2021-03-23 18:05:39 +01:00
# Script to check LDAP syncrepl replication state between two servers
2024-03-14 00:02:33 +01:00
2017-09-11 12:28:10 +02:00
This script check LDAP syncrepl replication state between two servers.
One server is consider as provider and the other as consumer.
This script can check replication state with two method :
2024-03-14 00:02:33 +01:00
- by the first, entryCSN of all entries of LDAP directory will be compare between two servers
- by the second, all values of all attributes of all entries will be compare between two servers.
In all case, contextCSN of servers will be compare and entries not present in consumer or in provider will be notice. You can decide to disable contextCSN verification by using argument _--no-check-contextCSN_ .
2017-09-11 12:28:10 +02:00
2024-03-14 00:02:33 +01:00
This script is also able to _"touch"_ LDAP object on provider to force synchronisation of this object. This mechanism consist to add _'%%TOUCH%%'_ value to an attribute of this object and remove it just after. The
touched attribute is specify by parameter _--touch_ . Of course, couple of DN and password provided, must have write right on this attribute.
2017-09-11 12:28:10 +02:00
2024-03-14 00:02:33 +01:00
If your prefer, you can use _--replace-touch_ parameter to replace value of touched attribute instead of adding the touched value. Use-ful in case of single-value attribute.
2017-09-11 12:28:10 +02:00
2024-03-14 00:02:33 +01:00
To use this script as an Icinga (or Nagios) plugin, use _-n_ argument
2017-09-11 12:28:10 +02:00
2021-03-23 18:05:39 +01:00
## Requirement
2017-09-11 12:28:10 +02:00
A single couple of DN and password able to connect to both server and without restriction to retrieve objects from servers.
2021-03-23 18:05:39 +01:00
## Dependencies
2024-03-14 00:02:33 +01:00
- python 3 (for python 2.7 compatibility, see python2.7 branch)
- python-ldap
2021-03-23 18:05:39 +01:00
## Installation
### If you plan to use it with NRPE
2024-03-14 00:02:33 +01:00
2021-03-23 18:05:39 +01:00
```
2022-06-29 18:51:27 +02:00
apt install -y python3-ldap git
2022-09-26 11:25:07 +02:00
git clone https://gitea.zionetrix.net/bn8/check_syncrepl_extended.git /usr/local/src/check_syncrepl_extended
2021-03-23 18:05:39 +01:00
mkdir -p /usr/local/lib/nagios/plugins
ln -s /usr/local/src/check_syncrepl_extended/check_syncrepl_extended /usr/local/lib/nagios/plugins/
cat < < EOF > /etc/nagios/nrpe.d/ldap-syncrepl.cfg
2022-09-26 11:32:45 +02:00
command[check_syncrepl_extended]=/usr/local/lib/nagios/plugins/check_syncrepl_extended --nagios --attributes --provider ldaps://ldapmaster.foo --consumer ldaps://ldapslave.foo --basedn o=example -D uid=nagios,ou=sysaccounts,o=example -P secret
2021-03-23 18:05:39 +01:00
EOF
service nagios-nrpe-server reload
```
### Otherwise
2024-03-14 00:02:33 +01:00
2021-03-23 18:05:39 +01:00
```
apt install python3-ldap git
2022-09-26 11:25:07 +02:00
git clone https://gitea.zionetrix.net/bn8/check_syncrepl_extended.git /usr/local/src/check_syncrepl_extended
2021-03-23 18:05:39 +01:00
ln -s /usr/local/src/check_syncrepl_extended/check_syncrepl_extended /usr/local/bin/
```
## Usage
2024-03-14 00:02:33 +01:00
2017-09-11 12:28:10 +02:00
```
2020-12-18 14:19:02 +01:00
usage: check_syncrepl_extended [-h] [-v] [-p PROVIDER] [-c CONSUMER]
[-i SERVERID] [-T] [-D DN] [-P PWD] [-b BASEDN]
[-f FILTERSTR] [-d] [-n] [-q]
[--no-check-certificate]
[--no-check-contextCSN] [-a]
[--exclude-attributes EXCL_ATTRS]
[--touch TOUCH] [--replace-touch]
[--remove-touch-value] [--page-size PAGE_SIZE]
Script to check LDAP syncrepl replication state between two servers.
