File: //lib64/nagios/plugins/check_aad_ldaps
#!/bin/bash
# check_aad_ldaps
# Author: Radoslav Stoimenov <radoslav.stoimenov@worldhost.group>
# Version 0.3
# Get LDAP User and Password from config to use for the check
if [ -f "/etc/sssd/sssd.conf" ]; then
bind_dn=$(grep '^ldap_default_bind_dn =' /etc/sssd/sssd.conf | head -n1 | cut -d= -f2- | sed 's/^[[:space:]]*//;s/[[:space:]]*$//')
bind_pass=$(grep '^ldap_default_authtok =' /etc/sssd/sssd.conf | head -n1 | cut -d= -f2 | sed 's/^[[:space:]]*//;s/[[:space:]]*$//')
wrapped_bind_dn="\"$bind_dn\""
else
echo "[CRITICAL]: SSSD Config file not found."
exit 1
fi
CRITICAL=false
WARNING=false
ERROR_MESSAGE=""
HOSTS=("$@")
LDAP_USER="ldap.user"
check_ldap() {
if [ -n "${HOSTS[@]}" ]; then
for host in ${HOSTS}; do
check_command_template='/usr/lib64/nagios/plugins/check_ldaps -H $host -b "dc=whgi,dc=net" -t 60 -S -D "$wrapped_bind_dn" -P "$bind_pass"'
check_command=$(eval echo "$check_command_template" | envsubst)
check_command_exec=$(eval "$check_command")
if [[ "${check_command_exec}" == *"LDAP OK"* ]]; then
echo "Connection to LDAP host ${host} successful."
else
CRITICAL=true
ERROR_MESSAGE+="Connection to LDAP host ${host} failed with: ${check_command_exec}.\n"
fi
done
else
WARNING=true
echo "No HOSTS provided to check for LDAP, please check your variables."
fi
sssd_status=$(sss_cache -u ${LDAP_USER}; getent passwd ${LDAP_USER} 2>&1)
exit_code=$?
if [ ${exit_code} -ne 0 ]; then
CRITICAL=true
ERROR_MESSAGE+="Unable to get LDAP User, SSSD not working as expected: ${sssd_status}\n"
else
echo "SSSD working: ${sssd_status}"
fi
}
# Perform checks
check_ldap
# Return final state
if [ "${CRITICAL}" = true ]; then
echo -e "[CRITICAL]\n${ERROR_MESSAGE}"
exit 2
elif [ "${WARNING}" = true ]; then
echo -e "[WARNING] No hosts for check provided, please check command."
exit 1
else
echo "[OK] Connection to all LDAP servers and SSSD resolution successful."
exit 0
fi