The nagios check "check_ldap" provided the "-y" password_file option, which has been removed upstream. Instead a environment variable LDAP_PASSWORD can be used. We have to adjust /usr/lib/nagios/plugins/check_univention_ldap so that the environment variable is used instead.
22_nagios/07suidwrapper shows the error (already in UCS 5.1): [2023-09-20 02:45:48.765303] /usr/lib/nagios/plugins/check_univention_ldap_suidwrapper (2023-09-20 02:45:49.076824) /usr/lib/nagios/plugins/check_ldap: invalid option -- 'y' [2023-09-20 02:45:49.076948] Usage: [2023-09-20 02:45:49.076958] check_ldap -H <host> -b <base_dn> [-p <port>] [-a <attr>] [-D <binddn>] [2023-09-20 02:45:49.076962] [-P <password>] [-w <warn_time>] [-c <crit_time>] [-t timeout] [2023-09-20 02:45:49.076967] [-2|-3] [-4|-6] [2023-09-20 02:45:49.077905] /usr/lib/nagios/plugins/check_univention_nscd_suidwrapper
Actually "-y" was added by a patch of ourself to check_ldap. Nevertheless since UCS 5.2 the LDAP_PASSWORD environment is available, so we prefer this. In UCS 5.1 we still use the patch with "-y password".
[preview/5.2-0] d4d0ab0f72 fix(nagios): nagios check_ldap -y has been replaced with LDAP_PASSWORD environment variable monitoring/univention-nagios/usr/lib/nagios/plugins/check_univention_ldap | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) debian/changelog: * Bug #56580: Pass LDAP credentials via environment variable doc/changelog/index.rst * LDAP credentials are now passes via the environment variable :envvar:`LDAP_PASSWORD` instead of using the deprecated option ``-y`` (:uv:bug:`56580`).
univention-nagios (15.0.2) b46f9eda1064 | fix(nagios): nagios check_ldap -y has been replaced with LDAP_PASSWORD environment variable