ldap test
list Jon Bjorn Njalsson
Are any of you using hobbit to monitor ldap servers ? If so could you please give me an example entry in bb-hosts because Im having a hard time figuring it out. -- Jon Bjorn Njalsson <user-5c8e7718045c@xymon.invalid>
list Henrik Størner
▸
On Mon, Apr 18, 2005 at 02:33:43PM +0000, Jon Bjorn Njalsson wrote:
Are any of you using hobbit to monitor ldap servers ? If so could you please give me an example entry in bb-hosts because Im having a hard time figuring it out.
Here's one I use: 10.2.165.108 someserver # ldap://10.2.165.108:389/ou=workoutusers,ou=WorkOutBase,o=sample.com??sub?(uid=thomsonm) The LDAP container is sample.com -> WorkOutBase -> workoutusers", and I'm querying the server for any record with a uid-field containing "thomsonm". Does that help ? Regards, Henrik
list James Wade
I've compiled the LDAP test in hobbit, and I'm trying to test the login ability. However, I'm not sure it's working. All the test status shows me is O.K.. Here's what's in my bb-hosts file: 192.168.20.1 systemA # ldaplogin=ldapuser:passwd ldap:systemA:389 Am I missing something here? What's a good way to test if I'm actually doing a login test of ldap? What does the status normally show? Thanks..James
list James Wade
Henrik, I could really use some help on this one. Can you point me in the right direction? Thanks..James
▸
From: James Wade [mailto:user-659655b2ea05@xymon.invalid]
Sent: Tuesday, November 14, 2006 12:10 PM
To: user-ae9b8668bcde@xymon.invalid
Subject: [hobbit] LDAP Test
I've compiled the LDAP test in hobbit, and I'm trying
to test the login ability. However, I'm not sure it's working.
All the test status shows me is O.K..
Here's what's in my bb-hosts file:
192.168.20.1 systemA # ldaplogin=ldapuser:passwd ldap:systemA:389
Am I missing something here? What's a good way to test if I'm actually
doing a login test of ldap? What does the status normally show?
Thanks..James
list Henrik Størner
▸
On Tue, Nov 14, 2006 at 12:10:27PM -0600, James Wade wrote:
I've compiled the LDAP test in hobbit, and I'm trying to test the login ability. However, I'm not sure it's working.
192.168.20.1 systemA # ldaplogin=ldapuser:passwd ldap:systemA:389What exactly are you trying to do here? The "ldap:systemA:389" doesn't make sense. If you want just to test if the ldap port is open, then you should just use "ldap" - nothing more. If you want to check if the ldap server is responding to queries, then you must provide a full URL-style LDAP query - see the bb-hosts man-page for details about how to do that. Since you're messing the "ldaplogin", I assume you want to perform the "real" LDAP lookup test. BTW, "ldaplogin" is only needed if your LDAP server requires authentication. Most LDAP servers allow anonymous connections for simple lookups. Regards, Henrik
list James Wade
I've tried this: ldap://systemA:389/ou=my,o=test,st=tx,c=us ldaplogin=ldapuser:passwdd Didn't work though. I got the ou, o,st,c from the ldap folks. Yes, I want to do a real ldap lookup. The ldap folks have created a test account for me. We had ldap hang today, so Hobbit showed everything fine, but now one could authenticate. Thanks for the help. James
▸
-----Original Message-----
From: Henrik Stoerner [mailto:user-ce4a2c883f75@xymon.invalid]
Sent: Tuesday, November 14, 2006 3:53 PM
To: user-ae9b8668bcde@xymon.invalid
Subject: Re: [hobbit] LDAP Test
On Tue, Nov 14, 2006 at 12:10:27PM -0600, James Wade wrote:I've compiled the LDAP test in hobbit, and I'm trying to test the login ability. However, I'm not sure it's working. 192.168.20.1 systemA # ldaplogin=ldapuser:passwd ldap:systemA:389
