check_idm_sync

+++ What is this check program for ? This check program is used to monitor the idm (Nocell Identity Manager) synchronization process between edirectory trees. It uses several user objects and their attributes as well as passwords to check the data flow between them. So you can realize a end to end monitoring for the edirectory drivers using the power of Nagios. This script uses ldap to do all user object modifications and is written as a bash script. +++ Description Please see the PNG drawing below, I tried to put all there in. For eDirectory Objects please refer to the comments in the check program itself. +++ Usage check_idm_sync.sh - Driverside: This defines the side of the driver you ware and would like to check. Please see the drawing for informations. If you would like to invert the check results put a - in front of the Driverside. This is useful if you have a one way synchronization and want to check that nothing comes back. So Nagios would normally show this as an error and with that inverted result you get the OK message. When something is received it will change to an ERROR. Timedelay is set by default to 65 seconds. At the beginning set it to Nagios check interval (in seconds) + 5 seconds tolerance. We do the check every minute, so we set it to 65 seconds. +++ Things to take care of * time has to be synchronized between the edirectory trees and the nagios server * idm drivers should allow data flow for users and the specified attributes * test user has to be created as well as a Nagios account that can write to those user objects * check programs are written to run on each idm server itself. We do have on every server a local Nagios installation. Small changes were necessary if they run on a central Nagios server * The ldap statements inside the check program use the local ldap server +++ Changelog # v 1.0 - initial version # v 1.1 - I modified the ldap attributes to use single value attributes. Before street and postOfficeBox were multi value attributes and made sometimes problems when the edirectory or server was restarted. I changed it to use the single value attributes location (l) and the department (ou). Else I added the edir user that is modified to be listed in the service output. If you have problems with multiple drivers that makes it easier to find the user that is not correctly synchronized. +++ Enhancements * Please put some feedback below what you would like to see

You must be logged in to submit a review.

Your review has been submitted and is pending approval.

Your recommendation has been sent.

Project Overview Project Files Project Photos Project Notes Reviews