c 12 -t 30 -a "(zzzzzzzzzzzzzzzzzzzzzzzzz=)"
LDAP OK - 0.660 seconds response time|time=0.660287s;8.000000;12.000000;0.000000

No matter what I enter, it passes and LDAP is OK.
Tried these:
-a "(c=)"
-a "(z=)"
-a '(gg=)'
As long as anything precedes the = the test passes.

My problem is that I want to match a specific piece of test, where -a "(dc=[my specific thing])" will either pass or fail if that item is there or not there.

./check_ldap -V
check_ldap v2.0.3 (nagios-plugins 2.0.3)

Anyone have any ideas other than writing my own test?

Thanks
Steve B

[scottwilkerson]

When you pass the -w and -c params, it changes to use response time for the query

Code: Select all

 -w, --warning=DOUBLE
    Response time to result in warning status (seconds)
 -c, --critical=DOUBLE
    Response time to result in critical status (seconds)

I believe you need can remove them to use the search

[SteveBeauchemin]

Scott,

Removing the -w -c and the -t make no difference. The result is always OK as long as the -a has some text and an equal sign.

such as this:

./check_ldap -H 198.151.224.183 -b "[stuff]" -p 3890 -D "[my stuff]" -P [password] -a "(dc=xx)"
LDAP OK - 0.030 seconds response time|time=0.030016s;;;0.000000

Please try this on your own. Show me your results.

Thanks

Steve B

[SteveBeauchemin]

Actually, I hope what you said earlier is also not true. There should be time tests available for LDAP whether or not it is testing for a reply match. The tests should fail if it takes too long, and should also fail if there is no match. Both are legitimate responses for HTTP testing. Why would LDAP be different?

Steve B

[Box293]

I've been playing with this and I think that this is a bug.

For example:

Code: Select all

./check_ldap -H 10.25.14.51 -b "DC=BOX293,DC=local" -D "CN=001 Admin User,CN=Users,DC=BOX293,DC=local" -P "password" -3 -a "(objectclassTHISDOESNOTEXIST=*)"

LDAP OK - 0.007 seconds response time|time=0.007005s;;;0.000000

I've tried using the -v argument to produce verbosity however it does not do anything.

[SteveBeauchemin]

Thank you for trying before replying. I appreciate the effort.

Steve B

[sreinhardt]

I'll take a look at this in the next few days, and see if fixes can be applied to the 2.1 branch. Also just to 100% confirm, could you run

Code: Select all

./check_ldap --version

Just want to be sure everything is current. Considering box has the same issues, I would imagine it's still a bug.

[SteveBeauchemin]

./check_ldap --version
check_ldap v2.0.3 (nagios-plugins 2.0.3)

[sreinhardt]

OK thanks, I'll post back with an update.