summaryrefslogtreecommitdiffstats
path: root/plugins/check_ldap.c
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/check_ldap.c')
-rw-r--r--plugins/check_ldap.c347
1 files changed, 233 insertions, 114 deletions
diff --git a/plugins/check_ldap.c b/plugins/check_ldap.c
index 597644bd..1b2e2826 100644
--- a/plugins/check_ldap.c
+++ b/plugins/check_ldap.c
@@ -27,12 +27,11 @@
27 *****************************************************************************/ 27 *****************************************************************************/
28 28
29/* progname may be check_ldaps */ 29/* progname may be check_ldaps */
30char *progname = "check_ldap"; 30#include "output.h"
31const char *copyright = "2000-2024";
32const char *email = "devel@monitoring-plugins.org";
33
34#include "common.h" 31#include "common.h"
35#include "netutils.h" 32#include "netutils.h"
33#include "perfdata.h"
34#include "thresholds.h"
36#include "utils.h" 35#include "utils.h"
37#include "check_ldap.d/config.h" 36#include "check_ldap.d/config.h"
38 37
@@ -41,6 +40,10 @@ const char *email = "devel@monitoring-plugins.org";
41#define LDAP_DEPRECATED 1 40#define LDAP_DEPRECATED 1
42#include <ldap.h> 41#include <ldap.h>
43 42
43char *progname = "check_ldap";
44const char *copyright = "2000-2024";
45const char *email = "devel@monitoring-plugins.org";
46
44enum { 47enum {
45 DEFAULT_PORT = 389 48 DEFAULT_PORT = 389
46}; 49};
@@ -79,6 +82,10 @@ int main(int argc, char *argv[]) {
79 82
80 const check_ldap_config config = tmp_config.config; 83 const check_ldap_config config = tmp_config.config;
81 84
85 if (config.output_format_is_set) {
86 mp_set_format(config.output_format);
87 }
88
82 /* initialize alarm signal handling */ 89 /* initialize alarm signal handling */
83 signal(SIGALRM, socket_timeout_alarm_handler); 90 signal(SIGALRM, socket_timeout_alarm_handler);
84 91
@@ -89,96 +96,172 @@ int main(int argc, char *argv[]) {
89 struct timeval start_time; 96 struct timeval start_time;
90 gettimeofday(&start_time, NULL); 97 gettimeofday(&start_time, NULL);
91 98
99 mp_check overall = mp_check_init();
100
92 LDAP *ldap_connection; 101 LDAP *ldap_connection;
93 /* initialize ldap */ 102 /* initialize ldap */
103 {
94#ifdef HAVE_LDAP_INIT 104#ifdef HAVE_LDAP_INIT
95 if (!(ldap_connection = ldap_init(config.ld_host, config.ld_port))) { 105 mp_subcheck sc_ldap_init = mp_subcheck_init();
96 printf("Could not connect to the server at port %i\n", config.ld_port); 106 if (!(ldap_connection = ldap_init(config.ld_host, config.ld_port))) {
97 return STATE_CRITICAL; 107 xasprintf(&sc_ldap_init.output, "could not connect to the server at port %i",
98 } 108 config.ld_port);
109 sc_ldap_init = mp_set_subcheck_state(sc_ldap_init, STATE_CRITICAL);
110 mp_add_subcheck_to_check(&overall, sc_ldap_init);
111 mp_exit(overall);
112 } else {
113 xasprintf(&sc_ldap_init.output, "connected to the server at port %i", config.ld_port);
114 sc_ldap_init = mp_set_subcheck_state(sc_ldap_init, STATE_OK);
115 mp_add_subcheck_to_check(&overall, sc_ldap_init);
116 }
99#else 117#else
100 if (!(ld = ldap_open(config.ld_host, config.ld_port))) { 118 mp_subcheck sc_ldap_init = mp_subcheck_init();
101 if (verbose) { 119 if (!(ld = ldap_open(config.ld_host, config.ld_port))) {
102 ldap_perror(ldap_connection, "ldap_open"); 120 if (verbose) {
121 ldap_perror(ldap_connection, "ldap_open");
122 }
