http://ltb-project.org/wiki/ 2010-09-04T21:49:06+02:00 http://ltb-project.org/wiki/ http://ltb-project.org/wiki/lib/images/favicon.ico text/html 2010-08-22T16:03:47+02:00 Jonathan Clarke http://ltb-project.org/wiki/start?rev=1282485827&do=diff Presentation LTB project is a compilation of tools for LDAP administrators, to ease their rough life: * Monitoring: Nagios and Cacti scripts * OpenLDAP packaging and extensions * Scripting: LDAP massive batch operations * Self Service: small web applications to delegate administrative tasks to users text/html 2010-08-22T15:58:57+02:00 Jonathan Clarke http://ltb-project.org/wiki/documentation/self-service-password/0.4/config_ppolicy?rev=1282485537&do=diff self-service-password/config.inc.php Hashing You can use these schemes to hash the password before sending it to LDAP directory: * SHA * SSHA * MD5 * SMD5 * CRYPT * clear Set one of them in $hash: $hash = "clear"; Size Set minimal and maximal length in $pwd_min_length and $pwd_max_length: text/html 2010-08-22T15:56:15+02:00 Jonathan Clarke http://ltb-project.org/wiki/documentation/self-service-password/0.4/config_ldap?rev=1282485375&do=diff self-service-password/config.inc.php Server address Use an LDAP URI to configure the location of your LDAP server in $ldap_url: $ldap_url = "ldap://localhost:389"; You can set several URI, so that next server will be tried if the previous is down: text/html 2010-08-22T15:49:56+02:00 Jonathan Clarke http://ltb-project.org/wiki/documentation/self-service-password/0.4/install_rpm?rev=1282484996&do=diff RPM can be downloaded from this page. Choose the file with the .rpm extension. Install it: # yum localinstall self-service-password-0.4-1.el5.noarch.rpm Dependencies should be installed automatically by yum. You should import LTB GPG key first: text/html 2010-08-22T15:49:33+02:00 Jonathan Clarke http://ltb-project.org/wiki/documentation/self-service-password/0.4/install_tarball?rev=1282484973&do=diff Tarball can be downloaded from this page. Choose the file with the .tar.gz extension. Uncompress and unarchive the tarball: # tar zxvf ltb-project-self-service-password-0.4.tar.gz Install it in /usr/local (or wherever you choose): # mv ltb-project-self-service-password-0.4 /usr/local/self-service-password text/html 2010-08-22T15:48:36+02:00 Jonathan Clarke http://ltb-project.org/wiki/documentation/self-service-password/0.4/install_debian?rev=1282484916&do=diff Debian package can be downloaded from this page. Choose the file with the .deb extension. Install it: # dpkg -i self-service-password_0.4-1_all.deb You will maybe be asked to install dependencies before: # aptitude install apache2 php5 php5-ldap text/html 2010-08-22T15:47:19+02:00 Jonathan Clarke http://ltb-project.org/wiki/documentation/self-service-password?rev=1282484839&do=diff Presentation Self Service Password is a PHP application that allows users to change their password in an LDAP directory. The application can be used on standard LDAPv3 directories (OpenLDAP, OpenDS, ApacheDS, Sun Oracle DSEE, Novell, etc.) and also on Active Directory. text/html 2010-08-22T15:44:42+02:00 Jonathan Clarke http://ltb-project.org/wiki/documentation/cacti-plugins/openldap_operations?rev=1282484682&do=diff Presentation This Cacti script displays the number of initiated LDAP operations on an OpenLDAP server: * abandon * bind * unbind * compare * search * add * delete * modify * modrdn * extended It uses statistics collected in OpenLDAP Monitor backend (cn=monitor). text/html 2010-08-22T15:42:34+02:00 Jonathan Clarke http://ltb-project.org/wiki/documentation/cacti-plugins/ldap_response_time?rev=1282484554&do=diff Presentation This Cacti script measures LDAP response times on 3 operations: * A bind * A search on the RootDSE * A search on a naming context Here is a generated graph example: Download This plugin, along with all other Cacti plugins from this site, can be downloaded in a single archive. text/html 2010-08-22T15:39:19+02:00 Jonathan Clarke http://ltb-project.org/wiki/documentation/nagios-plugins/restart_slapd?rev=1282484359&do=diff Presentation The script restart_slapd.sh is an event handler designed for Nagios. It restart OpenLDAP if the service is CRITICAL in HARD state. OpenLDAP is killed with force if a normal kill takes too much time. Warning: this script requires root privileges, because it uses the kill command. You have to run Nagios as root or set a SUID bit on the script. text/html 2010-08-22T15:38:55+02:00 Jonathan Clarke http://ltb-project.org/wiki/documentation/nagios-plugins/check_ldap_query?rev=1282484335&do=diff Presentation This Nagios plugin counts entries returned by an LDAP search. You can configure base, filter and scope of the search. Configuration Required Perl modules: * Net::LDAP * Getopt::Std * File::Basename Usage $ perl check_ldap_query.pl -H hostname [-p port] [-D binddn -W bindpw] -F filter -b base -s scope text/html 2010-08-22T15:38:33+02:00 Jonathan Clarke http://ltb-project.org/wiki/documentation/nagios-plugins/check_ldap_slurpd_status?rev=1282484313&do=diff Presentation This Nagios plugin check sluprd (OpenLDAP replication dameon) status. It must be run on the sluprd physical server to access to slurpd files. Use check_by_ssh or NRPE to integrate it in Nagios. Replicated entries can be in four states: text/html 2010-08-22T15:37:14+02:00 Jonathan Clarke http://ltb-project.org/wiki/documentation/nagios-plugins/check_ldap_time?rev=1282484234&do=diff Presentation This Nagios plugin checks the response time of an LDAP directory. To get a sharper time measure, the script use threads and returns a mean. Configuration Required Perl modules: * Net::LDAP * Getopt::Std * Time::HiRes * threads text/html 2010-08-22T15:37:02+02:00 Jonathan Clarke http://ltb-project.org/wiki/documentation/nagios-plugins/check_ldap_dn?rev=1282484222&do=diff Presentation This Nagios plugin checks if a given entry is present in an LDAP directory. It does a simple search with the entry DN as base value, and base as scope value. Configuration Required Perl modules: * Net::LDAP * Getopt::Std Edit the script to modify some default parameters: text/html 2010-08-22T15:36:48+02:00 Jonathan Clarke http://ltb-project.org/wiki/documentation/nagios-plugins/check_ldap_syncrepl_status?rev=1282484208&do=diff Presentation This Nagios script checks syncrepl status. Syncrepl has replaced slurpd in OpenLDAP for data replication. It should be implemented in other Open Source LDAP directories. No temporary files are used to check the state of the replication, just cookies with timestamps (the contextCSN attribute). The script will read the status cookies of the LDAP servers and display if they are in sync or not.