optional arguments:
2017-09-11 12:28:10 +02:00
-h, --help show this help message and exit
2020-12-18 14:19:02 +01:00
-v, --version show program's version number and exit
-p PROVIDER, --provider PROVIDER
LDAP provider URI (example:
2017-09-11 12:28:10 +02:00
ldaps://ldapmaster.foo:636)
2020-12-18 14:19:02 +01:00
-c CONSUMER, --consumer CONSUMER
LDAP consumer URI (example: ldaps://ldapslave.foo:636)
-i SERVERID, --serverID SERVERID
2017-09-12 13:20:51 +02:00
Compare contextCSN of a specific master. Useful in
MultiMaster setups where each master has a unique ID
and a contextCSN for each replicated master exists. A
valid serverID is a integer value from 0 to 4095
(limited to 3 hex digits, example: '12' compares the
contextCSN matching '#00C#')
-T, --starttls Start TLS on LDAP provider/consumers connections
2020-12-18 14:19:02 +01:00
-D DN, --dn DN LDAP bind DN (example:
2017-09-11 12:28:10 +02:00
uid=nagios,ou=sysaccounts,o=example
2020-12-18 14:19:02 +01:00
-P PWD, --pwd PWD LDAP bind password
-b BASEDN, --basedn BASEDN
LDAP base DN (example: o=example)
-f FILTERSTR, --filter FILTERSTR
LDAP filter (default: (objectClass=*))
2017-09-11 12:28:10 +02:00
-d, --debug Debug mode
-n, --nagios Nagios check plugin mode
-q, --quiet Quiet mode
--no-check-certificate
2020-12-18 14:19:02 +01:00
Don't check the server certificate (Default: False)
2017-09-11 12:28:10 +02:00
--no-check-contextCSN
2020-12-18 14:19:02 +01:00
Don't check servers contextCSN (Default: False)
-a, --attributes Check attributes values (Default: check only entryCSN)
--exclude-attributes EXCL_ATTRS
2024-03-14 00:02:33 +01:00
Don't check this attribute (only in attribute check
2017-09-11 12:28:10 +02:00
mode)
2020-12-18 14:19:02 +01:00
--touch TOUCH Touch attribute giving in parameter to force resync a
this LDAP object from provider. A value '%TOUCH%' will
be add to this attribute and remove after. The user
use to connect to the LDAP directory must have write
permission on this attribute on each object.
2017-09-11 12:28:10 +02:00
--replace-touch In touch mode, replace value instead of adding.
2020-12-18 14:19:02 +01:00
--remove-touch-value In touch mode, remove touch value if present.
--page-size PAGE_SIZE
Page size: if defined, paging control using LDAP v3
2019-01-04 16:27:55 +01:00
extended control will be enabled.
2020-12-18 14:19:02 +01:00
Author: Benjamin Renard < brenard @ easter-eggs . com > , Source:
2022-09-26 11:25:07 +02:00
https://gitea.zionetrix.net/bn8/check_syncrepl_extended
2017-09-11 12:28:10 +02:00
```
2021-03-23 18:05:39 +01:00
## Copyright
2017-09-11 12:28:10 +02:00
Copyright (c) 2017 Benjamin Renard
2021-03-23 18:05:39 +01:00
## License
2017-09-11 12:28:10 +02:00
2020-12-18 14:19:02 +01:00
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 3 as published by the Free Software Foundation.
2017-09-11 12:28:10 +02:00
2024-03-14 00:02:33 +01:00
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
2017-09-11 12:28:10 +02:00
2024-03-14 00:02:33 +01:00
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