123 xasprintf(&sc_ldap_init.output, "Could not connect to the server at port %i"), config.ld_port);
124 sc_ldap_init = mp_set_subcheck_state(sc_ldap_init, STATE_CRITICAL);
125 mp_add_subcheck_to_check(&overall, sc_ldap_init);
126 mp_exit(overall);
127 } else {
128 xasprintf(&sc_ldap_init.output, "connected to the server at port %i", config.ld_port);
129 sc_ldap_init = mp_set_subcheck_state(sc_ldap_init, STATE_OK);
130 mp_add_subcheck_to_check(&overall, sc_ldap_init);
103 } 131 }
104 printf(_("Could not connect to the server at port %i\n"), config.ld_port);
105 return STATE_CRITICAL;
106 }
107#endif /* HAVE_LDAP_INIT */ 132#endif /* HAVE_LDAP_INIT */
133 }
108 134
109#ifdef HAVE_LDAP_SET_OPTION 135#ifdef HAVE_LDAP_SET_OPTION
110 /* set ldap options */ 136 /* set ldap options */
111 if (ldap_set_option(ldap_connection, LDAP_OPT_PROTOCOL_VERSION, &config.ld_protocol) != LDAP_OPT_SUCCESS) { 137 mp_subcheck sc_ldap_set_opts = mp_subcheck_init();
112 printf(_("Could not set protocol version %d\n"), config.ld_protocol); 138 if (ldap_set_option(ldap_connection, LDAP_OPT_PROTOCOL_VERSION, &config.ld_protocol) !=
113 return STATE_CRITICAL; 139 LDAP_OPT_SUCCESS) {
140 xasprintf(&sc_ldap_set_opts.output, "Could not set protocol version %d",
141 config.ld_protocol);
142 sc_ldap_set_opts = mp_set_subcheck_state(sc_ldap_set_opts, STATE_CRITICAL);
143 mp_add_subcheck_to_check(&overall, sc_ldap_set_opts);
144 mp_exit(overall);
145 } else {
146 xasprintf(&sc_ldap_set_opts.output, "set protocol version %d", config.ld_protocol);
147 sc_ldap_set_opts = mp_set_subcheck_state(sc_ldap_set_opts, STATE_OK);
148 mp_add_subcheck_to_check(&overall, sc_ldap_set_opts);
114 } 149 }
115#endif 150#endif
116 151
117 int version = 3; 152 int version = 3;
118 int tls; 153 int tls;
119 if (config.ld_port == LDAPS_PORT || config.ssl_on_connect) { 154 {
155 if (config.ld_port == LDAPS_PORT || config.ssl_on_connect) {
120#if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS) 156#if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS)
121 /* ldaps: set option tls */ 157 /* ldaps: set option tls */
122 tls = LDAP_OPT_X_TLS_HARD; 158 tls = LDAP_OPT_X_TLS_HARD;
123 159
124 if (ldap_set_option(ldap_connection, LDAP_OPT_X_TLS, &tls) != LDAP_SUCCESS) { 160 mp_subcheck sc_ldap_tls_init = mp_subcheck_init();
125 if (verbose) { 161 if (ldap_set_option(ldap_connection, LDAP_OPT_X_TLS, &tls) != LDAP_SUCCESS) {
126 ldap_perror(ldap_connection, "ldaps_option"); 162 if (verbose) {
163 ldap_perror(ldap_connection, "ldaps_option");
164 }
165 xasprintf(&sc_ldap_tls_init.output, "could not init TLS at port %i!",
166 config.ld_port);
167 sc_ldap_tls_init = mp_set_subcheck_state(sc_ldap_tls_init, STATE_CRITICAL);
168 mp_add_subcheck_to_check(&overall, sc_ldap_tls_init);
169 mp_exit(overall);
170 } else {
171 xasprintf(&sc_ldap_tls_init.output, "initiated TLS at port %i!", config.ld_port);
172 sc_ldap_tls_init = mp_set_subcheck_state(sc_ldap_tls_init, STATE_OK);
173 mp_add_subcheck_to_check(&overall, sc_ldap_tls_init);
127 } 174 }
128 printf(_("Could not init TLS at port %i!\n"), config.ld_port);
129 return STATE_CRITICAL;
130 }
131#else 175#else
132 printf(_("TLS not supported by the libraries!\n")); 176 printf(_("TLS not supported by the libraries!\n"));
133 return STATE_CRITICAL; 177 exit(STATE_CRITICAL);
134#endif /* LDAP_OPT_X_TLS */ 178#endif /* LDAP_OPT_X_TLS */
135 } else if (config.starttls) { 179 } else if (config.starttls) {
