<html>
<head>
<style>
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
FONT-SIZE: 10pt;
FONT-FAMILY:Tahoma
}
</style>
</head>
<body class='hmmessage'><div style="text-align: left;">Package: nagios-plugins-standard<br>Version: 1.4.10-1<br>Severity: wishlist<br><br>This is probably something to kick upstream.<br><br>Serverside: slapd 2.4.7-3 with TLS (not ldaps) enabled. It's running on a VM with a hostname of 'utilserver.domain.org', and its SSL cert has a CN of 'utilserver', since usually only internal users interact with it.<br><br>$ /usr/lib/nagios/plugins/check_ldap -T -H utilserver -b `grep BASE /etc/ldap/ldap.conf| awk '{print $2}'`<br>LDAP OK - 0.041 seconds response time|time=0.040605s;;;0.000000<br>$ host utilserver<br>utilserver.domain.org has address 192.168.20.20<br>$ /usr/lib/nagios/plugins/check_ldap -T -H 192.168.20.20 -b `grep BASE /etc/ldap/ldap.conf| awk '{print $2}'`<br>
Could not init startTLS at port 389!<br>
$ /usr/lib/nagios/plugins/check_ldap -T -H utilserver.domain.org -b `grep BASE /etc/ldap/ldap.conf| awk '{print $2}'`<br>
Could not init startTLS at port 389!<br>
<br>It appears (though I haven't confirmed since my C-fu is weak) that the -T flag co-opts the hostname as specified in the -H and uses that in its TLS handshake. But that overload is not always good: my nagios checks, which use the FQDN, fail.<br><br>Suggestion:<br>-T is currently a boolean flag. How about -T [optional hostname for certificate handshake if -H isn't good enough]? I can't think of anything else you might want after -T, myself.<br><br>Thanks!<br></div><br /><hr />Connect and share in new ways with Windows Live. <a href='http://www.windowslive.com/share.html?ocid=TXT_TAGHM_Wave2_sharelife_012008' target='_new'>Get it now!</a></body>
</html>