On 1/19/07, Formoso, Travis <[EMAIL PROTECTED]> wrote: > Hello, > > I am trying to monitor LDAPS on my server and I am using this command: > ./check_ldaps -H mars.blueslate.net -b o=scalix -p 636 > > I get the following error: Could not bind to the ldap-server
Have you checked the LDAP daemon logs on the server for any errors / entries as you run check_ldaps against it? Is the server / stunnel sending out self-signed, expired, or otherwise[-invalid/-untrusted] credentials? Have you used any other clients to verify that LDAPS is functional? By checking the certificate with openssl, I can see that the certificate isn't in my default trusted certificate authority list (checked on Redhat Enterprise Linux AS4 Update 4): $ openssl s_client -connect 66.194.182.14:636 CONNECTED(00000003) depth=0 /O=mail.blueslate.net/OU=Domain Control Validated/CN=mail.blueslate.net verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /O=mail.blueslate.net/OU=Domain Control Validated/CN=mail.blueslate.net verify error:num=27:certificate not trusted verify return:1 depth=0 /O=mail.blueslate.net/OU=Domain Control Validated/CN=mail.blueslate.net verify error:num=21:unable to verify the first certificate verify return:1 So maybe there is an issue there? I don't use check_ldaps (we just have a test implementation of OpenLDAP going at work; Nagios isn't running against it yet), but I know that there are client-side hoops to jump through if you are using a certificate signed by [someone other than Verisign or a handful of authorities]. I hope that helps a bit, or at least gives you something else to look into! > > When monitoring LDAP it worked fine using: ./check_ldap -H mars.blueslate.net > -b o=scalix > LDAP OK - 0.228 seconds response time|time=0.227919s;;;0.000000 > > We are using stunnel to implement LDAPS on port 636. > > > > > This e-mail and any files transmitted with it are for the sole use of > Blue Slate Solutions and the intended recipient(s) and may contain > confidential and privileged information. If you are not the intended > recipient, please contact the sender by reply e-mail and destroy all > copies of the original message. Any unauthorized review, use, > disclosure, dissemination, forwarding, printing or copying of this email > or any action taken in reliance on this e-mail is strictly prohibited > and may be unlawful. > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Nagios-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/nagios-users > ::: Please include Nagios version, plugin version (-v) and OS when reporting > any issue. > ::: Messages without supporting info will risk being sent to /dev/null > Sincerely, -Parker ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Nagios-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