What exactly are you trying to do here? The "ldap:systemA:389" doesn't make sense. If you want just to test if the ldap port is open, then you should just use "ldap" - nothing more. If you want to check if the ldap server is responding to queries, then you must provide a full URL-style LDAP query - see the bb-hosts man-page for details about how to do that. Since you're messing the "ldaplogin", I assume you want to perform the "real" LDAP lookup test. BTW, "ldaplogin" is only needed if your LDAP server requires authentication. Most LDAP servers allow anonymous connections for simple lookups. Regards, Henrik
list Allan Spencer
▸
James Wade wrote:
Henrik, I could really use some help on this one. Can you point me in the right direction? Thanks….James *From:* James Wade [mailto:user-659655b2ea05@xymon.invalid] *Sent:* Tuesday, November 14, 2006 12:10 PM *To:* user-ae9b8668bcde@xymon.invalid *Subject:* [hobbit] LDAP Test I’ve compiled the LDAP test in hobbit, and I’m trying to test the login ability. However, I’m not sure it’s working. All the test status shows me is O.K…. Here’s what’s in my bb-hosts file: 192.168.20.1 systemA # ldaplogin=ldapuser:passwd ldap:systemA:389 Am I missing something here? What’s a good way to test if I’m actually doing a login test of ldap? What does the status normally show? Thanks….James
You should put something to search for on the end of the line eg 192.168.20.1 systemA # ldaplogin=ldapuser:passwd ldap:systemA:389/uid=someuser (from memory its /attr=whatever cant see our working one right now) it will tell you how many results are returned and I think fail if nothing is returned. Also if your ldap DOESNT allow anonymous bind then the fact that the login works I guess is a test in itself Allan
list Allan Spencer
▸
James Wade wrote:
Henrik, I could really use some help on this one. Can you point me in the right direction? Thanks….James *From:* James Wade [mailto:user-659655b2ea05@xymon.invalid] *Sent:* Tuesday, November 14, 2006 12:10 PM *To:* user-ae9b8668bcde@xymon.invalid *Subject:* [hobbit] LDAP Test I’ve compiled the LDAP test in hobbit, and I’m trying to test the login ability. However, I’m not sure it’s working. All the test status shows me is O.K…. Here’s what’s in my bb-hosts file: 192.168.20.1 systemA # ldaplogin=ldapuser:passwd ldap:systemA:389 Am I missing something here? What’s a good way to test if I’m actually doing a login test of ldap? What does the status normally show? Thanks….James
Having some issues with my blacklist system at the moment that stopped
my reply coming back to me
but also forgot just wanted to mention youll probably need to specify a
base dn in your search so should be more like as follows
ldap://127.0.0.1:389/o=company?uid=someperson
just looke at one of ours and it returns as follows. Searching for a
group and doing a login to search (no anonymous allowed)
Wed Nov 15 09:29:39 2006
ldap://192.168.1.218:389/o=connell wagner?cn=CW LMS_ADMIN - OK
Searching LDAP for ldap://192.168.1.218:389/o=connell wagner?cn=CW LMS_ADMIN yields 1 results:
DN: O=Connell Wagner
Seconds: 0.01
list James Wade
Allan, I tried this, but the LDAP test just shows green that everything is O.K. Do you get additional output anywhere showing that it pulled data from the ldap query? James
▸
-----Original Message-----
From: Allan Spencer [mailto:user-42a3456c44ef@xymon.invalid] Sent: Tuesday, November 14, 2006 4:26 PM
To: user-ae9b8668bcde@xymon.invalid
Subject: Re: [hobbit] LDAP Test
James Wade wrote:Henrik, I could really use some help on this one. Can you point me in the right direction? Thanks..James *From:* James Wade [mailto:user-659655b2ea05@xymon.invalid] *Sent:* Tuesday, November 14, 2006 12:10 PM *To:* user-ae9b8668bcde@xymon.invalid *Subject:* [hobbit] LDAP Test I've compiled the LDAP test in hobbit, and I'm trying to test the login ability. However, I'm not sure it's working. All the test status shows me is O.K.. Here's what's in my bb-hosts file: 192.168.20.1 systemA # ldaplogin=ldapuser:passwd ldap:systemA:389 Am I missing something here? What's a good way to test if I'm actually doing a login test of ldap? What does the status normally show? Thanks..James
