zoukankan      html  css  js  c++  java
  • Custom LDAP Monitor Does Not Work

    Custom LDAP Monitor Does Not Work

    https://www.poppelgaard.com/netscaler-case-study-custom-ldap-monitor-does-not-work

    Problem Definition

    A customer tried to configure custom LDAP monitor, but the monitor failed after it was bound to a load balancing service.

    Troubleshooting Steps

    The Technical Support Engineers used the nsumon-debug.pl script from the /nsconfig/monitors directory:

    root@NS# cd /nsconfig/monitors
    root@NS# ls -ltr
    total 68
    -r-xr-xr-x 1 root wheel 8784 Dec 21 06:08 nswi.pl
    -r-xr-xr-x 1 root wheel 2517 Dec 21 06:08 nsumon-debug.pl
    -r-xr-xr-x 1 root wheel 3184 Dec 21 06:08 nssnmp.pl
    -r-xr-xr-x 1 root wheel 1453 Dec 21 06:08 nssmtp.pl
    -r-xr-xr-x 1 root wheel 2509 Dec 21 06:08 nsrdp.pl
    -r-xr-xr-x 1 root wheel 2392 Dec 21 06:08 nspop3.pl
    -r-xr-xr-x 1 root wheel 3742 Dec 21 06:08 nsntlm-lwp.pl
    -r-xr-xr-x 1 root wheel 2769 Dec 21 06:08 nsnntp.pl
    -r-xr-xr-x 1 root wheel 2979 Dec 21 06:08 nsmysql.pl
    -r-xr-xr-x 1 root wheel 3113 Dec 21 06:08 nsftp.pl
    -r-xr-xr-x 1 root wheel 14010 Dec 21 06:08 nsall.pl
    drwxr-xr-x 3 root wheel 512 Feb 1 07:18 perl_mod
    -r-xr-xr-x 1 root wheel 3793 Feb 29 19:54 nsldaps.pl
    -r-xr-xr-x 1 root wheel 3860 Mar 1 01:45 nsldap.pl

    With the nsumon-debug.pl script, the engineers set the argument provided in the LDAP Monitor Base DN, Bind DN, and password along with the LDAP IP address and port number.

    root@NS7039# nsumon-debug.pl nsldap.pl 10.217.130.120 389 3 “base=cn=users,dc=company,dc=com;bdn=cn=admin,cn=users,dc=company,dc=com;password=xxxxx”
    nsldap.pl syntax OK
    0

    root@NS# nsumon-debug.pl nsldaps.pl 10.217.130.120 636 3 “base=cn=users,dc=company,dc=com;bdn=cn=admin,cn=users,dc=company,dc=com;password=xxxxx”
    nsldaps.pl syntax OK
    0

    The engineers used the following syntax when the LDAP argument had a filter or object:

    root@NS7039# nsumon-debug.pl nsldap.pl 10.217.130.120 389 3 “base=cn=users,dc=company,dc=com;bdn=cn=admin,cn=users,dc=company,dc=com;password=xxxxx; filter=objectclass=*;attribute=objectclass”
    nsldap.pl syntax OK
    0

    root@NS# nsumon-debug.pl nsldaps.pl 10.217.130.120 636 3 “base=cn=users,dc=company,dc=com;bdn=cn=admin,cn=users,dc=company,dc=com;password=xxxxx; filter=objectclass=*;attribute=objectclass”
    nsldaps.pl syntax OK
    0

    The listed nsumon-debug.pl scripts were successful. If there were any failures, then the exit reason for nsumon-debug.pl output appears as follows:

    root@NS93ncVPX# nsumon-debug.pl nsldaps.pl 10.217.130.120 636 3 ” base=cn=users,dc=company,dc=com;bdn=cn=admin,cn=users,dc=company,dc=com;password=xxxxx”
    nsldaps.pl syntax OK
    1,Failed to bind to server – Connection reset by peer

    root@NS93ncVPX# nsumon-debug.pl nsldap.pl 10.217.130.120 389 3 ” base=cn=users,dc=company,dc=com;bdn=cn=admin,cn=users,dc=company,dc=com;password=xxxxx”
    nsldap.pl syntax OK
    1,Failed to bind to server – Connection reset by peer

    The other error messages or exit reasons could include invalid argument, or broken pipe.

    The engineers also verified if LDAP was configured for client authentication that is they verified the LDAP policy.

    The engineers also verified if LDAP required any client certificate to connect.

    By default, the nsldap.pl script uses only dase, bdn, and password as argument and does not use any certificate to connect to the LDAP. The nsldap.pl script uses the parameter provided as an argument. If the LDAP is expecting a certificate, then certificate must be passed as an argument to the script. Currently, the script does not support a custom argument.

    Resolution

    To resolve this issue the engineers created a USER monitor instead of LDAP monitor, as shown in the following screen shots:

    The engineers bound the user monitor to the load balancing Service.

  • 相关阅读:
    了解一些常用的牛逼编译器(不限制编程语言, 不限制平台)
    Linux下的常用文本编辑器
    linux下一些重要命令的了解
    linux学习笔记(二:权限)
    liunx学习笔记(一:常用命令)
    文件操作相关的函数总结
    关于动态内存malloc和realloc
    实现一个简易的通讯录
    qsort函数排序各种类型的数据。
    结构体总结
  • 原文地址:https://www.cnblogs.com/lsgxeva/p/9220585.html
Copyright © 2011-2022 走看看