Bug#491233: [Pkg-nagios-devel] Bug#491233: nagios-plugins: check_ldap should use version 3 of slapd protocol
Le dimanche 20 juillet 2008, Jan Wagner a écrit : We have no data how many installations uses check_ldap (with checking against ldapv2), but breaking default behavior is bad (and this may the reason upstream didn't do it). I'm agree with you for this point ! Anyways ... when installing a check against a ldap server leads you to have a look into /etc/nagios-plugins/config/ldap.cfg (hopefully). If you see there also a check_ldap(s)3 check, I guess you will imagine, that there is a different to the 'normal' check and investigate further and then choose the correct check for your existing ldap server. So I consider strongly to add additional checks for testst against ldapv3. Ok. But for the future, is there any other solution ? We have 3 solutions : - check both v2 and v3 in tne main scirpt check_ldap, - add a check_ldap3, - add a argument to check_ldap, - create a script which migrate old Nagios installation and change v2 to v3 is LDAP uses v3 (allow bind_v2 is not present). I have a preference for the first of them. Could we have the opinion of Nagios packaging team ? Thanks, Unfortunatly we are to late to fix it in lenny, since today was announced to freeze the archive in general next week and migrating the package from unstable to testing takes 10 days (or more). Waooo ;-) That's a good news ! -- Michel Grentzinger OpenPGP key ID : B2BAFAFA Available on http://www.keyserver.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#491233: [Pkg-nagios-devel] Bug#491233: nagios-plugins: check_ldap should use version 3 of slapd protocol
Hi Michel, On Monday 21 July 2008 08:24, Michel Grentzinger wrote: Anyways ... when installing a check against a ldap server leads you to have a look into /etc/nagios-plugins/config/ldap.cfg (hopefully). If you see there also a check_ldap(s)3 check, I guess you will imagine, that there is a different to the 'normal' check and investigate further and then choose the correct check for your existing ldap server. So I consider strongly to add additional checks for testst against ldapv3. Ok. But for the future, is there any other solution ? We have 3 solutions : - check both v2 and v3 in tne main scirpt check_ldap, you are talking about modifying the script to check at first v3 and if that fails check v2? Sounds a bit overkill for me. - add a check_ldap3, That is, what I have planned to do. - add a argument to check_ldap, - create a script which migrate old Nagios installation and change v2 to v3 is LDAP uses v3 (allow bind_v2 is not present). Both will break existing installations using check_ldap command definition! This is for me no option we have. I have a preference for the first of them. Could we have the opinion of Nagios packaging team ? As member of it and the guy who is actually doing the most work on nagios-plugins, I have planned to add a check_ldap3 command definition. I think I declared why. With kind regards, Jan. -- Never write mail to [EMAIL PROTECTED], you have been warned! -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT d-- s+: a- C+++ UL P+ L+++ E- W+++ N+++ o++ K++ w--- O M V- PS PE Y++ PGP++ t-- 5 X R tv- b+ DI- D++ G++ e++ h-- r+++ y+++ --END GEEK CODE BLOCK-- pgpmBmy2nR6L4.pgp Description: PGP signature
Bug#491233: [Pkg-nagios-devel] Bug#491233: nagios-plugins: check_ldap should use version 3 of slapd protocol
Le lundi 21 juillet 2008, Jan Wagner a écrit : We have 3 solutions : - check both v2 and v3 in tne main scirpt check_ldap, you are talking about modifying the script to check at first v3 and if that fails check v2? Sounds a bit overkill for me. I think this is the best solution ! I don't know how much works it requires but we have some advantage with this : - it doesn't break any existing installation, - it could check both v2 and v3, - perhaps the script could print if LDAP is running v2 or v3, - the user haven't to know if LDAP uses protocol 2 or 3 - when the user make the transition from v2 to v3 (or v4, v5), it haven't to modify his host in his nagios installation, - with many server, the nagios user have an overview about each protocol used by each LDAP server. The only drawback is see is the time execution of the script. But if some test