You should put something to search for on the end of the line eg 192.168.20.1 systemA # ldaplogin=ldapuser:passwd ldap:systemA:389/uid=someuser (from memory its /attr=whatever cant see our working one right now) it will tell you how many results are returned and I think fail if nothing is returned. Also if your ldap DOESNT allow anonymous bind then the fact that the login works I guess is a test in itself Allan
list Henrik Størner
On Tue, Nov 14, 2006 at 04:16:47PM -0600, James Wade wrote:
I've tried this: ldap://systemA:389/ou=my,o=test,st=tx,c=us ldaplogin=ldapuser:passwdd
Do read the man-page. LDAP URL's are notoriously complex beasts; you
would need something like
ldap://systemA:389/ou=my,o=test,st=tx,c=us??sub?(uid=thomsonm)
"sub" is the "scope" of the search and "uid=thomsonm" is the search criteria used to pick a single record from the directory (the "search filter" in LDAP lingo). The exact syntax is:
ldap://hostport/dn[?attrs[?scope[?filter[?exts]]]]
Check for an LDAP service by performing an LDAP request.
This tag is in the form of an LDAP URI (cf. RFC 2255). This type of LDAP test requires that bbtest-net(1) was built with support for LDAP, e.g. via the OpenLDAP library. The components of the LDAP URI are: * hostport is a host name with an optional ":portnumber"
* dn is the search base
* attrs is a comma separated list of attributes to request
* scope is one of these three strings:
base one sub (default=base)
* filter is filter
* exts are recognized set of LDAP and/or API extensions.
Regards,
Henrik
list James Wade
Thanks Henrik, I tried that and it didn't work. I've put several variations in bb-hosts, but ldap, always comes back green saying it's O.K., it never seems to actually go try to do an LDAP test. Is there a manual process I can use to see if it's trying to do the ldap test. One thing is that I originally compiled the program without LDAP support enabled, then went back and re-enabled support and recompiled and installed. Would perhaps something not get changed in the config files that should have? It's as though the bb-hosts entry ignores anything after the ldap:hostname designation. On another note, I tried using another port in the designation: ldap:hostname:3890, another system we have uses different port number for ldap. However, this would not work either. It kept going to port 389 verse 3890, and they don't have an ldap on that port. Thanks for the help...James
▸
-----Original Message-----
From: Henrik Stoerner [mailto:user-ce4a2c883f75@xymon.invalid]
Sent: Tuesday, November 14, 2006 4:42 PM
To: user-ae9b8668bcde@xymon.invalid
Subject: Re: [hobbit] LDAP Test
On Tue, Nov 14, 2006 at 04:16:47PM -0600, James Wade wrote:I've tried this: ldap://systemA:389/ou=my,o=test,st=tx,c=us ldaplogin=ldapuser:passwdd
Do read the man-page. LDAP URL's are notoriously complex beasts; you
would need something like
ldap://systemA:389/ou=my,o=test,st=tx,c=us??sub?(uid=thomsonm)
"sub" is the "scope" of the search and "uid=thomsonm" is the search criteria
used to pick a single record from the directory (the "search filter" in LDAP
lingo). The exact syntax is:
ldap://hostport/dn[?attrs[?scope[?filter[?exts]]]]
Check for an LDAP service by performing an LDAP request.
This tag is in the form of an LDAP URI (cf. RFC 2255).
This type of LDAP test requires that bbtest-net(1) was
built with support for LDAP, e.g. via the OpenLDAP library.
The components of the LDAP URI are:
* hostport is a host name with an optional ":portnumber"
* dn is the search base
* attrs is a comma separated list of attributes to request
* scope is one of these three strings:
base one sub (default=base)
* filter is filter
* exts are recognized set of LDAP and/or API extensions.
