1 files changed, 66 insertions, 1 deletions
diff --git a/plugins/check_ldap.c b/plugins/check_ldap.c
index e77ad308..29bc01b2 100644
--- a/plugins/check_ldap.c
+++ b/plugins/check_ldap.c
@@ -57,6 +57,10 @@ double warn_time = UNDEFINED;
 double crit_time = UNDEFINED;
 struct timeval tv;
+/* for ldap tls */
+char *SERVICE = "LDAP";
 int
 main (int argc, char *argv[])
 {
@@ -69,11 +73,20 @@ main (int argc, char *argv[])
        int status = STATE_UNKNOWN;
        long microsec;
        double elapsed_time;
+        
+        /* for ldap tls */
+        
+        int tls; 
+        int version=3;
        setlocale (LC_ALL, "");
        bindtextdomain (PACKAGE, LOCALEDIR);
        textdomain (PACKAGE);
+        if (strstr(argv[0],"check_ldaps")) {
+      asprintf (&progname, "check_ldaps");
+        }
+        
        if (process_arguments (argc, argv) == ERROR)
                usage4 (_("Could not parse arguments"));
@@ -87,12 +100,19 @@ main (int argc, char *argv[])
        gettimeofday (&tv, NULL);
        /* initialize ldap */
+#ifdef HAVE_LDAP_INIT
+        if (!(ld = ldap_init (ld_host, ld_port))) {
+                printf ("Could not connect to the server at port %i\n", ld_port);
+                return STATE_CRITICAL;
+        }
+#else   
        if (!(ld = ldap_open (ld_host, ld_port))) {
                /*ldap_perror(ld, "ldap_open"); */
                printf (_("Could not connect to the server at port %i\n"), ld_port);
                return STATE_CRITICAL;
        }
+#endif /* HAVE_LDAP_INIT */
+        
 #ifdef HAVE_LDAP_SET_OPTION
        /* set ldap options */
        if (ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &ld_protocol) !=
@@ -101,6 +121,51 @@ main (int argc, char *argv[])
                return STATE_CRITICAL;
        }
 #endif
+        if (strstr(argv[0],"check_ldaps")) {
+        /* with TLS */
+                if ( ld_port == LDAPS_PORT ) {
+                        asprintf (&SERVICE, "LDAPS");
+#if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS)
+                        /* ldaps: set option tls */
+                        tls = LDAP_OPT_X_TLS_HARD;
+                        
+                        if (ldap_set_option (ld, LDAP_OPT_X_TLS, &tls) != LDAP_SUCCESS)
+                        {
+                                /*ldap_perror(ld, "ldaps_option"); */
+                                printf ("Could not init TLS at port %i!\n", ld_port);
+                                return STATE_CRITICAL;
+                }
+#else
+                        printf ("TLS not supported by the libraries!\n", ld_port);
+                        return STATE_CRITICAL;
+#endif /* LDAP_OPT_X_TLS */
+                } else {
+                        asprintf (&SERVICE, "LDAP-TLS");
+#if defined(HAVE_LDAP_SET_OPTION) && defined(HAVE_LDAP_START_TLS_S)
+                        /* ldap with startTLS: set option version */
+                        if (ldap_get_option(ld,LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS )
+                        {
+                                if (version < LDAP_VERSION3)
+                                {
+                                        version = LDAP_VERSION3;
+                                        ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version);
+                                }
+                        }
+                        /* call start_tls */
+                        if (ldap_start_tls_s(ld, NULL, NULL) != LDAP_SUCCESS)
+                        {
+                                /*ldap_perror(ld, "ldap_start_tls"); */
+                                printf ("Could not init startTLS at port %i!\n", ld_port);
+                                return STATE_CRITICAL;
+                        }
+#else
+                        printf ("startTLS not supported by the library, needs LDAPv3!\n");
+                        return STATE_CRITICAL;
+#endif /* HAVE_LDAP_START_TLS_S */
+                }
+        }
+        
        /* bind to the ldap server */
        if (ldap_bind_s (ld, ld_binddn, ld_passwd, LDAP_AUTH_SIMPLE) !=
                        LDAP_SUCCESS) {

