[hobbit] setting up ldaps

Henrik Stoerner henrik at hswn.dk
Thu Feb 7 21:59:12 CET 2008


On Thu, Feb 07, 2008 at 03:45:08PM -0500, McGraw, Robert P wrote:
> I want to monitor our ldaps servers and also want to get the ssl certificate
> notification.
> 
> In the bb.host file I have set the following.
> 
> 	ldap://ldaphost.math.purdue.edu/ - returns green
> 	ldaps://ldaphost.math.purdue.edu/ - returns failed
> 
> I am trying to track down why ldaps is failing. 

SSL-encrypted ldap - ldaps - is rather non-standard, there are at least
two different implementations of it.

If your ldaps service has a specific port assigned to it - different
from the normal un-encrypted ldap service - then you can just use
"ldaps" (no URI behind it) to check the SSL certificate and that the
port is open. With the ldap URI Hobbit uses the OpenLDAP method (really
the "starttls" LDAP protocol method) - unfortunately, this method hides
the LDAP server certificate so it cannot be checked.


Regards,
Henrik




More information about the Xymon mailing list