Regards,
Henrik
list Henrik Størner
▸
On Tue, Nov 14, 2006 at 05:11:19PM -0600, James Wade wrote:
Is there a manual process I can use to see if it's trying to do the ldap test.
As the hobbit user, run bbcmd bbtest-net --debug HOSTNAME where HOSTNAME is the name you have in bb-hosts for your ldap server. Also, could you please run bbcmd bbhostgrep "ldap*" and let us know what the result is ? And check the ~hobbit/server/logs/bb-network.log file for any errors.
▸
One thing is that I originally compiled the program without LDAP support enabled, then went back and re-enabled support and recompiled and installed. Would perhaps something not get changed in the config files that should have?
No. Regards, Henrik
list Kareem Mattazzi
I need help finding out how Hobbit uses snmp. or how it uses each version.. 1 or 2c and so on. I'm receiving errors on my switch. I believe that hobbit is using the wrong snmp version. I would like to know how I can make it use the correct version.
Thanks.
Try Search Survival Kits: Fix up your home and better handle your cash with Live Search!
list Buchan Milne
▸
On Wednesday 15 November 2006 12:09, Kareem Mattazzi wrote:
I need help finding out how Hobbit uses snmp. or how it uses each version.. 1 or 2c and so on. I'm receiving errors on my switch. I believe that hobbit is using the wrong snmp version. I would like to know how I can make it use the correct version.
Hobbit by itself does not use SNMP. You would need to use an extension script, or separate SNMP collector (eg devmon) that reports to Hobbit. If you have not installed such an extension or collector, it is not related to Hobbit. Regards, Buchan -- Buchan Milne ISP Systems Specialist - Monitoring/Authentication Team Leader B.Eng,RHCE(803004789010797),LPIC-2(LPI000074592)
list James Wade
Henrik,
It doesn't look like it's doing the test at all.
Here's the info you requested:
$ bbcmd bbhostgrep "ldap*"
2006-11-15 11:07:30 Using default environment file
/usr/local/apache/htdocs/hobbit/server/etc/hobbitserver.cfg
192.168.0.206 sau012 # ldap:sau012:389
192.168.0.166 smu004 # ldap:smu004:389
192.168.0.130 smu005 #
ldap:smu005:389/ou=jam,o=wad,st=tx,c=us??sub?(uid=james)
192.168.0.224 smu002 # ldap:smu002:389
192.168.0.226 smu003 # ldap:smu003:389
192.168.0.211 smu005 # ldap:smu005:389
Here's everything with ldap in the debug mode command you gave me below.
BBNETSVCS set to : smtp telnet ftp pop pop3 pop-3 ssh imap ssh1 ssh2 imap2
imap3 imap4 pop2 pop-2 nntp ftps telnets smtps pop3s imaps nntps ldap ldaps
rsync bbd clamd spamd oratns qmtp qmqp vnc cupsd ajp13
2006-11-15 11:06:30 Adding tcp test IP=192.168.0.130, port=389,
service=ldap, silent=0
2006-11-15 11:06:30 Sending results for service ldap
2006-11-15 11:06:30 Adding to combo msg: status smu005.ldap green <!--
[flags:OrdastLe] --> Wed Nov 15 11:06:30 2006 ldap ok
2006-11-15 11:06:30 Sending results for service ldaps
status smu005.ldap green <!-- [flags:OrdastLe] --> Wed Nov 15 11:06:30
2006 ldap ok
▸
-----Original Message-----
From: Henrik Stoerner [mailto:user-ce4a2c883f75@xymon.invalid]
Sent: Wednesday, November 15, 2006 12:32 AM
To: user-ae9b8668bcde@xymon.invalid
Subject: Re: [hobbit] LDAP Test
On Tue, Nov 14, 2006 at 05:11:19PM -0600, James Wade wrote:Is there a manual process I can use to see if it's trying to do the ldap test.
