Home Explore Help
Sign In
Comsolve
/
Checkmk-Development
1
0
Fork 0
Files Issues 0
Branch: master
Branches Tags
Checkmk-Develop...
/
plugins
/
edirectory_monitor
/
libexec
/
agent_edirectory_monitor

agent_edirectory_monitor 6.2 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169 
  1. #!/usr/bin/env python3
    2. 

  2. '''special agent call file
    3. 

  3. 

  4. Set the environment variable ``LDAP_VERIFY_TLS=1`` or pass ``--verify-tls``
    5. 

  5. to enforce TLS certificate verification.
    6. 

  6. '''
    7. 

  7. # -*- mode: Python; encoding: utf-8; indent-offset: 4; autowrap: nil -*-
    8. 

  8. 

  9. # (c) Michael Honkoop <mhonkoop@comsolve.nl>
    10. 

  10. 

  11. # License: GNU General Public License v2
    12. 

  12. 

  13. import os
    14. 

  14. import argparse
    15. 

  15. import sys
    16. 

  16. import ldap
    17. 

  17. from cmk_addons.plugins.edirectory_monitor.lib import (
    18. 

  18.     print_sections,
    19. 

  19. )
    20. 

  20. 

  21. # possible subsections of cn=Monitor
    22. 

  22. monitor_sections = [
    23. 

  23.     "Agent",
    24. 

  24.     "Dclient",
    25. 

  25.     "DHOST",
    26. 

  26.     "LDAP",
    27. 

  27.     "RecordManager",
    28. 

  28.     "IDM",
    29. 

  29. ]
    30. 

  30. 

  31. def main():
    32. 

  32.     def parse_exclude_list(value):
    33. 

  33.     # Split by comma, strip whitespace, remove empty items
    34. 

  34.         return [item.strip() for item in value.split(',') if item.strip()]
    35. 

  35. 

  36.     parser = argparse.ArgumentParser()
    37. 

  37.     parser.add_argument('-s', '--server', required=True, help='Server URI (required)')
    38. 

  38.     parser.add_argument('-u', '--user', required=True, help='Username (required)')
    39. 

  39.     parser.add_argument('-p', '--password', required=True, help='Password (required)')
    40. 

  40.     parser.add_argument('--exclude', type=parse_exclude_list, help='Excluded section(s) comma separated (optional)')
    41. 

  41.     parser.add_argument('--verify-tls', '--verify-tls', action='store_true', help='Enforce certificate validation (optional)')
    42. 

  42. 

  43.     args = parser.parse_args()
    44. 

  44.     print(args)
    45. 

  45.     exclude_sections = []
    46. 

  46.     if args.exclude is not None:
    47. 

  47.         # Split the value by commas
    48. 

  48.         exclude_sections = args.exclude
    49. 

  49.     else:
    50. 

  50.         exclude_sections = None
    51. 

  51. 

  52.     if args.verify_tls is not None:
    53. 

  53.         verify_tls = True
    54. 

  54.     else:
    55. 

  55.         verify_tls = False
    56. 

  56.             
    57. 

  57.     env_verify = os.environ.get("LDAP_VERIFY_TLS", "").lower()
    58. 

  58.     if env_verify in ("1", "true", "yes"):
    59. 

  59.         verify_tls = True
    60. 

  60.        
    61. 

  61.     ldap_uri = args.server
    62. 

  62.     binddn = args.user 
    63. 

  63.     pw = args.password
    64. 

  64.     basedn = "cn=Monitor"
    65. 

  65.     searchFilter = "(objectClass=*)"
    66. 

  66.     searchAttribute = ["*"]
    67. 

  67.     searchScope = ldap.SCOPE_SUBTREE
    68. 

  68. 

  69.     l = None
    70. 

  70.     try:
    71. 

  71.         if verify_tls:
    72. 

  72.             ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND)
    73. 

  73.         else:
    74. 

  74.             ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
    75. 

  75.         # set timeout to 40 seconds for network
    76. 

  76.         ldap.set_option(ldap.OPT_NETWORK_TIMEOUT, 40)
    77. 

  77.         # Create LDAPObject instance with given uri
    78. 

  78.         l = ldap.initialize(ldap_uri)
    79. 

  79.         # Set LDAP protocol version used
    80. 

  80.         l.protocol_version = ldap.VERSION3
    81. 

  81. 

  82.         try:
    83. 

  83.             # Attempt to bind with given credentials
    84. 

  84.             l.simple_bind_s(binddn, pw)
    85. 

  85.             
    86. 

  86.             if exclude_sections is None:
    87. 

