Script & Icinga/Nagios plugin to check OpenLDAP syncrepl replication
Find a file
2013-12-19 18:38:47 +01:00
.gitignore Added .gitignore file 2013-05-15 16:30:05 +02:00
check_syncrepl_extended Add --replace-touch parameter 2013-12-19 18:38:47 +01:00
README Added README file on provide more explanation in top of script 2013-12-18 18:54:51 +01:00

Script to check LDAP syncrepl replication state between two servers
===================================================================

This script check LDAP syncrepl replication state between two servers.
One server is consider as provider and the other as consumer.

This script can check replication state with two method :
 - by the fisrt, entryCSN of all entries of LDAP directory will be
   compare between two servers
 - by the second, all values of all atributes of all entries will
   be compare between two servers.

In all case, contextCSN of servers will be compare and entries not
present in consumer or in provider will be notice. You can decide to
disable contextCSN verification by using argument --no-check-contextCSN.

This script is also able to "touch" LDAP object on provider to force
synchronisation of this object. This mechanism consist to add '%%TOUCH%%'
value to an attribute of this object and remove it just after. The
touched attribute is specify by parameter --touch. Of course, couple of
DN and password provided, must have write right on this attribute.

To use this script as Nagios plugin, use -n argument

Requirement
-----------

A single couple of DN and password able to connect to both server 
and without restriction to retrieve objects from servers.

Usage
-----

  Usage: check_syncrepl_extended [options]
  
  Options:
    --version             show program's version number and exit
    -h, --help            show this help message and exit
    -p PROVIDER, --provider=PROVIDER
                          LDAP provider URI (example :
                          ldaps://ldapmaster.foo:636)
    -c CONSUMER, --consumer=CONSUMER
                          LDAP consumer URI (example :
                          ldaps://ldapslave.foo:636)
    -D DN, --dn=DN        LDAP bind DN (example :
                          uid=nagios,ou=sysaccounts,o=example
    -P PWD, --pwd=PWD     LDAP bind password
    -b BASEDN, --basedn=BASEDN
                          LDAP base DN (example : o=example)
    -f FILTER, --filter=FILTER
                          LDAP filter (default : (objectClass=*))
    -d, --debug           Debug mode
    -n, --nagios          Nagios check plugin mode
    -q, --quiet           Quiet mode
    --no-check-certificate
                          Don't check the server certificate (Default : False)
    --no-check-contextCSN
                          Don't check servers contextCSN (Default : False)
    -a, --attributes      Check attributes values (Default : check only
                          entryCSN)
    --exclude-attributes=EXCL_ATTRS
                          Don't check this attribut (only in attribute check
                          mode)
    --touch=TOUCH         Touch attribute giving in parameter to force resync a
                          this LDAP object from provider. A value '%%TOUCH%%'
                          will be add to this attribute and remove after. The
                          user use to connect to the LDAP directory must have
                          write permission on this attribute on each object.


Copyright
---------

Copyright (c) 2013 Benjamin Renard 

License
-------

This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License version 2
as published by the Free Software Foundation.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.