is good-located in the script, this is a minor problem. That could be : - add a var name which refer to the defaut protocol (can be changed for the future) - check_ldap with defaut protocol - check with old protocol - print the result with name of the protocol(s) used PS : I don't know if both can be running at the same time. I think yes. - add a check_ldap3, That is, what I have planned to do. As I write it up, the user have to look at /usr/lib/nagios2/plugins/ for knowing which script must be used. - add a argument to check_ldap, - create a script which migrate old Nagios installation and change v2 to v3 is LDAP uses v3 (allow bind_v2 is not present). Both will break existing installations using check_ldap command definition! This is for me no option we have. Ok. Thanks, -- Michel Grentzinger OpenPGP key ID : B2BAFAFA Available on http://www.keyserver.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#491233: [Pkg-nagios-devel] Bug#491233: nagios-plugins: check_ldap should use version 3 of slapd protocol
Hi Michel, On Monday 21 July 2008 14:15, Michel Grentzinger wrote: Le lundi 21 juillet 2008, Jan Wagner a écrit : We have 3 solutions : - check both v2 and v3 in tne main scirpt check_ldap, you are talking about modifying the script to check at first v3 and if that fails check v2? Sounds a bit overkill for me. I think this is the best solution ! I don't know how much works it requires but we have some advantage with this : - it doesn't break any existing installation, - it could check both v2 and v3, - perhaps the script could print if LDAP is running v2 or v3, - the user haven't to know if LDAP uses protocol 2 or 3 - when the user make the transition from v2 to v3 (or v4, v5), it haven't to modify his host in his nagios installation, - with many server, the nagios user have an overview about each protocol used by each LDAP server. The only drawback is see is the time execution of the script. But if some test is good-located in the script, this is a minor problem. That could be : - add a var name which refer to the defaut protocol (can be changed for the future) - check_ldap with defaut protocol - check with old protocol - print the result with name of the protocol(s) used PS : I don't know if both can be running at the same time. I think yes. fell free filling up a bug at http://sourceforge.net/tracker/?group_id=29880atid=397597 and providing a patch there. Since I don't use any LDAP check, I won't mess it up for my own. Personly I guess upstream has good reasons to keep v2 the default protocoll and use v3 optional, but maybe you can convince them to review their decision. If the doesn't occure any code changes in recent time (via patch or upstream), I will introduce a new check_ldap3 command definition. with kind regards, Jan. -- Never write mail to [EMAIL PROTECTED], you have been warned! -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT d-- s+: a- C+++ UL P+ L+++ E- W+++ N+++ o++ K++ w--- O M V- PS PE Y++ PGP++ t-- 5 X R tv- b+ DI- D++ G++ e++ h-- r+++ y+++ --END GEEK CODE BLOCK-- pgpx3lcHov4mT.pgp Description: PGP signature
Bug#491233: [Pkg-nagios-devel] Bug#491233: nagios-plugins: check_ldap should use version 3 of slapd protocol
# Forwarded to upstream tags 491233 + upstream forwarded 491233 https://sourceforge.net/tracker/?func=detailatid=397597aid=2023584group_id=29880 thanks Hi Michel, On Monday 21 July 2008 14:25, Jan Wagner wrote: fell free filling up a bug at http://sourceforge.net/tracker/?group_id=29880atid=397597 and providing a patch there. Since I don't use any LDAP check, I won't mess it up for my own. Thanks for doing so. With kind regards, Jan. -- Never write mail to [EMAIL PROTECTED], you have been warned! -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT d-- s+: a- C+++ UL P+ L+++ E- W+++ N+++ o++ K++ w--- O M V- PS PE Y++ PGP++ t-- 5 X R tv- b+ DI- D++ G++ e++ h-- r+++ y+++ --END GEEK CODE BLOCK-- pgpTun8H1T8g4.pgp Description: PGP signature
Bug#491233: [Pkg-nagios-devel] Bug#491233: nagios-plugins: check_ldap should use version 3 of slapd protocol
Hi Michel,
On Thursday 17 July 2008 22:53, Michel Grentzinger wrote:
I've a server box which resides nagios2 and slapd server (Debian Etch). By
default, OpenLDAP use version 3 of the protocol but check_ldap use version
2.
