Univention Bugzilla – Bug 27043
Nagios-Check für LDAP ermittelt IP per Host
Last modified: 2016-09-22 13:58:24 CEST
Aufgefallen an Ticket #2012050821001217: Der Nagios-Check "check_univention_ldap" ermittelt folgendermaßen die IP des Hosts: IP="$(LC_ALL=C host "$hostname"|head -n1|LC_ALL=C cut -d' ' -f4)" Das ist mindestens im Fehlerfall unschön. Wenn beispielsweise die Namensauflösung nicht funktioniert, ist die "IP" hier aufgrund der Fehlermeldung aus host "found:". Die entsprechende Nagios-Meldung lautet dann: "Could not connect to the server at port 7389" Eventuell könnte das Determinieren der IP auch direkt eleganter gelöst werden. Alternativ sollte das abgefangen und entsprechend gemeldet werden.
This is quite annoying if UDP doesn't work for name resolution. The 'host' command then trys TCP instead (which is good), but this lets UNIVENTION_LDAP_AUTH (check_univention_ldap) fail: > root@ucs2:~# host ucs2 > ;; Truncated, retrying in TCP mode. > ucs2.fqdn.tld has address 172.16.0.12 In this case the variable "IP" of "check_univention_ldap" becomes "in": > /usr/lib/nagios/plugins/check_ldap -H in ... > Could not bind to the LDAP server
(In reply to Michael Grandjean from comment #1) > > root@ucs2:~# host ucs2 > > ;; Truncated, retrying in TCP mode. > > ucs2.fqdn.tld has address 172.16.0.12 > > In this case the variable "IP" of "check_univention_ldap" becomes "in": > > > /usr/lib/nagios/plugins/check_ldap -H in ... > > Could not bind to the LDAP server Customer reported that one again via 2015043021000217.
Still true for UCS 4.0
YAML: 2015-06-25-univention-nagios.yaml check_univention_ldap now uses the FQDN of the server for the check. Every UCS system has its own ip/name in /etc/hosts. So, dns issues should ruled out.
(In reply to Felix Botner from comment #4) > YAML: 2015-06-25-univention-nagios.yaml Please change it to 4.0-2 only.
OK: r61489 FYI: Missing `uniupdatecopyright` OK: aptitude -y install '?source-package(^univention-nagios$)~i' OK: zless /usr/share/doc/univention-nagios-common/changelog.Debian.gz OK: /usr/lib/nagios/plugins/check_univention_ldap OK: sevice bind9 stop;/usr/lib/nagios/plugins/check_univention_ldap OK: amd64 i386 (In reply to Stefan Gohmann from comment #5) > Please change it to 4.0-2 only. FIXED: 2015-06-25-univention-nagios.yaml r61586 OK: errata-announce -V 2015-06-25-univention-nagios.yaml RFC: # apt-cache rdepends univention-nagios-client ... univention-server-member Should "ldap/server/name" be checked instead of "hostname", as a Member-Server has no local LDAP server? FYI: The check is currenly only enabled for DCs: 30univention-nagios-client.inst:102 # add ldap check only on role "domaincontroler_*"
<http://errata.univention.de/ucs/4.0/226.html>