diff --git a/doc/7-icinga-template-library.md b/doc/7-icinga-template-library.md index 2a8bb43c6..6b0ea3d4b 100644 --- a/doc/7-icinga-template-library.md +++ b/doc/7-icinga-template-library.md @@ -437,13 +437,18 @@ Name | Description ----------------|-------------- ldap_address | **Optional.** Host name, IP Address, or unix socket (must be an absolute path). Defaults to "$address$" if the host's `address` attribute is set, "$address6$" otherwise. ldap_port | **Optional.** Port number. Defaults to 389. +ldap_attr | **Optional.** LDAP attribute to search for (default: "(objectclass=*)" ldap_base | **Required.** LDAP base (eg. ou=myunit,o=myorg,c=at). ldap_bind | **Optional.** LDAP bind DN (if required). ldap_pass | **Optional.** LDAP password (if required). ldap_starttls | **Optional.** Use STARTSSL mechanism introduced in protocol version 3. -ldap_ssl | **Optional.** Use LDAPS. This also sets the default port to 636. -ldap_v3 | **Optional.** Use LDAP protocol version 3 (default protocol version: 2) - +ldap_ssl | **Optional.** Use LDAPS (LDAP v2 SSL method). This also sets the default port to 636. +ldap_v2 | **Optional.** Use LDAP protocol version 2 (enabled by default). +ldap_v3 | **Optional.** Use LDAP protocol version 3 (disabled by default) +ldap_warning | **Optional.** Response time to result in warning status (seconds). +ldap_critical | **Optional.** Response time to result in critical status (seconds). +ldap_timeout | **Optional.** Seconds before connection times out (default: 10). +ldap_verbose | **Optional.** Show details for command-line debugging (disabled by default) ## load diff --git a/itl/command-plugins.conf b/itl/command-plugins.conf index 96c8a7272..b91269fd8 100644 --- a/itl/command-plugins.conf +++ b/itl/command-plugins.conf @@ -1245,32 +1245,73 @@ object CheckCommand "ldap" { import "plugin-check-command" import "ipv4-or-ipv6" - command = [ - PluginDir + "/check_ldap", - "-H", "$ldap_address$", - "-b", "$ldap_base$" - ] + command = [ PluginDir + "/check_ldap" ] arguments = { - "-p" = "$ldap_port$" - "-a" = "$ldap_attr$" - "-D" = "$ldap_bind$" - "-P" = "$ldap_pass$" + "-H" = { + value = "$ldap_address$" + description = "Host name, IP Address, or unix socket (must be an absolute path)" + } + "-p" = { + value = "$ldap_port$" + description = "Port number (default: 389)" + } + "-a" = { + value = "$ldap_attr$" + description = "ldap attribute to search (default: \"(objectclass=*)\"" + } + "-b" = { + value = "$ldap_base$" + required = true + description = "ldap base (eg. ou=my unit, o=my org, c=at" + } + "-D" = { + value = "$ldap_bind$" + description = "ldap bind DN (if required)" + } + "-P" = { + value = "$ldap_pass$" + description = "ldap password (if required)" + } "-T" = { set_if = "$ldap_starttls$" - description = "Use STARTTLS mechanism" + description = "use starttls mechanism introduced in protocol version 3" } "-S" = { set_if = "$ldap_ssl$" - description = "Use LDAPS. This also sets the default port to 636" + description = "use ldaps (ldap v2 ssl method). this also sets the default port to 636" + } + "-2" = { + set_if = "$ldap_v2$" + description = "Use LDAP protocol version 2" } "-3" = { set_if = "$ldap_v3$" description = "Use LDAP protocol version 3" } + "-w" = { + value = "$ldap_warning$" + description = "Response time to result in warning status (seconds)" + } + "-c" = { + value = "$ldap_critical$" + description = "Response time to result in critical status (seconds)" + } + "-t" = { + value = "$ldap_timeout$" + description = "Seconds before connection times out (default: 10)" + } + "-v" = { + set_if = "$ldap_verbose$" + description = "Show details for command-line debugging" + } } - vars.ldap_address = "$check_address$" + vars.ldap_address = "$check_address$" + vars.ldap_v2 = true + vars.ldap_v3 = false + vars.ldap_timeout = 10s + vars.ldap_verbose = false } /* Contrib plugins */