136#if defined(HAVE_LDAP_SET_OPTION) && defined(HAVE_LDAP_START_TLS_S) 180#if defined(HAVE_LDAP_SET_OPTION) && defined(HAVE_LDAP_START_TLS_S)
137 /* ldap with startTLS: set option version */ 181 /* ldap with startTLS: set option version */
138 if (ldap_get_option(ldap_connection, LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS) { 182 if (ldap_get_option(ldap_connection, LDAP_OPT_PROTOCOL_VERSION, &version) ==
139 if (version < LDAP_VERSION3) { 183 LDAP_OPT_SUCCESS) {
140 version = LDAP_VERSION3; 184 if (version < LDAP_VERSION3) {
141 ldap_set_option(ldap_connection, LDAP_OPT_PROTOCOL_VERSION, &version); 185 version = LDAP_VERSION3;
186 ldap_set_option(ldap_connection, LDAP_OPT_PROTOCOL_VERSION, &version);
187 }
142 } 188 }
143 } 189 /* call start_tls */
144 /* call start_tls */ 190 mp_subcheck sc_ldap_starttls = mp_subcheck_init();
145 if (ldap_start_tls_s(ldap_connection, NULL, NULL) != LDAP_SUCCESS) { 191 if (ldap_start_tls_s(ldap_connection, NULL, NULL) != LDAP_SUCCESS) {
146 if (verbose) { 192 if (verbose) {
147 ldap_perror(ldap_connection, "ldap_start_tls"); 193 ldap_perror(ldap_connection, "ldap_start_tls");
194 }
195 xasprintf(&sc_ldap_starttls.output, "could not init STARTTLS at port %i!",
196 config.ld_port);
197 sc_ldap_starttls = mp_set_subcheck_state(sc_ldap_starttls, STATE_CRITICAL);
198 mp_add_subcheck_to_check(&overall, sc_ldap_starttls);
199 mp_exit(overall);
200 } else {
201 xasprintf(&sc_ldap_starttls.output, "initiated STARTTLS at port %i!",
202 config.ld_port);
203 sc_ldap_starttls = mp_set_subcheck_state(sc_ldap_starttls, STATE_OK);
204 mp_add_subcheck_to_check(&overall, sc_ldap_starttls);
148 } 205 }
149 printf(_("Could not init startTLS at port %i!\n"), config.ld_port);
150 return STATE_CRITICAL;
151 }
152#else 206#else
153 printf(_("startTLS not supported by the library, needs LDAPv3!\n")); 207 printf(_("startTLS not supported by the library, needs LDAPv3!\n"));
154 return STATE_CRITICAL; 208 exit(STATE_CRITICAL);
155#endif /* HAVE_LDAP_START_TLS_S */ 209#endif /* HAVE_LDAP_START_TLS_S */
210 }
156 } 211 }
157 212
158 /* bind to the ldap server */ 213 /* bind to the ldap server */
159 if (ldap_bind_s(ldap_connection, config.ld_binddn, config.ld_passwd, LDAP_AUTH_SIMPLE) != LDAP_SUCCESS) { 214 {
160 if (verbose) { 215 mp_subcheck sc_ldap_bind = mp_subcheck_init();
161 ldap_perror(ldap_connection, "ldap_bind"); 216 int ldap_error =
217 ldap_bind_s(ldap_connection, config.ld_binddn, config.ld_passwd, LDAP_AUTH_SIMPLE);
218 if (ldap_error != LDAP_SUCCESS) {
219 if (verbose) {
220 ldap_perror(ldap_connection, "ldap_bind");
221 }
222
223 xasprintf(&sc_ldap_bind.output, "could not bind to the LDAP server: %s",
224 ldap_err2string(ldap_error));
225 sc_ldap_bind = mp_set_subcheck_state(sc_ldap_bind, STATE_CRITICAL);
226 mp_add_subcheck_to_check(&overall, sc_ldap_bind);
227 mp_exit(overall);
228 } else {
229 xasprintf(&sc_ldap_bind.output, "execute bind to the LDAP server");
230 sc_ldap_bind = mp_set_subcheck_state(sc_ldap_bind, STATE_OK);
231 mp_add_subcheck_to_check(&overall, sc_ldap_bind);
162 } 232 }
163 printf(_("Could not bind to the LDAP server\n"));
164 return STATE_CRITICAL;
165 } 233 }
166 234
167 LDAPMessage *result; 235 LDAPMessage *result;
168 int num_entries = 0;
169 /* do a search of all objectclasses in the base dn */ 236 /* do a search of all objectclasses in the base dn */
