Tania Hagan via FreeIPA-users wrote: > Hi, > > Many thanks for the response, I have set up the ipa-healthcheck but it didn't > have the LDAP query check (the reason being we noticed a few months ago that > ldap query failed whilst the services appeared to stay up, so keen to monitor > so we can notice these problems before our users do) > > I looked into these two exporters: > > https://github.com/terrycain/389ds_exporter > https://github.com/ozgurcd/389DS-exporter > > The original reason I couldn't get them to work is because by default they > wanted to connect to ldap with 389 instead of 636. I was able to get both to > work with a password with some tweaks, but found the go-ldap doesn't > currently have GSSAPI support.
What's the problem using port 389? The second exporter does an anonymous bind to cn=monitor. No credentials are passed so there is no need to encrypt the connection. Do you disable anonymous logins? Even so the rootdse should be available so you could try switching what they are searching for. > There's an open ticket with go-ldap https://github.com/go-ldap/ldap/pull/402 > that hopes to add GSSAPI support, so I'll wait for that work to complete > before trying again. rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
