summaryrefslogtreecommitdiffstats
path: root/plugins/check_ldap.c
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/check_ldap.c')
-rw-r--r--plugins/check_ldap.c67
1 files changed, 66 insertions, 1 deletions
diff --git a/plugins/check_ldap.c b/plugins/check_ldap.c
index e77ad308..29bc01b2 100644
--- a/plugins/check_ldap.c
+++ b/plugins/check_ldap.c
@@ -57,6 +57,10 @@ double warn_time = UNDEFINED;
57double crit_time = UNDEFINED; 57double crit_time = UNDEFINED;
58struct timeval tv; 58struct timeval tv;
59 59
60/* for ldap tls */
61
62char *SERVICE = "LDAP";
63
60int 64int
61main (int argc, char *argv[]) 65main (int argc, char *argv[])
62{ 66{
@@ -69,11 +73,20 @@ main (int argc, char *argv[])
69 int status = STATE_UNKNOWN; 73 int status = STATE_UNKNOWN;
70 long microsec; 74 long microsec;
71 double elapsed_time; 75 double elapsed_time;
76
77 /* for ldap tls */
78
79 int tls;
80 int version=3;
72 81
73 setlocale (LC_ALL, ""); 82 setlocale (LC_ALL, "");
74 bindtextdomain (PACKAGE, LOCALEDIR); 83 bindtextdomain (PACKAGE, LOCALEDIR);
75 textdomain (PACKAGE); 84 textdomain (PACKAGE);
76 85
86 if (strstr(argv[0],"check_ldaps")) {
87 asprintf (&progname, "check_ldaps");
88 }
89
77 if (process_arguments (argc, argv) == ERROR) 90 if (process_arguments (argc, argv) == ERROR)
78 usage4 (_("Could not parse arguments")); 91 usage4 (_("Could not parse arguments"));
79 92
@@ -87,12 +100,19 @@ main (int argc, char *argv[])
87 gettimeofday (&tv, NULL); 100 gettimeofday (&tv, NULL);
88 101
89 /* initialize ldap */ 102 /* initialize ldap */
103#ifdef HAVE_LDAP_INIT
104 if (!(ld = ldap_init (ld_host, ld_port))) {
105 printf ("Could not connect to the server at port %i\n", ld_port);
106 return STATE_CRITICAL;
107 }
108#else
90 if (!(ld = ldap_open (ld_host, ld_port))) { 109 if (!(ld = ldap_open (ld_host, ld_port))) {
91 /*ldap_perror(ld, "ldap_open"); */ 110 /*ldap_perror(ld, "ldap_open"); */
92 printf (_("Could not connect to the server at port %i\n"), ld_port); 111 printf (_("Could not connect to the server at port %i\n"), ld_port);
93 return STATE_CRITICAL; 112 return STATE_CRITICAL;
94 } 113 }
95 114#endif /* HAVE_LDAP_INIT */
115
96#ifdef HAVE_LDAP_SET_OPTION 116#ifdef HAVE_LDAP_SET_OPTION
97 /* set ldap options */ 117 /* set ldap options */
98 if (ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &ld_protocol) != 118 if (ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &ld_protocol) !=
@@ -101,6 +121,51 @@ main (int argc, char *argv[])
101 return STATE_CRITICAL; 121 return STATE_CRITICAL;
102 } 122 }
103#endif 123#endif
124
125 if (strstr(argv[0],"check_ldaps")) {
126 /* with TLS */
127 if ( ld_port == LDAPS_PORT ) {
128 asprintf (&SERVICE, "LDAPS");
129#if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS)
130 /* ldaps: set option tls */
131 tls = LDAP_OPT_X_TLS_HARD;
132
133 if (ldap_set_option (ld, LDAP_OPT_X_TLS, &tls) != LDAP_SUCCESS)
134 {
135 /*ldap_perror(ld, "ldaps_option"); */
136 printf ("Could not init TLS at port %i!\n", ld_port);
137 return STATE_CRITICAL;
138 }
139#else
140 printf ("TLS not supported by the libraries!\n", ld_port);
141 return STATE_CRITICAL;
142#endif /* LDAP_OPT_X_TLS */
143 } else {
144 asprintf (&SERVICE, "LDAP-TLS");
145#if defined(HAVE_LDAP_SET_OPTION) && defined(HAVE_LDAP_START_TLS_S)
146 /* ldap with startTLS: set option version */
147 if (ldap_get_option(ld,LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS )
148 {
149 if (version < LDAP_VERSION3)
150 {
151 version = LDAP_VERSION3;
152 ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version);
153 }
154 }
155 /* call start_tls */
156 if (ldap_start_tls_s(ld, NULL, NULL) != LDAP_SUCCESS)
157 {
158 /*ldap_perror(ld, "ldap_start_tls"); */
159 printf ("Could not init startTLS at port %i!\n", ld_port);
160 return STATE_CRITICAL;
161 }
162#else
163 printf ("startTLS not supported by the library, needs LDAPv3!\n");
164 return STATE_CRITICAL;
165#endif /* HAVE_LDAP_START_TLS_S */
166 }
167 }
168
104 /* bind to the ldap server */ 169 /* bind to the ldap server */
105 if (ldap_bind_s (ld, ld_binddn, ld_passwd, LDAP_AUTH_SIMPLE) != 170 if (ldap_bind_s (ld, ld_binddn, ld_passwd, LDAP_AUTH_SIMPLE) !=
106 LDAP_SUCCESS) { 171 LDAP_SUCCESS) {