survivor: Ldap Check Module

SURVIVOR: ldap Check Module

About ldap

About ldap

basics

Module Type	Scheduler	Remote
check	Yes	No

syntax

     module ldap {
       [port <number>]
       filter <string>
       [extract <extraction>]
       [replyattribute <string>]
       [replyvalue <string>]
       [replytest <relation>]
       [searchbase <string>]
       [binddn <string>]
       [bindpassword <password>]
       [ssl (no | ldaps | starttls)]
       [version (2 | 3)]
       [response <string>]
     }

Dependencies

Perl Modules
- Net::LDAP See known problems for issues related to this module
- For monitoring LDAPS hosts, IO::Socket::SSL is required
- For LDAPS hosts that do not support starttls, Net::LDAPS is also required.

Arguments

Name	Type	Value
port	optional number between 1 and 65535, default is 389	Port number on which LDAP server is listening.
filter	string	Search filter to use to elicit a response.
extract	optional extraction	An extraction applied to the value obtained in the reply. If replytest is also specified, the extraction will be performed first.
replyattribute	optional string	An attribute that must be found in the reply.
replyvalue	optional string	A value that must be found in the reply.
replytest	optional relation	A relation that must evaluate to true using the value obtained in the reply.
searchbase	optional string	Search base to use.
binddn	optional string	DN to use to bind to the LDAP server.
bindpassword	optional password	When binddn is provided, the password to use to bind to the LDAP server via plaintext.
ssl	optional string, one of 'no', 'ldaps', or 'starttls', default is no	Use SSL for the connection. ldaps and starttls are the two available methods, the appropriate one is dependent on the server being monitored.
version	optional number, one of '2' or '3', default is '2'	Specify which version of the LDAP protocol to use, the appropriate one is dependent on the server being monitored.
response	optional string	Exact string to be found as a line of output if a response is expected. This argument is deprecated and is subject to removal in a future release. The same functionality can be achieved with the replyattribute and replyvalue arguments.

Description

The ldap module performs an ldapsearch in order to determine if the host being checked is responding to LDAP requests. Wildcards are not supported in the response string.

Examples

To look for a person with surname "smith":

     module ldap {
       filter         sn=smith
       replyattribute objectclass
       replyvalue     person
     }

To look for a person with surname "jones" on an alternate port requiring binding:

     module ldap {
       port           3389
       filter         sn=jones
       replyattribute objectclass
       replyvalue     person
       binddn         cn=test, dc=university, dc=edu
       bindpassword   dumbpasswd
     }

To retrieve a record containing the attributes

     datakey: databasesize
     datavalue: 1596 records

and verify that there are more than 1000 records present:

     module ldap {
       filter         datakey=databasesize
       replyattibute  datavalue
       extract        column[0]
       replytest      gt[1000]
     }

To test where no results are expected:

     module ldap {
       filter sn=zwvwv
     }

$Date: 2006/11/19 19:12:46 $
$Revision: 0.10 $

keywords
binddn
bindpassword
extract
filter
port
replyattribute
replytest
replyvalue
response
searchbase
ssl
version