Openldap Syncrepl

Error:
2011-08-30 14:36:31,013 - check_syncrepl.py - DEBUG - Retrieving Provider contextCSN
2011-08-30 14:36:31,014 - check_syncrepl.py - DEBUG - contextCSN = 20110830123045.-981247Z#000000#000#000000
2011-08-30 14:36:31,015 - check_syncrepl.py - DEBUG - Retrieving Consumer contextCSN
2011-08-30 14:36:31,015 - check_syncrepl.py - DEBUG - contextCSN = 20110830123044.-999530Z#000000#000#000000
Traceback (most recent call last):
File "/usr/lib64/nagios/plugins/check_syncrepl.py", line 286, in ?
main()
File "/usr/lib64/nagios/plugins/check_syncrepl.py", line 272, in main
IsInSync = IsInSync and is_insynch(ldapprov, ldapcons, options.basedn, options.threshold, logger)
File "/usr/lib64/nagios/plugins/check_syncrepl.py", line 193, in is_insynch
delta = contextCSN_to_datetime(provcontextCSN) - contextCSN_to_datetime(conscontextCSN)
File "/usr/lib64/nagios/plugins/check_syncrepl.py", line 159, in contextCSN_to_datetime
return datetime.datetime.fromtimestamp(time.mktime(time.strptime(gentime,"%Y%m%d%H%M%S")))
File "/usr/lib64/python2.4/_strptime.py", line 296, in strptime
raise ValueError("unconverted data remains: %s" %
ValueError: unconverted data remains: .-981247


Patch:

--- /usr/lib64/nagios/plugins/check_syncrepl.py.orig 2011-08-04 11:59:15.000000000 +0200
+++ /usr/lib64/nagios/plugins/check_syncrepl.py 2011-08-30 14:42:04.000000000 +0200
@@ -155,7 +155,7 @@

This function returns a datetime object instance
"""
- gentime = re.sub('(.d{6})?Z.*$','',contextCSN)
+ gentime = re.sub('(.-?d{6})?Z.*$','',contextCSN)
return datetime.datetime.fromtimestamp(time.mktime(time.strptime(gentime,"%Y%m%d%H%M%S")))

def threshold_to_datetime(threshold):

---

This worked quite well, though I did have one stumbling block. As the previous reviewer pointed out, you need to use the --nagios (or -n) argument to get the script to output a nagios formatted result. However, by default this will also return non-nagios formatted results first. In order to get a clean output that nagios can read, you have to also use the --quiet argument in addition to the --nagios.

---

The script is simple and well written.

However it's ESSENTIAL, and not at all obvious, that you put the --nagios option on the command line. Otherwise, when the server is out of sync with the client, the output will tell you, but Nagios will think that the server is OK and not send you any notification.

Also, if the SSL certificate chain is not properly installed, the default logging does not help much:

FAILED : LDAP bind failed. {'desc': "Can't contact LDAP server"}

It's necessary to edit the source and increase the ldap.OPT_DEBUG_LEVEL to get this output:

TLS: warning: cacertdir not implemented for gnutls
TLS: peer cert untrusted or revoked (0x42)
FAILED : LDAP bind failed. {'desc': "Can't contact LDAP server"}

which tells you what you need to know to understand and fix the problem.

---