On 1/19/07, Formoso, Travis [EMAIL PROTECTED] wrote:
Hello,
I am trying to monitor LDAPS on my server and I am using this command:
./check_ldaps -H mars.blueslate.net -b o=scalix -p 636
I get the following error: Could not bind to the ldap-server
Have you checked the LDAP daemon logs on the server for any errors /
entries as you run check_ldaps against it? Is the server / stunnel
sending out self-signed, expired, or otherwise[-invalid/-untrusted]
credentials? Have you used any other clients to verify that LDAPS is
functional?
By checking the certificate with openssl, I can see that the
certificate isn't in my default trusted certificate authority list
(checked on Redhat Enterprise Linux AS4 Update 4):
$ openssl s_client -connect 66.194.182.14:636
CONNECTED(0003)
depth=0 /O=mail.blueslate.net/OU=Domain Control Validated/CN=mail.blueslate.net
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /O=mail.blueslate.net/OU=Domain Control Validated/CN=mail.blueslate.net
verify error:num=27:certificate not trusted
verify return:1
depth=0 /O=mail.blueslate.net/OU=Domain Control Validated/CN=mail.blueslate.net
verify error:num=21:unable to verify the first certificate
verify return:1
So maybe there is an issue there? I don't use check_ldaps (we just
have a test implementation of OpenLDAP going at work; Nagios isn't
running against it yet), but I know that there are client-side hoops
to jump through if you are using a certificate signed by [someone
other than Verisign or a handful of authorities]. I hope that helps a
bit, or at least gives you something else to look into!
When monitoring LDAP it worked fine using: ./check_ldap -H mars.blueslate.net
-b o=scalix
LDAP OK - 0.228 seconds response time|time=0.227919s;;;0.00
We are using stunnel to implement LDAPS on port 636.
This e-mail and any files transmitted with it are for the sole use of
Blue Slate Solutions and the intended recipient(s) and may contain
confidential and privileged information. If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message. Any unauthorized review, use,
disclosure, dissemination, forwarding, printing or copying of this email
or any action taken in reliance on this e-mail is strictly prohibited
and may be unlawful.
-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
___
Nagios-users mailing list
Nagios-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting
any issue.
::: Messages without supporting info will risk being sent to /dev/null
Sincerely,
-Parker
-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
___
Nagios-users mailing list
Nagios-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting
any issue.
::: Messages without supporting info will risk being sent to /dev/null
