The check_ldap Plugin

check_ldap v2.3git (monitoring-plugins 2.3git)
Copyright (c) 1999 Didi Rieder (
Copyright (c) 2000-2008 Monitoring Plugins Development Team

 check_ldap -H <host> -b <base_dn> [-p <port>] [-a <attr>] [-D <binddn>]
       [-P <password>] [-w <warn_time>] [-c <crit_time>] [-t timeout]
       [-2|-3] [-4|-6]

 -h, --help
    Print detailed help screen
 -V, --version
    Print version information
    Read options from an ini file. See
    for usage and examples.
 -H, --hostname=ADDRESS
    Host name, IP Address, or unix socket (must be an absolute path)
 -p, --port=INTEGER
    Port number (default: 389)
 -4, --use-ipv4
    Use IPv4 connection
 -6, --use-ipv6
    Use IPv6 connection
 -a [--attr]
    ldap attribute to search (default: "(objectclass=*)"
 -b [--base]
    ldap base (eg. ou=my unit, o=my org, c=at
 -D [--bind]
    ldap bind DN (if required)
 -P [--pass]
    ldap password (if required, or set the password through environment variable 'LDAP_PASSWORD')
 -T [--starttls]
    use starttls mechanism introduced in protocol version 3
 -S [--ssl]
    use ldaps (ldap v2 ssl method). this also sets the default port to 636
 -2 [--ver2]
    use ldap protocol version 2
 -3 [--ver3]
    use ldap protocol version 3
    (default protocol version: 2)
 -w, --warning=DOUBLE
    Response time to result in warning status (seconds)
 -c, --critical=DOUBLE
    Response time to result in critical status (seconds)
 -W [--warn-entries]
    Number of found entries to result in warning status
 -C [--crit-entries]
    Number of found entries to result in critical status
 -t, --timeout=INTEGER
    Seconds before connection times out (default: 10)
 -v, --verbose
    Show details for command-line debugging (output may be truncated by
    the monitoring system)

 If this plugin is called via 'check_ldaps', method 'STARTTLS' will be
 implied (using default port 389) unless --port=636 is specified. In that case
 'SSL on connect' will be used no matter how the plugin was called.
 This detection is deprecated, please use 'check_ldap' with the '--starttls' or '--ssl' flags
 to define the behaviour explicitly instead.
 The parameters --warn-entries and --crit-entries are optional.

Send email to if you have questions regarding
use of this software. To submit patches or suggest improvements, send email