Xymon Mailing List Archive search

setting up ldaps

2 messages in this thread

list Robert P McGraw · Thu, 7 Feb 2008 15:45:08 -0500 · 
I want to monitor our ldaps servers and also want to get the ssl certificate
notification.

In the bb.host file I have set the following.

	ldap://ldaphost.math.purdue.edu/ - returns green
	ldaps://ldaphost.math.purdue.edu/ - returns failed

I am trying to track down why ldaps is failing. 

I have looked in the hobbit log files and do not see any error messages.

Where can I find the command that is used to poll the secure port for
ldaphost? I want to manually try this and see what is returned.

Thanks

Robert


Robert P. McGraw, Jr.
Manager, Computer System                    EMAIL: user-33cf07af04dd@xymon.invalid
Purdue University                            ROOM: MATH-807
Department of Mathematics                   PHONE: (XXX) XXX-XXXX
XXX N. University Street                      
West Lafayette, IN XXXXX-XXXX
list Henrik Størner · Thu, 7 Feb 2008 21:59:12 +0100 ·
quoted from Robert P McGraw
On Thu, Feb 07, 2008 at 03:45:08PM -0500, McGraw, Robert P wrote:
I want to monitor our ldaps servers and also want to get the ssl certificate
notification.

In the bb.host file I have set the following.

	ldap://ldaphost.math.purdue.edu/ - returns green
	ldaps://ldaphost.math.purdue.edu/ - returns failed

I am trying to track down why ldaps is failing. 
SSL-encrypted ldap - ldaps - is rather non-standard, there are at least
two different implementations of it.

If your ldaps service has a specific port assigned to it - different
from the normal un-encrypted ldap service - then you can just use
"ldaps" (no URI behind it) to check the SSL certificate and that the
port is open. With the ldap URI Hobbit uses the OpenLDAP method (really
the "starttls" LDAP protocol method) - unfortunately, this method hides
the LDAP server certificate so it cannot be checked.


Regards,
Henrik