This file is indexed.

/usr/lib/mon/mon.d/ldap.monitor is in mon 1.2.0-9.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
#!/usr/bin/perl
#
# This script will search an LDAP server for objects that match the -filter
# option, starting at the DN given by the -basedn option. Each DN found must
# contain the attribute given by the -attribute option and the attribute's
# value must match the value given by the -value option.  Servers are given on
# the command line. At least one server must be specified.

# This script use the Net::LDAP, which uses some LDAP libraries like those
# from UMich, Netscape, or ISODE.
#
# Porting to LDAP (from LDAPapi) by Thomas Quinot <thomas@cuivre.fr.eu.org>,
# 1999-09-20.

# Copyright (C) 1998, David Eckelkamp <davide@tradewave.com>
#
#    This program is free software; you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation; either version 2 of the License, or
#    (at your option) any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with this program; if not, write to the Free Software
#    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
#
#
# $Id: ldap.monitor,v 1.1.1.1 2004/06/09 05:18:04 trockij Exp $
#

use Net::LDAP;
use Getopt::Long;

# Here are the default values for the things you can specify via options
$LDAPPort = 389;
$BaseDN   = "o=Your Org, c=US";
$Filter   = "cn=Directory Admin";
$Attribute = "objectClass";
$Value    = "YourValue";
$verbose = 0;

@errs = ();

%OptVars = ("port"   => \$LDAPPort,
	    "basedn" => \$BaseDN,
	    "filter" => \$Filter,
	    "attribute" => \$Attribute,
	    "value"  => \$Value,
	    "verbose" => \$verbose);

if (!GetOptions(\%OptVars,
		"port=i", "basedn=s", "filter=s",
		"attribute=s", "value=s", "verbose")) {
    print "Problems with Options, sorry.\n";
    exit 1;
}

# There has to be at least one argument left, the ldap server to query.
if ($#ARGV < 0) {
    print "$0: Insufficient arguments. There must be at least 1 server to query\n";
    exit 1;
}

# Loop through all the server given on the command line.
$ErrCnt = 0;
foreach $LDAPHost (@ARGV) {

    # Open the connection to the server and do a simple, anonymous bind
    unless ($ldap = Net::LDAP->new($LDAPHost, port => $LDAPPort)) {
	push(@FailedHosts, "$LDAPHost:$LDAPPort");
	push(@errs, "ldap_init Failed: host=$LDAPHost:$LDAPPort: $!");
	$ErrCnt++;
	next;
    }

    unless ($ldap->bind) {
	$ErrCnt++;
	push(@FailedHosts, "$LDAPHost:$LDAPPort");
	#ldap_perror($ldap, "ldap bind failed: host=$LDAPHost:$LDAPPort\n");
	push(@errs, "ldap bind failed: host=$LDAPHost:$LDAPPort");
	next;
    }

    unless ($mesg = $ldap->search(base => $BaseDN, filter => $Filter)) {
	my($errnd, $extramsg, $err);
	push(@errs, "$LDAPHost " . $mesg->error);
	$ldap->unbind;
	push(@FailedHosts, "$LDAPHost:$LDAPPort");
	$ErrCnt++;
	next;
    }

    $nentries = 0;
    foreach $entry ($mesg->entries) {
        my $dn = $entry->dn;
	$nentries++;
        foreach $attr ($entry->attributes) {
            $record{$dn}->{$attr} = [$entry->get ($attr)];
        }
    }

    $ldap->unbind;

    if ($nentries == 0) {
	push(@errs, "$LDAPHost returned no entries");
	push(@FailedHosts, "$LDAPHost:$LDAPPort");
	$ErrCnt++;
	next;
    }

    # Analyze results.

    # Step 1 is to loop through all DNs returned from the search.
    print "Looking for $Attribute=$Value\n" if $verbose;
    foreach $dn (sort keys %record) {
	print "checking object $dn\n" if $verbose;
	# Loop through the attributes for this DN
	$attrFound = 0;
	$goodVal = 0;
	foreach $attr (keys %{$record{$dn}}) {
	    print "  checking attr=$attr\n" if $verbose;
	    next unless ($attr eq $Attribute);
	    $attrFound++;
	    print "  found correct attribute\n" if $verbose;
	    # Each value could be/is an array so search the array
	    foreach $val (@{$record{$dn}{$attr}}) {
		print "    checking val = $val\n" if $verbose;
		next unless ($val eq $Value);
		$goodVal++;
		print "    found correct value\n" if $verbose;
		last;
	    }
	    last if ($goodVal);
	}
	if (!$attrFound || !$goodVal) {
	    print "For object $dn:\n";
	}
	if (!$attrFound) {
	    $ErrCnt++;
	    push(@errs,"Could not find Attribute \"$Attribute\" for DN=$dn");
	    push(@FailedHosts, "$LDAPHost:$LDAPPort");
	} elsif (!$goodVal) {
	    $ErrCnt++;
	    push(@errs, "Value \"$Value\" not found for Attribute \"$Attribute\"");
	    push(@FailedHosts, "$LDAPHost:$LDAPPort");
	}
    }
}
if ($ErrCnt > 0) {
    print join (" ", sort @FailedHosts), "\n";
    print join("\n", @errs), "\n";
}
exit $ErrCnt;