170 if (ldap_search_s(ldap_connection, config.ld_base, 237 {
171 (config.crit_entries != NULL || config.warn_entries != NULL) ? LDAP_SCOPE_SUBTREE : LDAP_SCOPE_BASE, config.ld_attr, 238 mp_subcheck sc_ldap_search = mp_subcheck_init();
172 NULL, 0, &result) != LDAP_SUCCESS) { 239 int ldap_error = ldap_search_s(
173 if (verbose) { 240 ldap_connection, config.ld_base,
174 ldap_perror(ldap_connection, "ldap_search"); 241 (config.entries_thresholds.warning_is_set || config.entries_thresholds.critical_is_set)
242 ? LDAP_SCOPE_SUBTREE
243 : LDAP_SCOPE_BASE,
244 config.ld_attr, NULL, 0, &result);
245
246 if (ldap_error != LDAP_SUCCESS) {
247 if (verbose) {
248 ldap_perror(ldap_connection, "ldap_search");
249 }
250 xasprintf(&sc_ldap_search.output, "could not search/find objectclasses in %s: %s",
251 config.ld_base, ldap_err2string(ldap_error));
252 sc_ldap_search = mp_set_subcheck_state(sc_ldap_search, STATE_CRITICAL);
253 mp_add_subcheck_to_check(&overall, sc_ldap_search);
254 mp_exit(overall);
255 } else {
256 xasprintf(&sc_ldap_search.output, "search/find objectclasses in %s", config.ld_base);
257 sc_ldap_search = mp_set_subcheck_state(sc_ldap_search, STATE_OK);
258 mp_add_subcheck_to_check(&overall, sc_ldap_search);
175 } 259 }
176 printf(_("Could not search/find objectclasses in %s\n"), config.ld_base);
177 return STATE_CRITICAL;
178 } 260 }
179 261
180 if (config.crit_entries != NULL || config.warn_entries != NULL) { 262 int num_entries = ldap_count_entries(ldap_connection, result);
181 num_entries = ldap_count_entries(ldap_connection, result); 263 if (verbose) {
264 printf("entries found: %d\n", num_entries);
182 } 265 }
183 266
184 /* unbind from the ldap server */ 267 /* unbind from the ldap server */
@@ -188,48 +271,50 @@ int main(int argc, char *argv[]) {
188 alarm(0); 271 alarm(0);
189 272
190 /* calculate the elapsed time and compare to thresholds */ 273 /* calculate the elapsed time and compare to thresholds */
191
192 long microsec = deltime(start_time); 274 long microsec = deltime(start_time);
193 double elapsed_time = (double)microsec / 1.0e6; 275 double elapsed_time = (double)microsec / 1.0e6;
194 mp_state_enum status = STATE_UNKNOWN; 276 mp_perfdata pd_connection_time = perfdata_init();
195 if (config.crit_time_set && elapsed_time > config.crit_time) { 277 pd_connection_time.label = "time";
196 status = STATE_CRITICAL; 278 pd_connection_time.value = mp_create_pd_value(elapsed_time);
197 } else if (config.warn_time_set && elapsed_time > config.warn_time) { 279 pd_connection_time = mp_pd_set_thresholds(pd_connection_time, config.connection_time_threshold);
198 status = STATE_WARNING;
199 } else {
200 status = STATE_OK;
201 }
202 280
203 if (config.entries_thresholds != NULL) { 281 mp_subcheck sc_connection_time = mp_subcheck_init();
204 if (verbose) { 282 mp_add_perfdata_to_subcheck(&sc_connection_time, pd_connection_time);
205 printf("entries found: %d\n", num_entries); 283
206 print_thresholds("entry thresholds", config.entries_thresholds); 284 mp_state_enum connection_time_state = mp_get_pd_status(pd_connection_time);
207 } 285 sc_connection_time = mp_set_subcheck_state(sc_connection_time, connection_time_state);
208 mp_state_enum status_entries = get_status(num_entries, config.entries_thresholds);
209 if (status_entries == STATE_CRITICAL) {
210 status = STATE_CRITICAL;
211 } else if (status != STATE_CRITICAL) {
212 status = status_entries;
213 }