  87.                 ldap_result_id = l.search(basedn, searchScope, searchFilter, searchAttribute)
    88. 

  88. 

  89.                 result_set = []
    90. 

  90. 

  91.                 while True:
    92. 

  92.                     result_type, result_data = l.result(ldap_result_id, 0, timeout=40)
    93. 

  93.                     if (result_data == []):
    94. 

  94.                         break
    95. 

  95.                     elif result_type == ldap.RES_SEARCH_ENTRY:
    96. 

  96.                         result_set.append(result_data)
    97. 

  97.             else:
    98. 

  98.                 result_set = []
    99. 

  99. 

  100.                 for entry in monitor_sections:
    101. 

  101.                     if entry.lower() in exclude_sections:
    102. 

  102.                         continue
    103. 

  103.                     else:
    104. 

  104.                         ldap_result_id = l.search("cn=" + entry + "," + basedn, searchScope, searchFilter, searchAttribute)
    105. 

  105. 

  106.                         while True:
    107. 

  107.                             result_type, result_data = l.result(ldap_result_id, 0, timeout=40)
    108. 

  108.                             if (result_data == []):
    109. 

  109.                                 break
    110. 

  110.                             elif result_type == ldap.RES_SEARCH_ENTRY:
    111. 

  111.                                 result_set.append(result_data)
    112. 

  112.                                 
    113. 

  113.             print('<<<edirectory_monitor_agent:sep(124)>>>')
    114. 

  114.             for i in range(len(result_set)):
    115. 

  115.                 for val in result_set[i]:
    116. 

  116.                     for element in val:
    117. 

  117.                         if "cn=Agent" in element:
    118. 

  118.                             print_sections(result_set[i])
    119. 

  119.             print('<<<edirectory_monitor_dclient:sep(124)>>>')
    120. 

  120.             for i in range(len(result_set)):
    121. 

  121.                 for val in result_set[i]:
    122. 

  122.                     for element in val:
    123. 

  123.                         if "cn=Dclient" in element:
    124. 

  124.                             print_sections(result_set[i])
    125. 

  125.             print('<<<edirectory_monitor_dhost:sep(124)>>>')
    126. 

  126.             for i in range(len(result_set)):
    127. 

  127.                 for val in result_set[i]:
    128. 

  128.                     for element in val:
    129. 

  129.                         if "cn=DHOST" in element:
    130. 

  130.                             print_sections(result_set[i])
    131. 

  131.             print('<<<edirectory_monitor_ldap:sep(124)>>>')
    132. 

  132.             for i in range(len(result_set)):
    133. 

  133.                 for val in result_set[i]:
    134. 

  134.                     for element in val:
    135. 

  135.                         if "cn=LDAP" in element:
    136. 

  136.                             print_sections(result_set[i])
    137. 

  137.             print('<<<edirectory_monitor_recordmanager:sep(124)>>>')
    138. 

  138.             for i in range(len(result_set)):
    139. 

  139.                 for val in result_set[i]:
    140. 

  140.                     for element in val:
    141. 

  141.                         if "cn=RecordManager" in element:
    142. 

  142.                             print_sections(result_set[i])
    143. 

  143.             print('<<<edirectory_monitor_idm:sep(124)>>>')
    144. 

  144.             for i in range(len(result_set)):
    145. 

  145.                 for val in result_set[i]:
    146. 

  146.                     for element in val:
    147. 

  147.                         if "cn=IDM" in element:
    148. 

  148.                             print_sections(result_set[i])
    149. 

  149. 

  150.         except ldap.INVALID_CREDENTIALS as e:
    151. 

  151.             print(f"Authentication to the LDAP host has failed: {e}")
    152. 

  152.             return print(f"Authentication to the LDAP host has failed: {e}")
    153. 

  153.         
    154. 

  154.         except ldap.LDAPError as e:
    155. 

  155.             print(f"LDAP error during bind/search: {e}")
    156. 

  156.             return print(f"LDAP error during bind/search: {e}")
    157. 

  157.         
    158. 

  158.     except ldap.LDAPError as e:
    159. 

  159.         print(f"Failed to initialize LDAP connection: {e}")
    160. 

  160.         return print(f"Failed to initialize LDAP connection: {e}")
    161. 

  161.     finally:
    162. 

  162.         if l is not None:
    163. 

  163.             try:
    164. 

  164.                 l.unbind_s()
    165. 

  165.             except ldap.LDAPError:
    166. 

  166.                 pass
    167. 

  167. 

  168. if __name__ == "__main__":
    169. 

  169.     main()
    170.