Well, you could argue that if network connectivity is preventing auth, you're going to have a lot bigger problems that figuring out if one host can't see "gloryland" from the back warehouse at the shipping dock. The CEO won't be logging in, and will be sitting on your desk.
The only time I think it'd be helpful in our situation would be if I had multiple network segments authenticating into a central zone that is part of a VLAN with everything else, thus just asking for potential auth problems.
You start authenticating across network boundaries or VLANs, you're just asking for trouble.
--j
On Apr 28, 2010, at 8:06 AM, David Morgan wrote:
See all the fun stuff one can do with Xymon?
Jerald Sheets wrote:
Yeah, that's it's usage.
So, I guess from time to time the clients have issues hitting the server? Never thought to test in that direction.
--j
On Apr 28, 2010, at 7:49 AM, David Morgan wrote:
We wanted to test the connectivity from the LDAP clients (running a xymon agent) to the LDAP server and report their connectivity status.
It appears (at least from what I read) that the LDAP module is a test from the Hobbit/XYmon Server to the LDAP server.
Dave
Jerald Sheets wrote:
Hobbit has a built in LDAP test if I remember correctly. Was it not serving your needs?
--jms
On Apr 27, 2010, at 3:55 PM, David Morgan wrote:
We have a custom client side script that we wrote to test ldap
connectivity (See below)
% cat getent.sh
#!/bin/sh
COLUMN=ldap-con # Does the server have an LDAP conection
COLOR=green # By default, everything is OK
MSG="LDAP Connectivity Check"
TESTVAL=`/usr/bin/getent group admins | wc -l`
# Do whatever you need to test for something
# As an example, go red if /tmp/badstuff exists.
if [ $TESTVAL -eq 0 ]
then
COLOR=red
MSG="${MSG}
LDAP Configureation and Connectivity is BORKED UP
"
else
MSG="${MSG}
LDAP Configureation and Connectivity is OK
"
fi
# Tell Hobbit about it
$BB $BBDISP "status $MACHINE.$COLUMN $COLOR `date`
${MSG}
"
exit 0
And the following is our clientlocal.sh portion for this script:
# LDAP Check - This command makes sure that this box is connected to
the MGS LDAP Server
[ldap-con]
ENVFILE $HOBBITCLIENTHOME/etc/hobbitclient.cfg
CMD $HOBBITCLIENTHOME/ext/getent.sh
LOGFILE $HOBBITCLIENTHOME/logs/ldap.log
INTERVAL 4h
As can be seen, we have it running every 4 hours. The status check
should be green, however, it goes to purple. Is there a way (and
where/how) to change the default timeout for this, as I think the 4
hour time is making it puke.
Both these scripts are on the client side.
--
David S. Morgan CISSP, CCNP
aka: user-4691629dd582@xymon.invalid
"When the Winds of Change Blow Hard Enough,
the Most trivial of things can turn into deadly projectiles"