214 }
215 286
216 /* print out the result */ 287 if (connection_time_state == STATE_OK) {
217 if (config.crit_entries != NULL || config.warn_entries != NULL) { 288 xasprintf(&sc_connection_time.output, "connection time %.3fs is within thresholds",
218 printf(_("LDAP %s - found %d entries in %.3f seconds|%s %s\n"), state_text(status), num_entries, elapsed_time, 289 elapsed_time);
219 fperfdata("time", elapsed_time, "s", config.warn_time_set, config.warn_time, config.crit_time_set, config.crit_time, true, 0,
220 false, 0),
221 sperfdata("entries", (double)num_entries, "", config.warn_entries, config.crit_entries, true, 0.0, false, 0.0));
222 } else { 290 } else {
223 printf(_("LDAP %s - %.3f seconds response time|%s\n"), state_text(status), elapsed_time, 291 xasprintf(&sc_connection_time.output, "connection time %.3fs is violating thresholds",
224 fperfdata("time", elapsed_time, "s", config.warn_time_set, config.warn_time, config.crit_time_set, config.crit_time, true, 0, 292 elapsed_time);
225 false, 0));
226 } 293 }
227 294
228 exit(status); 295 mp_add_subcheck_to_check(&overall, sc_connection_time);
296
297 mp_perfdata pd_num_entries = perfdata_init();
298 pd_num_entries.label = "entries";
299 pd_num_entries.value = mp_create_pd_value(num_entries);
300 pd_num_entries = mp_pd_set_thresholds(pd_num_entries, config.entries_thresholds);
301
302 mp_subcheck sc_num_entries = mp_subcheck_init();
303 mp_add_perfdata_to_subcheck(&sc_num_entries, pd_num_entries);
304 xasprintf(&sc_num_entries.output, "found %d entries", num_entries);
305 sc_num_entries = mp_set_subcheck_state(sc_num_entries, mp_get_pd_status(pd_num_entries));
306
307 mp_add_subcheck_to_check(&overall, sc_num_entries);
308
309 mp_exit(overall);
229} 310}
230 311
231/* process command-line arguments */ 312/* process command-line arguments */
232check_ldap_config_wrapper process_arguments(int argc, char **argv) { 313check_ldap_config_wrapper process_arguments(int argc, char **argv) {
314 enum {
315 output_format_index = CHAR_MAX + 1,
316 };
317
233 /* initialize the long option struct */ 318 /* initialize the long option struct */
234 static struct option longopts[] = {{"help", no_argument, 0, 'h'}, 319 static struct option longopts[] = {{"help", no_argument, 0, 'h'},
235 {"version", no_argument, 0, 'V'}, 320 {"version", no_argument, 0, 'V'},
@@ -253,6 +338,7 @@ check_ldap_config_wrapper process_arguments(int argc, char **argv) {
253 {"warn-entries", required_argument, 0, 'W'}, 338 {"warn-entries", required_argument, 0, 'W'},
254 {"crit-entries", required_argument, 0, 'C'}, 339 {"crit-entries", required_argument, 0, 'C'},
255 {"verbose", no_argument, 0, 'v'}, 340 {"verbose", no_argument, 0, 'v'},
341 {"output-format", required_argument, 0, output_format_index},
256 {0, 0, 0, 0}}; 342 {0, 0, 0, 0}};
257 343
258 check_ldap_config_wrapper result = { 344 check_ldap_config_wrapper result = {
@@ -273,7 +359,8 @@ check_ldap_config_wrapper process_arguments(int argc, char **argv) {
273 359
274 int option = 0; 360 int option = 0;
275 while (true) { 361 while (true) {
276 int option_index = getopt_long(argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:C:W:", longopts, &option); 362 int option_index =
363 getopt_long(argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:C:W:", longopts, &option);
277 364
278 if (option_index == -1 || option_index == EOF) { 365 if (option_index == -1 || option_index == EOF) {
