check_ldap with starttls for Nagios
Since we use Nagios to monitor services and hosts with customers and OpenLDAP for accounts, we’d like to check if LDAP is still active and working. But we had a problem here, because the check_ldap plugin that’s distributed in Debian‘s nagios-plugins package doesn’t speak STARTTLS. So I modified the source-code of check_ldap and created check_ldap_starttls. Some might (and have) argue that using ldaps:// would be easier to implement, but that’s a non-argument, for as far as we’re concerned, since ldaps:// is deprecated.
As usual, you can find my files right here. I claim no copyright to the code whatsoever, since I only added about 8 lines and most of those were copied from some other programme. Use as you see fit.
- check_ldap_starttls (the programme)
- check_ldap_starttls.c (the code)
Enjoy!
Update Been fixed in the latest packages, I believe. Removed the links here.
A perfect rabbit cage
Yesterday, Hanneke showed me a newspaper article about a rabbit cage, which her mother (whom she went to visit last weekend) cut out for me. It’s really lovely, but I think Monique and I will try to make one ourselves. It’ll have three floors :) Just look at the thing, it’s a real bunny condo!
Can’t we all just get along?
There is an interesting read on Ian Murdock’s Weblog: Can’t we all just get along? It talks about the differences between Debian and Ubuntu, the latter being a derivative of the first. Although I can understand Ian’s problem, I do not share his views.
He’s correct in some respects, for example that Ubuntu’s packages often don’t work on Debian Sarge. But the question is, do we want them to? Debian Sarge is a very stable and secure platform, one we (as a company) prefer to use in a corporate environment. In fact, 45% of our deployments are Debian Woody and another 45% are Debian Sarge. (The rest are mostly different hardware routers and Cisco stuff.) I wouldn’t want those Ubuntu packages working on Sarge! As much as I love Debian, I never thought of it as a desktop distribution. It’s ideal for servers, because it’s stable and has slow update cycles. You know, when people say they choose for Red Hat because they can upgrade often, that’s just not logical. Servers we have are deployed and work without a glitch. They don’t need to be upgraded regularly, just patched for security holes! Why in the world would we want to upgrade a firewall/router? Patch the holes and give me those updates, that’s all I want. And that’s what Debian gives me. Sarge is due to be released very soon and the next version of Debian, Sid, will probably not be released for at least two years. And that’s the way I want it to be. Server protocols don’t change all that often.
On the other hand, a desktop is a machine that needs to be upgraded often. And when I take the time to upgrade, I want it to show. Not just some new buttons, but a nicer interface, new programmes, more features, better spam-detection, et cetera, et cetera. That’s what Ubuntu gives us. Fast release cycles that matter. Each six months we get improvements. Do we want those improvements on a server? Usually not. But when we do want them, it’s easier to backport an Ubuntu package than to build one from scratch.
Just my two cents.
