Page 1 of 2
LDAP Monitoring in Nagios
Posted: Tue Nov 13, 2018 6:47 am
by hoegh
Hi team,
We want to add monitoring of LDAP ports & Drivers in Nagios.
We tried
check_ldap &
check_dxml_drvstate plugins & encountered below errors:
With check_ldap its not able to find/search objectclasses:
Code: Select all
$ check_ldap -H 10.202.24.48 -b cn=idm,cn=monitor -a cn=AzureAD,cn=drivers,cn=driverSet_Stats,cn=IDM,cn=Monitor
Could not search/find objectclasses in cn=idm,cn=monitor
With check_dxml_drvstate, its not detecting the Driver state. Its just showing :
Driver $driver_name_if_any$
is STARTING...
Code: Select all
$ check_dxml_drvstate -s 10.202.24.48 -d cn=ActiveDirectory,cn=drivers,cn=driverSet_Stats,cn=IDM,cn=Monitor
Driver ActiveDirectory.drivers.driverSet_Stats.IDM.Monitor is STARTING...
We are using check_dxml_drvstate 2.1.
Please help us to configure the LDAP ports & Drivers in Nagios monitoring.
Thansk & Regards
Hoegh
Re: LDAP Monitoring in Nagios
Posted: Tue Nov 13, 2018 4:09 pm
by cdienger
These are two separate plugins and should have their own threads if needed.
The check_ldap plugin's "-a" only accepts one attribute to filter for. I assume you're looking for the existence of the cn=AzureAD,cn=drivers,cn=driverSet_Stats,cn=IDM,cn=Monitor object ? Try:
check_ldap -H 10.202.24.48 -b "cn=AzureAD,cn=drivers,cn=driverSet_Stats,cn=IDM,cn=Monitor" -W 0 -v
and per the author of the check_dxml_drvstate plugin, the plugin is a wrapper for the "dxcmd -getstate" command. What are the results when you run this directly on the ldap server?
Re: LDAP Monitoring in Nagios
Posted: Wed Nov 14, 2018 7:35 am
by hoegh
cdienger wrote:These are two separate plugins and should have their own threads if needed.
The check_ldap plugin's "-a" only accepts one attribute to filter for. I assume you're looking for the existence of the cn=AzureAD,cn=drivers,cn=driverSet_Stats,cn=IDM,cn=Monitor object ? Try:
check_ldap -H 10.202.24.48 -b "cn=AzureAD,cn=drivers,cn=driverSet_Stats,cn=IDM,cn=Monitor" -W 0 -v
and per the author of the check_dxml_drvstate plugin, the plugin is a wrapper for the "dxcmd -getstate" command. What are the results when you run this directly on the ldap server?
Hi cdienger,
tried above command but it not worked.
Code: Select all
check_ldap -H 10.202.24.48 -b "cn=AzureAD,cn=drivers,cn=driverSet_Stats,cn=IDM,cn=Monitor" -W 0 -v
Could not search/find objectclasses in cn=AzureAD,cn=drivers,cn=driverSet_Stats,cn=IDM,cn=Monitor
and we will update you the result of "
dxcmd -getstate" command on LDAP server soon.
Please suggest if any other plugin we can use.
Thanks & Regards
Hoegh
Re: LDAP Monitoring in Nagios
Posted: Wed Nov 14, 2018 1:34 pm
by cdienger
Try the following:
check_ldap -H 10.202.24.48 -b "cn=AzureAD,cn=drivers,cn=driverSet_Stats,cn=IDM,cn=Monitor" -W 0 -a cn=AzureAD -v
Also, if you need more assistance for the dxcmd plugin, please open a new thread with the output of the dxcmd -getstate command and feel free to reference this thread.
Re: LDAP Monitoring in Nagios
Posted: Wed Nov 14, 2018 9:07 pm
by hoegh
Hi cdienger,
tried above command but it didn't worked.
CODE: SELECT ALL
check_ldap -H 10.202.24.48 -b "cn=AzureAD,cn=drivers,cn=driverSet_Stats,cn=IDM,cn=Monitor" -W 0 -a cn=AzureAD -v
Could not search/find objectclasses in cn=AzureAD,cn=drivers,cn=driverSet_Stats,cn=IDM,cn=Monitor
Still getting the same error
Please suggest what can be done further.
Thanks & Regards
Hoegh
Re: LDAP Monitoring in Nagios
Posted: Thu Nov 15, 2018 10:48 am
by cdienger
I'd like to see how the ldap server is responding and we can do that with packet capture:
yum -y install tcpdump
tcpdump -s 0 -i any port 389 -w output.pcap
Let this run while you run the ./check_ldap command and then use CTRL+C to stop it. The output.pcap file will contain sensitive info so PM it to me or attach it to a new ticket at
https://support.nagios.com/tickets/.
Re: LDAP Monitoring in Nagios
Posted: Fri Nov 16, 2018 7:35 am
by hoegh
cdienger wrote:I'd like to see how the ldap server is responding and we can do that with packet capture:
yum -y install tcpdump
tcpdump -s 0 -i any port 389 -w output.pcap
Let this run while you run the ./check_ldap command and then use CTRL+C to stop it. The output.pcap file will contain sensitive info so PM it to me or attach it to a new ticket at
https://support.nagios.com/tickets/.
Hi cdienger,
I've sent you output file. Please find in PM inbox.
Thanks & Regards
Hoegh.
Re: LDAP Monitoring in Nagios
Posted: Fri Nov 16, 2018 11:00 am
by cdienger
The ldap server is responding with a "insufficientAccessRights" message. Either the ldap server needs to be configured to allow these requests or you can try binding to the directory using credentials of a user with the rights. For example:
./check_ldap -H 10.202.24.48 -b "cn=AzureAD,cn=drivers,cn=driverSet_Stats,cn=IDM,cn=Monitor" -W 0 -a cn=AzureAD -v -D cn=admin,cn=users,cn=IDM,cn=Monitor -P adminspassword
Re: LDAP Monitoring in Nagios
Posted: Thu Nov 29, 2018 6:23 pm
by hoegh
Hi Cdienger,
I tried below command with a user nagioschecker which can only read the attributes of the driverset and the drivers underneath it. Below command is suggested by the person who is handling LDAP drivers.
Code: Select all
check_dxml_drvstate --server oslsec016 --username "nagioschecker" --password "***********" --driver "cn=Active Directory,cn=drivers,cn=driverSet_Stats,cn=IDM,cn=Monitor" --tree "LHC"
Driver Active Directory.drivers.driverSet_Stats.IDM.Monitor is STARTING...
Also I've sent you the output.pcap file (in PM) which i generated during execution of above command.
Please check & help us to monitor LDAP drivers in Nagios.
Thanks & Regards
VipiN
Hoegh
Re: LDAP Monitoring in Nagios
Posted: Fri Nov 30, 2018 1:22 pm
by cdienger
If the capture was taken when the check_dxml_drvstate plugin was run, I would have to question if it is actually doing checks properly. The capture shows the client establishes a tcp connection and then immediately terminates it - no ldap communication is captured.