#!/usr/bin/python #==================================================================== # What's this ? #==================================================================== # Script designed for nagios # # Tested with Nagios 2.9 Python 2.3.4 sun ldap directory server 5_2 patch 3 # should work with any ldap # Checks if master ldap server is accepting modifications # ie:not in read only mode # tries to modify telephoneNumber of an ldap account binding with the same account # this account must have r/w "self" aci # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. #==================================================================== import ldap import ldap.modlist as modlist import time import datetime import sys def modify_ldap_master(master_server,TS,DN,PASSWD): # first you must open a connection to the master server print master_server, try: l = ldap.open(master_server) l.protocol_version = ldap.VERSION3 # binding with DN,PASSWD l.simple_bind_s(DN,PASSWD) except ldap.LDAPError, erreur_ldap: print erreur_ldap[0]['desc'], return 2 # now we make a change in telephoneNumber to see if ldap is available using timestamp old = {'telephoneNumber':'noneed'} new = {'telephoneNumber':TS} # Convert place-holders for modify-operation using modlist-module ldif = modlist.modifyModlist(old,new) # Do the actual modification try : l.modify_s(dn,ldif) except ldap.LDAPError, erreur_ldap: print erreur_ldap[0]['desc'], return 2 l.unbind_s() return 0 # MAIN # Account to test with. TelephoneNumber of this account will be modified. You must deal with security ;) dn = "uid=testaccount,ou=misc,o=mydomain,c=fr" passwd = "testaccount_password" # Nagios states : STATE_OK = 0 STATE_WARNING = 1 STATE_CRITICAL = 2 STATE_UNKNOWN = 3 # generating a time stamp id for verification timestamp = str(int(time.mktime(datetime.datetime.now().timetuple()))) if len(sys.argv) != 2: sys.exit("Check if master ldap can be modified.\n\nUsage : check_ldap_master.py master_hostname") if modify_ldap_master(sys.argv[1],str(timestamp),dn,passwd)== 0 : print "-- > master modification OK" sys.exit(STATE_OK) else : print "--> master modification CRITICAL" sys.exit(STATE_CRITICAL)