[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Shell script to monitor LDAP server



http://www.tildeslash.com/monit/

Alexandre Vieira schrieb:
Hello all,

I have a Solaris 10 system that queries a clients openldap server to deliver a certain service and the client is complaining that my system sometimes denies services to clients. Well my system only denies service to clients if the openldap system from the customer fails to answer.

In this sense I tried to write a script to monitor the openldap server and its responsiveness but ldapsearch client in Solaris 10 doesn't work as I expected :(

For example, all ok:

bash# ldapsearch -v -b '' -s base -h 192.168.1.102:7323 <http://192.168.1.102:7323> 'objectclass=top' namingContexts
ldapsearch: started Fri Jun 13 01:51:53 2008


ldap_init( 192.168.1.102:7323 <http://192.168.1.102:7323>, 389 )
filter pattern: objectclass=top
returning: namingContexts
filter is: (objectclass=top)
version: 1
dn:
namingContexts: nodeName=XXXXX
1 matches


Now imagine that the ldap server goes down:

bash# ldapsearch -v -b '' -s base -h 192.168.1.102:7323 <http://192.168.1.102:7323> 'objectclass=top' namingContexts
ldapsearch: started Fri Jun 13 02:11:04 2008


ldap_init( 192.168.1.102:7323 <http://192.168.1.102:7323>, 389 )
filter pattern: objectclass=top
returning: namingContexts
filter is: (objectclass=top)
ldap_search: Can't connect to the LDAP server - Connection refused

Now imagine that the machine hosting LDAP goes down or a problem somewhere in the network occurs or a firewall blocks traffic (timeout):

bash# ldapsearch -v -b '' -s base -h 192.168.1.102:7323 <http://192.168.1.102:7323> 'objectclass=top' namingContexts
ldapsearch: started Fri Jun 13 02:11:04 2008


ldap_init( 192.168.1.102:7323 <http://192.168.1.102:7323>, 389 )
filter pattern: objectclass=top
returning: namingContexts
filter is: (objectclass=top)

And it just stays here forever. The -l flag only works after the search is initiated server side. There isn't a switch for a connection timeout limit. With this behaviour I can't test this as I imagined.

Maybe some of you already have a monitoring script?

Thanks in advance for any tip!

PS: The script I wrote initially:

##############################################################
#!/bin/bash
LDAP_HOST=127.0.0.1:10000 <http://127.0.0.1:10000>
POOLING_INTERVAL=5
LOGFILE=/var/log/ldap_watchdog.log

#

echo "Watchdog started at `date`" >> $LOGFILE

while `/bin/true`; do
ldapsearch -v -b '' -s base -h $LDAP_HOST 'objectclass=top' namingContexts
if [ $? -ne 0 ]; then
echo "`date`: Could not establish connection to LDAP server" >> $LOGFILE
fi
sleep $POOLING_INTERVAL
done


##############################################################

Alexandre Vieira - nullpt@gmail.com <mailto:nullpt@gmail.com>

____________ Virus checked by G DATA AntiVirusKit Version: AVK 18.4111 from 12.06.2008 Virus news: www.antiviruslab.com