Your message dated Sun, 13 May 2018 10:47:17 +0200
with message-id <[email protected]>
and subject line Re: [Pkg-nagios-devel] Bug#730470: Bug#730470: check_ldaps
fails to verify CA
has caused the Debian Bug report #730470,
regarding check_ldaps fails to verify CA
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
730470: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730470
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: nagios-plugins-standard
Version: 1.4.16-1
Severity: important
Consider the following:
/usr/lib/nagios/plugins/check_ldaps -H ldap -b dc=example,dc=org -p 636 -3
It fails with "Could not bind to the LDAP server"
Adding this hack to /etc/ldap/ldap.conf:
TLS_REQCERT never
makes it work though. Somebody has actually described this on stack
overflow as a solution, in fact, it is quite a nasty thing for security
as all LDAP client code on the system running check_ldaps will no longer
do cert verification.
Please note I have checked the server cert is not expired and I am using
a custom CA specified with TLS_CACERT in /etc/ldap/ldap.conf - other
LDAP clients are happy with that setup and the problem is unique to
check_ldaps for Nagios
check_ldaps should work without requiring TLS_REQCERT to be weakened
--- End Message ---
--- Begin Message ---
Am 01.12.13 um 15:48 schrieb Jan Wagner:
> As I actually have no LDAP server running, could you please verify if
> the following is working for you:
>
> /usr/lib/nagios/plugins/check_ldap -H ldap -b dc=example,dc=org -S -3
>
> This should make a ldaps connection to port 636.
>
> A "/usr/lib/nagios/plugins/check_ldaps -H ldap -b dc=example,dc=org -p
> 636 -3 -vvv" could be also interesting
Closing cause missing feedback. Feel free to reopen.
Cheers, Jan.
--
Never write mail to <[email protected]>, you have been warned!
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GIT d-- s+: a C+++ UL++++ P+ L+++ E--- W+++ N+++ o++ K++ w--- O M+ V- PS
PE Y++
PGP++ t-- 5 X R tv- b+ DI D+ G++ e++ h---- r+++ y++++
------END GEEK CODE BLOCK------
signature.asc
Description: OpenPGP digital signature
--- End Message ---
