Openldap Syncrepl

Error: 2011-08-30 14:36:31,013 - check_syncrepl.py - DEBUG - Retrieving Provider contextCSN 2011-08-30 14:36:31,014 - check_syncrepl.py - DEBUG - contextCSN = 20110830123045.-981247Z#000000#000#000000 2011-08-30 14:36:31,015 - check_syncrepl.py - DEBUG - Retrieving Consumer contextCSN 2011-08-30 14:36:31,015 - check_syncrepl.py - DEBUG - contextCSN = 20110830123044.-999530Z#000000#000#000000 Traceback (most recent call last): File "/usr/lib64/nagios/plugins/check_syncrepl.py", line 286, in ? main() File "/usr/lib64/nagios/plugins/check_syncrepl.py", line 272, in main IsInSync = IsInSync and is_insynch(ldapprov, ldapcons, options.basedn, options.threshold, logger) File "/usr/lib64/nagios/plugins/check_syncrepl.py", line 193, in is_insynch delta = contextCSN_to_datetime(provcontextCSN) - contextCSN_to_datetime(conscontextCSN) File "/usr/lib64/nagios/plugins/check_syncrepl.py", line 159, in contextCSN_to_datetime return datetime.datetime.fromtimestamp(time.mktime(time.strptime(gentime,"%Y%m%d%H%M%S"))) File "/usr/lib64/python2.4/_strptime.py", line 296, in strptime raise ValueError("unconverted data remains: %s" % ValueError: unconverted data remains: .-981247 Patch: --- /usr/lib64/nagios/plugins/check_syncrepl.py.orig 2011-08-04 11:59:15.000000000 +0200 +++ /usr/lib64/nagios/plugins/check_syncrepl.py 2011-08-30 14:42:04.000000000 +0200 @@ -155,7 +155,7 @@ This function returns a datetime object instance """ - gentime = re.sub('(.d{6})?Z.*$','',contextCSN) + gentime = re.sub('(.-?d{6})?Z.*$','',contextCSN) return datetime.datetime.fromtimestamp(time.mktime(time.strptime(gentime,"%Y%m%d%H%M%S"))) def threshold_to_datetime(threshold):

This worked quite well, though I did have one stumbling block. As the previous reviewer pointed out, you need to use the --nagios (or -n) argument to get the script to output a nagios formatted result. However, by default this will also return non-nagios formatted results first. In order to get a clean output that nagios can read, you have to also use the --quiet argument in addition to the --nagios.

The script is simple and well written. However it's ESSENTIAL, and not at all obvious, that you put the --nagios option on the command line. Otherwise, when the server is out of sync with the client, the output will tell you, but Nagios will think that the server is OK and not send you any notification. Also, if the SSL certificate chain is not properly installed, the default logging does not help much: FAILED : LDAP bind failed. {'desc': "Can't contact LDAP server"} It's necessary to edit the source and increase the ldap.OPT_DEBUG_LEVEL to get this output: TLS: warning: cacertdir not implemented for gnutls TLS: peer cert untrusted or revoked (0x42) FAILED : LDAP bind failed. {'desc': "Can't contact LDAP server"} which tells you what you need to know to understand and fix the problem.