Well, you could argue that if network connectivity is preventing auth, you're going to have a lot bigger problems that figuring out if one host can't see "gloryland" from the back warehouse at the shipping dock. The CEO won't be logging in, and will be sitting on your desk.
The only time I think it'd be helpful in our situation would be if I had multiple network segments authenticating into a central zone that is part of a VLAN with everything else, thus just asking for potential auth problems.
You start authenticating across network boundaries or VLANs, you're just asking for trouble.
--j
On Apr 28, 2010, at 8:06 AM, David Morgan wrote:
See all the fun stuff one can do with Xymon?
Jerald Sheets wrote:
Yeah, that's it's usage.
So, I guess from time to time the clients have issues hitting the server?
Never thought to test in that direction.--j
On Apr 28, 2010, at 7:49 AM, David Morgan wrote:
We wanted to test the connectivity from the LDAP clients (running a xymon agent) to the LDAP server and report their connectivity status.
It appears (at least from what I read) that the LDAP module is a test from the Hobbit/XYmon Server to the LDAP server.
Dave
Jerald Sheets wrote:
Hobbit has a built in LDAP test if I remember correctly. Was it not serving your needs?
--jms
On Apr 27, 2010, at 3:55 PM, David Morgan wrote:
We have a custom client side script that we wrote to test ldap connectivity (See below)
% cat getent.sh
#!/bin/sh
COLUMN=ldap-con # Does the server have an LDAP conection COLOR=green # By default, everything is OK MSG="LDAP Connectivity Check"
TESTVAL=
/usr/bin/getent group admins | wc -lDo whatever you need to test for something
As an example, go red if /tmp/badstuff exists.
if [ $TESTVAL -eq 0 ] then COLOR=red MSG="${MSG}
LDAP Configureation and Connectivity is BORKED UP " else MSG="${MSG}
LDAP Configureation and Connectivity is OK " fi
Tell Hobbit about it
$BB $BBDISP "status $MACHINE.$COLUMN $COLOR
date${MSG} "
exit 0
And the following is our clientlocal.sh portion for this script:
LDAP Check - This command makes sure that this box is connected to
the MGS LDAP Server [ldap-con] ENVFILE $HOBBITCLIENTHOME/etc/hobbitclient.cfg CMD $HOBBITCLIENTHOME/ext/getent.sh LOGFILE $HOBBITCLIENTHOME/logs/ldap.log INTERVAL 4h
As can be seen, we have it running every 4 hours. The status check should be green, however, it goes to purple. Is there a way (and where/how) to change the default timeout for this, as I think the 4 hour time is making it puke.
Both these scripts are on the client side.
-- David S. Morgan CISSP, CCNP aka: captkras at gmail.com
"When the Winds of Change Blow Hard Enough, the Most trivial of things can turn into deadly projectiles"
To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk
To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk
To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk
To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk
To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk