summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--plugins/check_ldap.c69
1 files changed, 60 insertions, 9 deletions
diff --git a/plugins/check_ldap.c b/plugins/check_ldap.c
index c371be9..1c09dfa 100644
--- a/plugins/check_ldap.c
+++ b/plugins/check_ldap.c
@@ -67,7 +67,10 @@ int ld_protocol = DEFAULT_PROTOCOL;
67#endif 67#endif
68double warn_time = UNDEFINED; 68double warn_time = UNDEFINED;
69double crit_time = UNDEFINED; 69double crit_time = UNDEFINED;
70thresholds *entries_thresholds = NULL;
70struct timeval tv; 71struct timeval tv;
72char* warn_entries = NULL;
73char* crit_entries = NULL;
71int starttls = FALSE; 74int starttls = FALSE;
72int ssl_on_connect = FALSE; 75int ssl_on_connect = FALSE;
73int verbose = 0; 76int verbose = 0;
@@ -94,6 +97,12 @@ main (int argc, char *argv[])
94 int tls; 97 int tls;
95 int version=3; 98 int version=3;
96 99
100 /* for entry counting */
101
102 LDAPMessage *next_entry;
103 int status_entries = STATE_OK;
104 int num_entries = 0;
105
97 setlocale (LC_ALL, ""); 106 setlocale (LC_ALL, "");
98 bindtextdomain (PACKAGE, LOCALEDIR); 107 bindtextdomain (PACKAGE, LOCALEDIR);
99 textdomain (PACKAGE); 108 textdomain (PACKAGE);
@@ -197,12 +206,14 @@ main (int argc, char *argv[])
197 } 206 }
198 207
199 /* do a search of all objectclasses in the base dn */ 208 /* do a search of all objectclasses in the base dn */
200 if (ldap_search_s (ld, ld_base, LDAP_SCOPE_BASE, ld_attr, NULL, 0, &result) 209 if (ldap_search_s (ld, ld_base, (crit_entries!=NULL || warn_entries!=NULL) ? LDAP_SCOPE_SUBTREE : LDAP_SCOPE_BASE, ld_attr, NULL, 0, &result)
201 != LDAP_SUCCESS) { 210 != LDAP_SUCCESS) {
202 if (verbose) 211 if (verbose)
203 ldap_perror(ld, "ldap_search"); 212 ldap_perror(ld, "ldap_search");
204 printf (_("Could not search/find objectclasses in %s\n"), ld_base); 213 printf (_("Could not search/find objectclasses in %s\n"), ld_base);
205 return STATE_CRITICAL; 214 return STATE_CRITICAL;
215 } else if (crit_entries!=NULL || warn_entries!=NULL) {
216 num_entries = ldap_count_entries(ld, result);
206 } 217 }
207 218
208 /* unbind from the ldap server */ 219 /* unbind from the ldap server */
@@ -223,14 +234,36 @@ main (int argc, char *argv[])
223 else 234 else
224 status = STATE_OK; 235 status = STATE_OK;
225 236
237 status_entries = get_status(num_entries, entries_thresholds);
238 if (status_entries == STATE_CRITICAL) {
239 status = STATE_CRITICAL;
240 } else if (status!=STATE_CRITICAL) {
241 status = STATE_WARNING;
242 }
243
226 /* print out the result */ 244 /* print out the result */
227 printf (_("LDAP %s - %.3f seconds response time|%s\n"), 245 if (crit_entries!=NULL || warn_entries!=NULL) {
228 state_text (status), 246 printf (_("LDAP %s - found %d entries in %.3f seconds|%s %s\n"),
229 elapsed_time, 247 state_text (status),
230 fperfdata ("time", elapsed_time, "s", 248 num_entries,
231 (int)warn_time, warn_time, 249 elapsed_time,
232 (int)crit_time, crit_time, 250 fperfdata ("time", elapsed_time, "s",
233 TRUE, 0, FALSE, 0)); 251 (int)warn_time, warn_time,
252 (int)crit_time, crit_time,
253 TRUE, 0, FALSE, 0),
254 sperfdata ("entries", (double)num_entries, "",
255 warn_entries,
256 crit_entries,
257 TRUE, 0.0, FALSE, 0.0));
258 } else {
259 printf (_("LDAP %s - %.3f seconds response time|%s\n"),
