[Pkg-nagios-devel] Bug#425137: Bug#425137: check_ldap fails to report actual LDAP errors

Josip Rodin joy at debbugs.entuzijast.net
Thu Oct 15 20:27:14 UTC 2009

On Thu, Oct 15, 2009 at 09:46:28PM +0200, Jan Wagner wrote:
> > Now, why didn't check_ldap communicate that? Because it has this
> > in the code (plugins/check_ldap.c):
> > 
> >         /* bind to the ldap server */
> >         if (ldap_bind_s (ld, ld_binddn, ld_passwd, LDAP_AUTH_SIMPLE) !=
> >                         LDAP_SUCCESS) {
> >                 /*ldap_perror(ld, "ldap_bind"); */
> >                 printf (_("Could not bind to the ldap-server\n"));
> >                 return STATE_CRITICAL;
> >         }
> > 
> > How hard was it to put that ldap_perror() string in the printf'ed
> > error message? :(
> > 
> > A quick grep for ldap_perror shows that there are other occurences of the
> > same problem in the same file.
> looking into the actual code and into the git tree, indicates, that there 
> should be changes about this issue. With 1.4.10 should be introduced[1] a 
> verbose option, which looks like what you want. Can you please have a look 
> into it and give feedback.

Thanks for the hint.

On the face of it, it looks better. But, it actually seems to be have been
done a bit sloppy once again - the plug-in development guidelines
http://nagiosplug.sourceforge.net/developer-guidelines.html#AEN39 say that
multi-line output needs to be made only when the verbose option is set to
>= 2.

I believe also that the BCP is to add extra information in the lines *after*
the first single-line summary, not before it.

As for the Debian bug, it's also relevant that the -v option is not used
in any of the command definitions in the default
/etc/nagios-plugins/config/ldap.cfg that is shipped with the package
(at least in the lenny version that I'm looking at now).

FWIW I still think that actual LDAP error info belongs to the summary line,
or at least that the package config should default to what is defined as
-v 1 or better. People who don't want any extra info can always skip long
output by using only $HOSTOUTPUT$/$SERVICEOUTPUT$ in the notification

     2. That which causes joy or happiness.

More information about the Pkg-nagios-devel mailing list