Nagios check_ldaps plugin working with SSL or TLS

Submitted by sklav on Wed, 05/16/2012 - 15:42

After wasting many days trying to get the following to work. I figured it out simply by watching a lot of ldap debug scrolling by.
Now in my case this is all running on Debian Squeeze but im sure it is similar with other Distro's possibly location and path's changing.
All this assumes you already have ldap running with SSL or TLS.

The fix to this issue is simple once you understand why it does not work or so is my guess.
It would seem that when i run the command from the shell it works perfectly but when running it threw nagios i guess the environment is not
a full environment in the sense that maybe all path and variables are not avail. So my test prove anyways.

on Nagios server you need to add the following to /etc/ldap/ldap.conf

################################################################
#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

BASE dc=ldap,dc=sklav,dc=com
#URI ldap://ldap.sklav ldap://ldap.sklav:636
URI ldaps://ldap.sklav.com:636

#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
TLS_CACERT /etc/ssl/ca-cert.pem # replace this with your CA key
#TLS_REQCERT demand
TLS_REQCERT never # Nagios will not work without this option
#######################################################################

Now on Nagios Server you need to modify the /etc/nagios-plugins/config/ldap.cfg
replace the existing section or comment it out before doing the following.

#######################################################################

# 'check_ldaps' command definition
define command{
command_name check_ldaps
command_line /usr/lib/nagios/plugins/check_ldaps -H '$HOSTADDRESS$' -b '$ARG1$' -p 636 -3
}
#######################################################################