diff --git a/plugins/check_ldap.c b/plugins/check_ldap.c index e77ad308..29bc01b2 100644 --- a/plugins/check_ldap.c +++ b/plugins/check_ldap.c
@@ -57,6 +57,10 @@ double warn_time = UNDEFINED;
57	double crit_time = UNDEFINED;	57	double crit_time = UNDEFINED;
58	struct timeval tv;	58	struct timeval tv;
59		59
		60	/* for ldap tls */
		61
		62	char *SERVICE = "LDAP";
		63
60	int	64	int
61	main (int argc, char *argv[])	65	main (int argc, char *argv[])
62	{	66	{
@@ -69,11 +73,20 @@ main (int argc, char *argv[])
69	int status = STATE_UNKNOWN;	73	int status = STATE_UNKNOWN;
70	long microsec;	74	long microsec;
71	double elapsed_time;	75	double elapsed_time;
		76
		77	/* for ldap tls */
		78
		79	int tls;
		80	int version=3;
72		81
73	setlocale (LC_ALL, "");	82	setlocale (LC_ALL, "");
74	bindtextdomain (PACKAGE, LOCALEDIR);	83	bindtextdomain (PACKAGE, LOCALEDIR);
75	textdomain (PACKAGE);	84	textdomain (PACKAGE);
76		85
		86	if (strstr(argv[0],"check_ldaps")) {
		87	asprintf (&progname, "check_ldaps");
		88	}
		89
77	if (process_arguments (argc, argv) == ERROR)	90	if (process_arguments (argc, argv) == ERROR)
78	usage4 (_("Could not parse arguments"));	91	usage4 (_("Could not parse arguments"));
79		92
@@ -87,12 +100,19 @@ main (int argc, char *argv[])
87	gettimeofday (&tv, NULL);	100	gettimeofday (&tv, NULL);
88		101
89	/* initialize ldap */	102	/* initialize ldap */
		103	#ifdef HAVE_LDAP_INIT
		104	if (!(ld = ldap_init (ld_host, ld_port))) {
		105	printf ("Could not connect to the server at port %i\n", ld_port);
		106	return STATE_CRITICAL;
		107	}
		108	#else
90	if (!(ld = ldap_open (ld_host, ld_port))) {	109	if (!(ld = ldap_open (ld_host, ld_port))) {
91	/ldap_perror(ld, "ldap_open"); /	110	/ldap_perror(ld, "ldap_open"); /
92	printf (_("Could not connect to the server at port %i\n"), ld_port);	111	printf (_("Could not connect to the server at port %i\n"), ld_port);
93	return STATE_CRITICAL;	112	return STATE_CRITICAL;
94	}	113	}
95		114	#endif /* HAVE_LDAP_INIT */
		115
96	#ifdef HAVE_LDAP_SET_OPTION	116	#ifdef HAVE_LDAP_SET_OPTION
97	/* set ldap options */	117	/* set ldap options */
98	if (ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &ld_protocol) !=	118	if (ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &ld_protocol) !=
@@ -101,6 +121,51 @@ main (int argc, char *argv[])
101	return STATE_CRITICAL;	121	return STATE_CRITICAL;
102	}	122	}
103	#endif	123	#endif
		124
		125	if (strstr(argv[0],"check_ldaps")) {
		126	/* with TLS */
		127	if ( ld_port == LDAPS_PORT ) {
		128	asprintf (&SERVICE, "LDAPS");
		129	#if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS)
		130	/* ldaps: set option tls */
		131	tls = LDAP_OPT_X_TLS_HARD;
		132
		133	if (ldap_set_option (ld, LDAP_OPT_X_TLS, &tls) != LDAP_SUCCESS)
		134	{
		135	/ldap_perror(ld, "ldaps_option"); /
		136	printf ("Could not init TLS at port %i!\n", ld_port);
		137	return STATE_CRITICAL;
		138	}
		139	#else
		140	printf ("TLS not supported by the libraries!\n", ld_port);
		141	return STATE_CRITICAL;
		142	#endif /* LDAP_OPT_X_TLS */
		143	} else {
		144	asprintf (&SERVICE, "LDAP-TLS");
		145	#if defined(HAVE_LDAP_SET_OPTION) && defined(HAVE_LDAP_START_TLS_S)
		146	/* ldap with startTLS: set option version */
		147	if (ldap_get_option(ld,LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS )
		148	{
		149	if (version < LDAP_VERSION3)
		150	{
		151	version = LDAP_VERSION3;
		152	ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version);
		153	}
		154	}
		155	/* call start_tls */
		156	if (ldap_start_tls_s(ld, NULL, NULL) != LDAP_SUCCESS)
		157	{
		158	/ldap_perror(ld, "ldap_start_tls"); /
		159	printf ("Could not init startTLS at port %i!\n", ld_port);
		160	return STATE_CRITICAL;
		161	}
		162	#else
		163	printf ("startTLS not supported by the library, needs LDAPv3!\n");
		164	return STATE_CRITICAL;
		165	#endif /* HAVE_LDAP_START_TLS_S */
		166	}
		167	}
		168
104	/* bind to the ldap server */	169	/* bind to the ldap server */
105	if (ldap_bind_s (ld, ld_binddn, ld_passwd, LDAP_AUTH_SIMPLE) !=	170	if (ldap_bind_s (ld, ld_binddn, ld_passwd, LDAP_AUTH_SIMPLE) !=
106	LDAP_SUCCESS) {	171	LDAP_SUCCESS) {