[Pkg-nagios-devel] Bug#730471: check_ldaps actually tries STARTTLS

Daniel Pocock daniel at pocock.com.au
Mon Nov 25 11:24:29 UTC 2013

Package: nagios-plugins-standard
Version: 1.4.16-1

Consider the following:

# /usr/lib/nagios/plugins/check_ldaps -H ldap -b dc=example,dc=org
Could not init startTLS at port 389!

It is actually trying to do STARTTLS on port 389 - that is not the same
as ldaps

The name "check_ldaps" implies ldaps://

ldaps is not STARTTLS,

- ldaps is an SSL encrypted session from the beginning (STARTTLS implies
enabled encryption after some initial LDAP handshaking)

- it should default to port 636

Manually forcing it like this makes it work (also see bug 730470 which
requires a workaround to really make this work):

/usr/lib/nagios/plugins/check_ldaps -H ldap -b dc=example,dc=org -p 636 -3

More information about the Pkg-nagios-devel mailing list