validate windows ldap / active directory using checkmk:

since we use ssl / port 636 we set in: /etc/openldap/ldap.conf
TLS_REQCERT never
(see details below if you are interested)

run ldap test in command line:
/omd/versions/default/lib/nagios/plugins/check_ldaps -H 192.168.2.10 -b 'dc=company,dc=local' -D 'cn=my-bind-user,dc=company,dc=local' -P 'my password' -p 636 --ssl
>> result: LDAP OK - 0,020 seconds response time|time=0,020456s;;;0,000000

configure a rule in checkmk:
- Wato > Active checks > Check access to Ldap service:
Base DN: dc=company,dc=local
Authentication:
Bind DN: cn=my-bind-user,dc=company,dc=local
passwrd: my password
TCP Port: 636
Use LDAPS
Explicit hosts: my ldap server
>> this leads to the service check command: check_mk_active-ldap! -H $HOSTADDRESS$ -b 'dc=company,dc=local' -D 'cn=my-bind-user,dc=company,dc=local' -P 'my password' -p 636 --ssl


-----------------------------------------------------------------------------------------------------------
>> TLS_REQCERT in detail:

TLS_REQCERT <level>
Specifies what checks to perform on server certificates in a TLS
session, if any. The <level> can be specified as one of the
following keywords:

never The client will not request or check any server
certificate.

allow The server certificate is requested. If no certificate is
provided, the session proceeds normally. If a bad
certificate is provided, it will be ignored and the
session proceeds normally.

try The server certificate is requested. If no certificate is
provided, the session proceeds normally. If a bad
certificate is provided, the session is immediately
terminated.

demand | hard
These keywords are equivalent. The server certificate is
requested. If no certificate is provided, or a bad
certificate is provided, the session is immediately
terminated. This is the default setting.




computer2know :: thank you for your visit :: have a nice day :: © 2021