Computer and IT knowledge - things to know
validate windows ldap / active directory using checkmk:
since we use ssl / port 636 we set in: /etc/openldap/ldap.conf
TLS_REQCERT never
(see details below if you are interested)
run ldap test in command line:
/omd/versions/default/lib/nagios/plugins/check_ldaps -H 192.168.2.10 -b 'dc=company,dc=local' -D 'cn=my-bind-user,dc=company,dc=local' -P 'my password' -p 636 --ssl
>> result: LDAP OK - 0,020 seconds response time|time=0,020456s;;;0,000000
configure a rule in checkmk:
- Wato > Active checks > Check access to Ldap service:
Base DN: dc=company,dc=local
Authentication:
Bind DN: cn=my-bind-user,dc=company,dc=local
passwrd: my password
TCP Port: 636
Use LDAPS
Explicit hosts: my ldap server
>> this leads to the service check command: check_mk_active-ldap! -H $HOSTADDRESS$ -b 'dc=company,dc=local' -D 'cn=my-bind-user,dc=company,dc=local' -P 'my password' -p 636 --ssl
-----------------------------------------------------------------------------------------------------------
>> TLS_REQCERT in detail:
TLS_REQCERT <level>
Specifies what checks to perform on server certificates in a TLS
session, if any. The <level> can be specified as one of the
following keywords:
never The client will not request or check any server
certificate.
allow The server certificate is requested. If no certificate is
provided, the session proceeds normally. If a bad
certificate is provided, it will be ignored and the
session proceeds normally.
try The server certificate is requested. If no certificate is
provided, the session proceeds normally. If a bad
certificate is provided, the session is immediately
terminated.
demand | hard
These keywords are equivalent. The server certificate is
requested. If no certificate is provided, or a bad
certificate is provided, the session is immediately
terminated. This is the default setting.
computer2know :: thank you for your visit :: have a nice day :: © 2024