This works for me :
/usr/lib/nagios/plugins/check_ldap -3 -H kayak.homeg.lan -b
'dc=homeg,dc=lan' LDAP OK - 0,013 secondes de temps de
r�ponse|time=0,012601s;;;0,00
So I must modify the /etc/nagios-plugins/config/ldap.cfg :
# 'check_ldap' command definition
define command{
command_namecheck_ldap
command_line/usr/lib/nagios/plugins/check_ldap -H $HOSTADDRESS$
-b $ARG1$ -3 }
the problem of changing the command definition of 'check_ldap'is, that it
breaks existing installations, so I would say we are recommanded to not do
that.
Of course we can add another check command (maybe check_ldap3), which provides
this functionality.
Any objections? With kind regards, Jan.
--
Never write mail to [EMAIL PROTECTED], you have been warned!
-BEGIN GEEK CODE BLOCK-
Version: 3.1
GIT d-- s+: a- C+++ UL P+ L+++ E- W+++ N+++ o++ K++ w--- O M V- PS PE
Y++ PGP++ t-- 5 X R tv- b+ DI- D++ G++ e++ h-- r+++ y+++
--END GEEK CODE BLOCK--
pgph9CymQNxCN.pgp
Description: PGP signature
Bug#491233: [Pkg-nagios-devel] Bug#491233: nagios-plugins: check_ldap should use version 3 of slapd protocol
Le dimanche 20 juillet 2008, Jan Wagner a écrit : the problem of changing the command definition of 'check_ldap'is, that it breaks existing installations, so I would say we are recommanded to not do that. Of course we can add another check command (maybe check_ldap3), which provides this functionality. Any objections? With kind regards, Jan. I don't know since when LDAP protocol was 3 instead of 2 buit in my etch, it's 3 which is used. I do not know how long LDAP use protocol version 3 , but I spent a lot of time because of this problem ! In my Debian Etch, version 3 is used ! Also my LDAP installation haven't this option set : # allow bind_v2 Please change the default protocol as it's now the default in LDAP. Note this causes any data lost, just some warnings and notifications. You can also add a another check command : I don't know which is the best. I put the maintainer team of openldap in the CC field. Thanks, Best regards, -- Michel Grentzinger OpenPGP key ID : B2BAFAFA Available on http://www.keyserver.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#491233: [Pkg-nagios-devel] Bug#491233: nagios-plugins: check_ldap should use version 3 of slapd protocol
On Sunday 20 July 2008 22:17, Michel Grentzinger wrote: I do not know how long LDAP use protocol version 3 , but I spent a lot of time because of this problem ! In my Debian Etch, version 3 is used ! Also my LDAP installation haven't this option set : # allow bind_v2 Please change the default protocol as it's now the default in LDAP. Note this causes any data lost, just some warnings and notifications. You can also add a another check command : I don't know which is the best. We have no data how many installations uses check_ldap (with checking against ldapv2), but breaking default behavior is bad (and this may the reason upstream didn't do it). Anyways ... when installing a check against a ldap server leads you to have a look into /etc/nagios-plugins/config/ldap.cfg (hopefully). If you see there also a check_ldap(s)3 check, I guess you will imagine, that there is a different to the 'normal' check and investigate further and then choose the correct check for your existing ldap server. So I consider strongly to add additional checks for testst against ldapv3. Unfortunatly we are to late to fix it in lenny, since today was announced to freeze the archive in general next week and migrating the package from unstable to testing takes 10 days (or more). With kind regards, Jan. -- Never write mail to [EMAIL PROTECTED], you have been warned! -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT d-- s+: a- C+++ UL P+ L+++ E- W+++ N+++ o++ K++ w--- O M V- PS PE Y++ PGP++ t-- 5 X R tv- b+ DI- D++ G++ e++ h-- r+++ y+++ --END GEEK CODE BLOCK-- pgpoy2mby3Cw9.pgp Description: PGP signature