279 break; 366 break;
@@ -311,20 +398,38 @@ check_ldap_config_wrapper process_arguments(int argc, char **argv) {
311 case 'P': 398 case 'P':
312 result.config.ld_passwd = optarg; 399 result.config.ld_passwd = optarg;
313 break; 400 break;
314 case 'w': 401 case 'w': {
315 result.config.warn_time_set = true; 402 mp_range_parsed tmp = mp_parse_range_string(optarg);
316 result.config.warn_time = strtod(optarg, NULL); 403 if (tmp.error != MP_PARSING_SUCCES) {
317 break; 404 die(STATE_UNKNOWN, "failed to parse warning connection time threshold");
318 case 'c': 405 }
319 result.config.crit_time_set = true; 406 result.config.connection_time_threshold =
320 result.config.crit_time = strtod(optarg, NULL); 407 mp_thresholds_set_warn(result.config.connection_time_threshold, tmp.range);
321 break; 408 } break;
322 case 'W': 409 case 'c': {
323 result.config.warn_entries = optarg; 410 mp_range_parsed tmp = mp_parse_range_string(optarg);
324 break; 411 if (tmp.error != MP_PARSING_SUCCES) {
325 case 'C': 412 die(STATE_UNKNOWN, "failed to parse critical connection time threshold");
326 result.config.crit_entries = optarg; 413 }
327 break; 414 result.config.connection_time_threshold =
415 mp_thresholds_set_crit(result.config.connection_time_threshold, tmp.range);
416 } break;
417 case 'W': {
418 mp_range_parsed tmp = mp_parse_range_string(optarg);
419 if (tmp.error != MP_PARSING_SUCCES) {
420 die(STATE_UNKNOWN, "failed to parse number of entries warning threshold");
421 }
422 result.config.entries_thresholds =
423 mp_thresholds_set_warn(result.config.entries_thresholds, tmp.range);
424 } break;
425 case 'C': {
426 mp_range_parsed tmp = mp_parse_range_string(optarg);
427 if (tmp.error != MP_PARSING_SUCCES) {
428 die(STATE_UNKNOWN, "failed to parse number of entries critical threshold");
429 }
430 result.config.entries_thresholds =
431 mp_thresholds_set_crit(result.config.entries_thresholds, tmp.range);
432 } break;
328#ifdef HAVE_LDAP_SET_OPTION 433#ifdef HAVE_LDAP_SET_OPTION
329 case '2': 434 case '2':
330 result.config.ld_protocol = 2; 435 result.config.ld_protocol = 2;
@@ -363,6 +468,18 @@ check_ldap_config_wrapper process_arguments(int argc, char **argv) {
363 usage(_("IPv6 support not available\n")); 468 usage(_("IPv6 support not available\n"));
364#endif 469#endif
365 break; 470 break;
471 case output_format_index: {
472 parsed_output_format parser = mp_parse_output_format(optarg);
473 if (!parser.parsing_success) {
474 // TODO List all available formats here, maybe add anothoer usage function
475 printf("Invalid output format: %s\n", optarg);
476 exit(STATE_UNKNOWN);
477 }
478
479 result.config.output_format_is_set = true;
480 result.config.output_format = parser.output_format;
481 break;
482 }
366 default: 483 default:
367 usage5(); 484 usage5();
368 } 485 }
@@ -381,7 +498,8 @@ check_ldap_config_wrapper process_arguments(int argc, char **argv) {
381 result.config.ld_port = DEFAULT_PORT; 498 result.config.ld_port = DEFAULT_PORT;
382 } 499 }
383 500
384 if (strstr(argv[0], "check_ldaps") && !result.config.starttls && !result.config.ssl_on_connect) { 501 if (strstr(argv[0], "check_ldaps") && !result.config.starttls &&
502 !result.config.ssl_on_connect) {
385 result.config.starttls = true; 503 result.config.starttls = true;
386 } 504 }
387 505
@@ -397,10 +515,6 @@ check_ldap_config_wrapper validate_arguments(check_ldap_config_wrapper config_wr
