HEX
Server: LiteSpeed
System: Linux s3604.bom1.stableserver.net 4.18.0-513.11.1.lve.el8.x86_64 #1 SMP Thu Jan 18 16:21:02 UTC 2024 x86_64
User: dmstechonline (1480)
PHP: 7.4.33
Disabled: NONE
$ pwd: /lib64/nagios/plugins/
Upload Files
File: //lib64/nagios/plugins/check_aad_ldaps
#!/bin/bash
# check_aad_ldaps
# Author: Radoslav Stoimenov <radoslav.stoimenov@hosting.com>
# Version 0.4

# Get LDAP User and Password from config to use for the check
if [ -f "/etc/sssd/sssd.conf" ]; then
    bind_dn=$(grep '^ldap_default_bind_dn =' /etc/sssd/sssd.conf | head -n1 | cut -d= -f2- | sed 's/^[[:space:]]*//;s/[[:space:]]*$//')
    bind_pass=$(grep '^ldap_default_authtok =' /etc/sssd/sssd.conf | head -n1 | cut -d= -f2 | sed 's/^[[:space:]]*//;s/[[:space:]]*$//')
    LDAP_USER=$(grep '^# monitoring_check_user =' /etc/sssd/sssd.conf | head -n1 | cut -d= -f2 | sed 's/^[[:space:]]*//;s/[[:space:]]*$//')
    wrapped_bind_dn="\"$bind_dn\""
else
    echo "[CRITICAL]: SSSD Config file not found."
    exit 1
fi

CRITICAL=false
WARNING=false
ERROR_MESSAGE=""
HOSTS=("$@")

if [[ -z $LDAP_USER ]]; then
    echo "User not found in sssd.conf, using ldap.ssh3..."
    LDAP_USER="ldap.ssh3"
fi

check_ldap() {
    if [ -n "${HOSTS[@]}" ]; then
        for host in ${HOSTS}; do
            check_command_template='/usr/lib64/nagios/plugins/check_ldaps -H $host -b "dc=whgi,dc=net" -t 60 -S -D "$wrapped_bind_dn" -P "$bind_pass"'
            check_command=$(eval echo "$check_command_template" | envsubst)
            check_command_exec=$(eval "$check_command")

            if [[ "${check_command_exec}" == *"LDAP OK"* ]]; then
                echo "Connection to LDAP host ${host} successful."
            else
                CRITICAL=true
                ERROR_MESSAGE+="Connection to LDAP host ${host} failed with: ${check_command_exec}.\n"
            fi
        done
    else
        WARNING=true
        echo "No HOSTS provided to check for LDAP, please check your variables."
    fi

    sssd_status=$(sss_cache -u ${LDAP_USER}; getent passwd ${LDAP_USER} 2>&1)
    exit_code=$?
    if [ ${exit_code} -ne 0 ]; then
        CRITICAL=true
        ERROR_MESSAGE+="Unable to get LDAP User, SSSD not working as expected: ${sssd_status}\n"
    else
        echo "SSSD working: ${sssd_status}"
    fi
}

# Perform checks
check_ldap

# Return final state
if [ "${CRITICAL}" = true ]; then
    echo -e "[CRITICAL]\n${ERROR_MESSAGE}"
    exit 2
elif [ "${WARNING}" = true ]; then
    echo -e "[WARNING] No hosts for check provided, please check command."
    exit 1
else
    echo "[OK] Connection to all LDAP servers and SSSD resolution successful."
    exit 0
fi
@ Telegram