As the hobbit user, run bbcmd bbtest-net --debug HOSTNAME where HOSTNAME is the name you have in bb-hosts for your ldap server. Also, could you please run bbcmd bbhostgrep "ldap*" and let us know what the result is ? And check the ~hobbit/server/logs/bb-network.log file for any errors.
One thing is that I originally compiled the program without LDAP support enabled, then went back and re-enabled support and recompiled and installed. Would perhaps something not get changed in the config files that should have?
No. Regards, Henrik
list Henrik Størner
On Wed, Nov 15, 2006 at 11:25:58AM -0600, James Wade wrote:
192.168.0.130 smu005 # ldap:smu005:389/ou=jam,o=wad,st=tx,c=us??sub?(uid=james)
This is wrong. It should be 192.168.0.130 smu005 # ldap://smu005:389/ou=jam,o=wad,st=tx,c=us??sub?(uid=james) with the double-slashes after the "ldap:..." thing.
192.168.0.211 smu005 # ldap:smu005:389
And you have the same hostname - smu005 - listed twice. With different IP's to boot. That's why I asked you about errors in the bb-network.log file; there is probably a warning in there about this.
192.168.0.166 smu004 # ldap:smu004:389 192.168.0.224 smu002 # ldap:smu002:389 192.168.0.226 smu003 # ldap:smu003:389
These are also invalid syntax. Regards, Henrik
list James Wade
Thanks Henrik, It's fixed... Can't believe I missed the double slashes.... I appreciate it. Sorry about the dual hostname. That was a whitewash typo. I had to whitewash the names and IP addresses from the output. Thanks again, it is working great now.
▸
James
-----Original Message-----
From: Henrik Stoerner [mailto:user-ce4a2c883f75@xymon.invalid]
Sent: Wednesday, November 15, 2006 12:05 PM
To: user-ae9b8668bcde@xymon.invalid
Subject: Re: [hobbit] LDAP Test
On Wed, Nov 15, 2006 at 11:25:58AM -0600, James Wade wrote:192.168.0.130 smu005 # ldap:smu005:389/ou=jam,o=wad,st=tx,c=us??sub?(uid=james)
This is wrong. It should be 192.168.0.130 smu005 # ldap://smu005:389/ou=jam,o=wad,st=tx,c=us??sub?(uid=james) with the double-slashes after the "ldap:..." thing.
192.168.0.211 smu005 # ldap:smu005:389
And you have the same hostname - smu005 - listed twice. With different IP's to boot. That's why I asked you about errors in the bb-network.log file; there is probably a warning in there about this.
192.168.0.166 smu004 # ldap:smu004:389 192.168.0.224 smu002 # ldap:smu002:389 192.168.0.226 smu003 # ldap:smu003:389
These are also invalid syntax. Regards, Henrik
list Kareem Mattazzi
I'm currently using snmpd to report to hobbit and I would like to know if you have any documentation or scripts that can point me in the right direction for changing the versions of SNMP.
Thank you for your assistance.
Kareem
▸
From: Buchan Milne
To: user-ae9b8668bcde@xymon.invalid
CC: "Kareem Mattazzi"
Subject: Re: [hobbit] & SNMP
Date: Wed, 15 Nov 2006 12:17:22 +0200
>On Wednesday 15 November 2006 12:09, Kareem Mattazzi wrote:
> > I need help finding out how Hobbit uses snmp. or how it uses each
> > version.. 1 or 2c and so on. I'm receiving errors on my switch. I believe
> > that hobbit is using the wrong snmp version. I would like to know how I
> > can make it use the correct version.
>
>Hobbit by itself does not use SNMP. You would need to use an extension script,
>or separate SNMP collector (eg devmon) that reports to Hobbit. If you have
>not installed such an extension or collector, it is not related to Hobbit.
>
>Regards,
>Buchan
>
>--
>Buchan Milne
>ISP Systems Specialist - Monitoring/Authentication Team Leader
>B.Eng,RHCE(803004789010797),LPIC-2(LPI000074592)
><< attach3 >>
Talk now to your Hotmail contacts with Windows Live Messenger.