> On Fri, 3 Jan 2003 [EMAIL PROTECTED] wrote:
>
> > Hello,
> > I fecth to monitor LDAP server (Netwarte 6) and i have a question.
> >
> > Does it exist LDAP Monitor with this functionalities :
> > - authentificate bind
> > - response time
>
> Looking at the ldap.monitor supplied with the distribution of mon, it
> looks like the answer is no to both of those questions. Both would be easy
> to add, Net::LDAP has the hooks for binding non-anonymously and that would
> be trivial to add ; and you could use Time::HiRes to perform the timing of
> the connection and binds.
Although it isn't what you're looking for I'll toss this out: I've
added the LDAPS support to ldap.monitor. There are two new options:
--tls Enables TLS.
--cafile Optional. Location of the CA cert file (PEM format).
I couldn't get Net::LDAP->start_tls() to work so I resorted to using
Net::LDAPS.
I didn't test it against a regular (i.e. non-TLS) LDAP server
because I don't have access to one.
Here's the patch:
--- mon.d/ldap.monitor Sat Jun 30 11:44:29 2001
+++ local/ldaps.monitor Fri Jan 3 15:56:36 2003
@@ -1,4 +1,5 @@
-#!/usr/bin/perl
+#!/usr/bin/perl -w
+
#
# This script will search an LDAP server for objects that match the -filter
# option, starting at the DN given by the -basedn option. Each DN found must
@@ -32,33 +33,46 @@
# $Id: ldap.monitor 1.2 Sat, 30 Jun 2001 14:44:29 -0400 trockij $
#
+use strict;
+
use Net::LDAP;
+use Net::LDAPS;
use Getopt::Long;
# Here are the default values for the things you can specify via options
-$LDAPPort = 389;
-$BaseDN = "o=Your Org, c=US";
-$Filter = "cn=Directory Admin";
-$Attribute = "objectClass";
-$Value = "YourValue";
-$verbose = 0;
-
-@errs = ();
-
-%OptVars = ("port" => \$LDAPPort,
- "basedn" => \$BaseDN,
- "filter" => \$Filter,
- "attribute" => \$Attribute,
- "value" => \$Value,
- "verbose" => \$verbose);
+my $LDAPPort = 389;
+my $BaseDN = "o=Your Org, c=US";
+my $Filter = "cn=Directory Admin";
+my $Attribute = "objectClass";
+my $Value = "YourValue";
+my $verbose = 0;
+my $tls = 0;
+my $cafile = '';
+
+my @errs = ();
+
+my %OptVars = ("port" => \$LDAPPort,
+ "basedn" => \$BaseDN,
+ "filter" => \$Filter,
+ "attribute" => \$Attribute,
+ "value" => \$Value,
+ "verbose" => \$verbose,
+ "tls" => \$tls,
+ "cafile" => \$cafile);
if (!GetOptions(\%OptVars,
"port=i", "basedn=s", "filter=s",
- "attribute=s", "value=s", "verbose")) {
+ "attribute=s", "value=s", "verbose", "tls", "cafile=s")) {
print "Problems with Options, sorry.\n";
exit 1;
}
+my $verify = 'require';
+if (!length $cafile) {
+ $verify = 'none';
+ $cafile = '/dev/null';
+}
+
# There has to be at least one argument left, the ldap server to query.
if ($#ARGV < 0) {
print "$0: Insufficient arguments. There must be at least 1 server to query\n";
@@ -66,15 +80,43 @@
}
# Loop through all the server given on the command line.
-$ErrCnt = 0;
-foreach $LDAPHost (@ARGV) {
- # Open the connection to the server and do a simple, anonymous bind
- unless ($ldap = Net::LDAP->new($LDAPHost, port => $LDAPPort)) {
- push(@FailedHosts, "$LDAPHost:$LDAPPort");
- push(@errs, "ldap_init Failed: host=$LDAPHost:$LDAPPort: $!");
- $ErrCnt++;
- next;
+my $ErrCnt = 0;
+my @FailedHosts;
+my $mesg;
+my $nentries;
+my $entry;
+my $attr;
+my $dn;
+my %record;
+my $attrFound;
+my $goodVal;
+my $val;
+
+for my $LDAPHost (@ARGV) {
+
+ my $ldap;
+
+ if ($tls) {
+
+ unless($ldap = Net::LDAPS->new($LDAPHost, port => $LDAPPort,
+ verify => $verify, cafile => $cafile)) {
+ push(@FailedHosts, "$LDAPHost:$LDAPPort");
+ push(@errs, "ldap_init Failed: host=$LDAPHost:$LDAPPort: $!");
+ $ErrCnt++;
+ next;
+ }
+
+ } else {
+
+ # Open the connection to the server and do a simple, anonymous bind
+ unless ($ldap = Net::LDAP->new($LDAPHost, port => $LDAPPort)) {
+ push(@FailedHosts, "$LDAPHost:$LDAPPort");
+ push(@errs, "ldap_init Failed: host=$LDAPHost:$LDAPPort: $!");
+ $ErrCnt++;
+ next;
+ }
+
}
unless ($ldap->bind) {
@@ -99,7 +141,7 @@
my $dn = $entry->dn;
$nentries++;
foreach $attr ($entry->attributes) {
- $record{$dn}->{$attr} = [$entry->get ($attr)];
+ $record{$dn}->{$attr} = [$entry->get_value($attr)];
}
}
--
Mark Wagner [EMAIL PROTECTED] 206-598-0302
Unix System Administrator, Radiation Oncology and Radiology
_______________________________________________
mon mailing list
[EMAIL PROTECTED]
http://linux.kernel.org/mailman/listinfo/mon