260 state_text (status),
261 elapsed_time,
262 fperfdata ("time", elapsed_time, "s",
263 (int)warn_time, warn_time,
264 (int)crit_time, crit_time,
265 TRUE, 0, FALSE, 0));
266 }
234 267
235 return status; 268 return status;
236} 269}
@@ -263,6 +296,8 @@ process_arguments (int argc, char **argv)
263 {"port", required_argument, 0, 'p'}, 296 {"port", required_argument, 0, 'p'},
264 {"warn", required_argument, 0, 'w'}, 297 {"warn", required_argument, 0, 'w'},
265 {"crit", required_argument, 0, 'c'}, 298 {"crit", required_argument, 0, 'c'},
299 {"warn-entries", required_argument, 0, 'W'},
300 {"crit-entries", required_argument, 0, 'C'},
266 {"verbose", no_argument, 0, 'v'}, 301 {"verbose", no_argument, 0, 'v'},
267 {0, 0, 0, 0} 302 {0, 0, 0, 0}
268 }; 303 };
@@ -276,7 +311,7 @@ process_arguments (int argc, char **argv)
276 } 311 }
277 312
278 while (1) { 313 while (1) {
279 c = getopt_long (argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:", longopts, &option); 314 c = getopt_long (argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:C:W:", longopts, &option);
280 315
281 if (c == -1 || c == EOF) 316 if (c == -1 || c == EOF)
282 break; 317 break;
@@ -318,6 +353,12 @@ process_arguments (int argc, char **argv)
318 case 'c': 353 case 'c':
319 crit_time = strtod (optarg, NULL); 354 crit_time = strtod (optarg, NULL);
320 break; 355 break;
356 case 'W':
357 warn_entries = optarg;
358 break;
359 case 'C':
360 crit_entries = optarg;
361 break;
321#ifdef HAVE_LDAP_SET_OPTION 362#ifdef HAVE_LDAP_SET_OPTION
322 case '2': 363 case '2':
323 ld_protocol = 2; 364 ld_protocol = 2;
@@ -381,6 +422,10 @@ validate_arguments ()
381 if (ld_base==NULL) 422 if (ld_base==NULL)
382 usage4 (_("Please specify the LDAP base\n")); 423 usage4 (_("Please specify the LDAP base\n"));
383 424
425 if (crit_entries!=NULL || warn_entries!=NULL) {
426 set_thresholds(&entries_thresholds,
427 warn_entries, crit_entries);
428 }
384 return OK; 429 return OK;
385} 430}
386 431
@@ -430,6 +475,11 @@ print_help (void)
430 475
431 printf (UT_WARN_CRIT); 476 printf (UT_WARN_CRIT);
432 477
478 printf (" %s\n", "-W [--warn-entries]");
479 printf (" %s\n", _("Number of found entries to result in warning status"));
480 printf (" %s\n", "-W [--crit-entries]");
481 printf (" %s\n", _("Number of found entries to result in critical status"));
482
433 printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT); 483 printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
434 484
435 printf (UT_VERBOSE); 485 printf (UT_VERBOSE);
@@ -441,6 +491,7 @@ print_help (void)
441 printf (" %s\n", _("'SSL on connect' will be used no matter how the plugin was called.")); 491 printf (" %s\n", _("'SSL on connect' will be used no matter how the plugin was called."));
442 printf (" %s\n", _("This detection is deprecated, please use 'check_ldap' with the '--starttls' or '--ssl' flags")); 492 printf (" %s\n", _("This detection is deprecated, please use 'check_ldap' with the '--starttls' or '--ssl' flags"));
443 printf (" %s\n", _("to define the behaviour explicitly instead.")); 493 printf (" %s\n", _("to define the behaviour explicitly instead."));
494 printf (" %s\n", _("The parameters --warn-entries and --crit-entries are optional."));
444 495
445 printf (UT_SUPPORT); 496 printf (UT_SUPPORT);
446} 497}