397 usage4(_("Please specify the LDAP base\n")); 515 usage4(_("Please specify the LDAP base\n"));
398 } 516 }
399 517
400 if (config_wrapper.config.crit_entries != NULL || config_wrapper.config.warn_entries != NULL) {
401 set_thresholds(&config_wrapper.config.entries_thresholds, config_wrapper.config.warn_entries, config_wrapper.config.crit_entries);
402 }
403
404 if (config_wrapper.config.ld_passwd == NULL) { 518 if (config_wrapper.config.ld_passwd == NULL) {
405 config_wrapper.config.ld_passwd = getenv("LDAP_PASSWORD"); 519 config_wrapper.config.ld_passwd = getenv("LDAP_PASSWORD");
406 } 520 }
@@ -435,11 +549,13 @@ void print_help(void) {
435 printf(" %s\n", "-D [--bind]"); 549 printf(" %s\n", "-D [--bind]");
436 printf(" %s\n", _("ldap bind DN (if required)")); 550 printf(" %s\n", _("ldap bind DN (if required)"));
437 printf(" %s\n", "-P [--pass]"); 551 printf(" %s\n", "-P [--pass]");
438 printf(" %s\n", _("ldap password (if required, or set the password through environment variable 'LDAP_PASSWORD')")); 552 printf(" %s\n", _("ldap password (if required, or set the password through environment "
553 "variable 'LDAP_PASSWORD')"));
439 printf(" %s\n", "-T [--starttls]"); 554 printf(" %s\n", "-T [--starttls]");
440 printf(" %s\n", _("use starttls mechanism introduced in protocol version 3")); 555 printf(" %s\n", _("use starttls mechanism introduced in protocol version 3"));
441 printf(" %s\n", "-S [--ssl]"); 556 printf(" %s\n", "-S [--ssl]");
442 printf(" %s %i\n", _("use ldaps (ldap v2 ssl method). this also sets the default port to"), LDAPS_PORT); 557 printf(" %s %i\n", _("use ldaps (ldap v2 ssl method). this also sets the default port to"),
558 LDAPS_PORT);
443 559
444#ifdef HAVE_LDAP_SET_OPTION 560#ifdef HAVE_LDAP_SET_OPTION
445 printf(" %s\n", "-2 [--ver2]"); 561 printf(" %s\n", "-2 [--ver2]");
@@ -459,13 +575,16 @@ void print_help(void) {
459 printf(UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT); 575 printf(UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
460 576
461 printf(UT_VERBOSE); 577 printf(UT_VERBOSE);
578 printf(UT_OUTPUT_FORMAT);
462 579
463 printf("\n"); 580 printf("\n");
464 printf("%s\n", _("Notes:")); 581 printf("%s\n", _("Notes:"));
465 printf(" %s\n", _("If this plugin is called via 'check_ldaps', method 'STARTTLS' will be")); 582 printf(" %s\n", _("If this plugin is called via 'check_ldaps', method 'STARTTLS' will be"));
466 printf(_(" implied (using default port %i) unless --port=636 is specified. In that case\n"), DEFAULT_PORT); 583 printf(_(" implied (using default port %i) unless --port=636 is specified. In that case\n"),
584 DEFAULT_PORT);
467 printf(" %s\n", _("'SSL on connect' will be used no matter how the plugin was called.")); 585 printf(" %s\n", _("'SSL on connect' will be used no matter how the plugin was called."));
468 printf(" %s\n", _("This detection is deprecated, please use 'check_ldap' with the '--starttls' or '--ssl' flags")); 586 printf(" %s\n", _("This detection is deprecated, please use 'check_ldap' with the '--starttls' "
587 "or '--ssl' flags"));
469 printf(" %s\n", _("to define the behaviour explicitly instead.")); 588 printf(" %s\n", _("to define the behaviour explicitly instead."));
470 printf(" %s\n", _("The parameters --warn-entries and --crit-entries are optional.")); 589 printf(" %s\n", _("The parameters --warn-entries and --crit-entries are optional."));
471 590