[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: How to check LDAP replication status?

To: Gavin Henry <ghenry@suretecsystems.com>, Paul Harvey <pharvey@cern.ch>
Subject: RE: How to check LDAP replication status?
From: "Mackey, Theral" <tmackey@zetta.net>
Date: Thu, 5 Aug 2010 19:38:16 +0000
Accept-language: en-US
Acceptlanguage: en-US
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Content-language: en-US
In-reply-to: <20247582.59.1280233379054.JavaMail.root@mail>
References: <4C4DBF3A.8010502@OpenLDAP.org> <20247582.59.1280233379054.JavaMail.root@mail>
Thread-index: Acsthu6zZtQSVu5rReqVvzUn7dyEkAHR5nLQ
Thread-topic: How to check LDAP replication status?

> -----Original Message-----
> From: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-
> technical-bounces@OpenLDAP.org] On Behalf Of Gavin Henry
> Sent: Tuesday, July 27, 2010 5:23 AM
> To: Paul Harvey
> Cc: openldap-technical@openldap.org
> Subject: Re: How to check LDAP replication status?
> 
> On 22/07/10 13:55, Paul Harvey wrote:
> > On 07/22/2010 02:34 PM, Priyesh Potdar wrote:
> >>
> > Precisely what i was after, thanks.
> >
> > Is there any way to manually create a hidden entry, in a similar
> style
> > to the contextCSN, or would this require the an overlay to be
> written?
> 
> That's what the contextCSN is for. Just ldapsearch for it and if they
> match, they are up to date:
> 
> http://blog.suretecsystems.com/archives/146-OpenLDAP-Quick-Tips-
> Checking-the-state-of-replication.html
> 
> I really need to start those "Quick Tips" up again!
> 
> If anyone wants to contribute some?
> 

That’s a simple passive check, which will detect failure after it happens (ie: after you update something important and it fails). This is fine if you frequently make updates, but our tree rarely changes. To actively check that the replication is still on-going we setup a script called from cron and a simple ldapsearch plugin for nagios:

#!/bin/bash

SERVER=$1
CHECKNUM=$2
DATE=`date +%s`

ldapmodify -x -H "ldaps://$SERVER" -D "cn=nagcheck${CHECKNUM},dc=example,dc=com" -w 'SECRET' <<EODD
dn: cn=nagcheck${CHECKNUM},dc=example,dc=com
changetype: modify
replace: description
description: $DATE

EODD

And to check:

for NUM in 1 2 ; do
  RES=`ldapsearch -x -LLL -H "ldaps://$ldapserver" -b 'dc=example,dc=com' "(cn=nagcheck${NUM})" description 2>&1`
  TS=`echo ${RES} | grep description | sed -e 's/[^0-9]//g'`
  if [[ -z $TS ]] ; then FAIL="$FAIL Check ${NUM} ${RES}. " ; continue ; fi
  if [[ ! $TS -gt 0 ]] ; then FAIL="$FAIL Check ${NUM} ${RES} malformed answer. " ; continue ; fi
  if [[ $((${CURDATE}-${TS})) -gt $MAXTIME ]] || [[ $((${CURDATE}-${TS})) -lt $MAXTIME ]]  ; then EXCEED="$EXCEED Check ${NUM} $((${CURDATE}-${TS}))s." ; fi
done

<error reporting stuff here...mostly echoing vars and exit 2 for nagios>

It’s a bit more complex but should find failure before something important (employee termination?) doesn’t sync somewhere, and gives us more detail than a mismatched CSN. The checks could be tweaked a bit for better reporting...


-T

Prev by Date: RE: Back-ldap and Nssov
Next by Date: Re: can't get slapd to do pass-through authentication
Index(es):
- Chronological
- Thread