Nagios LDAP Monitoring (works for icinga as well)

on commands.cfg file

 

define command {

        command_name check_ldaps

        command_line    $USER1$/check_ldap.pl -H 192.168.0.123 -p 389

}

on your <server.cfg> file-

 

define service{

     use generic-service   ; template name, available by default

     host_name LDAP  ; unique name of the host being defined

     service_description LDAP Daemon   ; description of the host

     check_command check_ldaps

}

But this plugin requires Perl Net::LDAP modules installed. For installation of Net::LDAP perl CPAN module, you read this post

Download the check_ldap.pl from here.

Share

Setting up LDAP on Debian Distro

LDAP (Lightweight Directory Access Protocol) allows central user, group, domain….. authentication, information storage …

Using LDAP in a local network, you can allow your users to login and authenticate from anywhere on your network.

This tutorial will be split in 2 parts. In the first part, I will explain how-to install, configure the LDAP server, add a few users and group, in the second part, we will set up Linux client to authenticate through LDAP if the user does not exist on the local filesystem.

In this tutorial, I will suppose that our LDAP server is located at 192.168.1.4. All machines in the network can resolve the host name ldap to 192.168.1.4. The LDAP server is going to manage domain debuntu.local.
The server runs Debian 4 (testing but almost stable) and the client Ubuntu Feisty 7.04. Continue reading “Setting up LDAP on Debian Distro” »

Share

OpenLDAP introduction

This document describes how to build, configure, and operate OpenLDAP Software to provide directory services. This includes details on how to configure and run the Standalone LDAP Daemon, slapd(8). It is intended for new and experienced administrators alike. This section provides a basic introduction to directory services and, in particular, the directory services provided by slapd(8). This introduction is only intended to provide enough information so one might get started learning about LDAP, X.500, and directory services.


1.1. What is a directory service?

A directory is a specialized database specifically designed for searching and browsing, in additional to supporting basic lookup and update functions.

 


Note: A directory is defined by some as merely a database optimized for read access. This definition, at best, is overly simplistic.


 

Directories tend to contain descriptive, attribute-based information and support sophisticated filtering capabilities. Directories generally do not support complicated transaction or roll-back schemes found in database management systems designed for handling high-volume complex updates. Directory updates are typically simple all-or-nothing changes, if they are allowed at all. Directories are generally tuned to give quick response to high-volume lookup or search operations. They may have the ability to replicate information widely in order to increase availability and reliability, while reducing response time. When directory information is replicated, temporary inconsistencies between the replicas may be okay, as long as inconsistencies are resolved in a timely manner.

There are many different ways to provide a directory service. Different methods allow different kinds of information to be stored in the directory, place different requirements on how that information can be referenced, queried and updated, how it is protected from unauthorized access, etc. Some directory services are local, providing service to a restricted context (e.g., the finger service on a single machine). Other services are global, providing service to a much broader context (e.g., the entire Internet). Global services are usually distributed, meaning that the data they contain is spread across many machines, all of which cooperate to provide the directory service. Typically a global service defines a uniform namespace which gives the same view of the data no matter where you are in relation to the data itself.

A web directory, such as provided by the Open Directory Project <http://dmoz.org>, is a good example of a directory service. These services catalog web pages and are specifically designed to support browsing and searching.

While some consider the Internet Domain Name System (DNS) is an example of a globally distributed directory service, DNS is not browseable nor searchable. It is more properly described as a globally distributed lookup service. Continue reading “OpenLDAP introduction” »

Share

How to setup an OpenLDAP server on Debian or Ubuntu

Most enterprises use LDAP as interface to their company structure database. In the Microsoft world is Active Directory the implementation for LDAP. Under Linux is OpenLDAP the common choice for admins. Such LDAP directories are tree based. OpenLDAP is the reference implementation for LDAP v3.

The JNDI API inside the Java SDK is usable as implementation to access such LDAP directories. With Spring LDAP is more sophisticated API available.

My first code sample works in the company against their OpenLDAP server. For security reasons is the access not possible from outside. So my JUNIT Tests was code red after running in my homeoffice. Maven standard is to run all test prior to build a package like a J2EE war or ear file. So i decided to setup a OpenLDAP server inside my ubuntu 8.10 server vmware server vm. Continue reading “How to setup an OpenLDAP server on Debian or Ubuntu” »

Share