we have a problem with the active LDAP check to monitor our LDAP Servers
CMK version: 2.2.0p21 CEE OS version: Appliance
Error message:
It seems like the active LDAP check is escaping special characters in the password field.
I’ve tried it with an entry in the password store and later with the explicit password.
f.e. the password is Pass!Word
When im doing the check on commandline everything is working fine
But in checkmk i still got the error “Could not bin to the LDAP Server”. So i’ve check the service check command:
./check_ldap -H '$HOSTADDRESS$' -b CN=User,OU=LDAP,OU=FirstOu,DC=DC1,DC=ROOT -a '(objectclass=*)' -D CN=LDAP-User,OU=LDAP,OU=FirstOu,DC=DC1,DC=ROOT -P 'Pass\!Word' -p 636 -2 --ssl
Could not bind to the LDAP server
I’ve already tried to copy the escaped password Pass!Word to the password field which result to Pass\!Word
@Fabse91 can you confirm, that Checkmk 2.3 behaves different, as @Virus2500 suggests?
If so, that would be your solution. If not, I would recommend giving the monitoring user a password without this kind of special character. As the user should be dedicated for monitoring and have no high permissions in your LDAP, this should be a rather accessible workaround.
Just as a side note: The exclamation mark ! can be a real PITA in bash because it is used for history expansion. On the commandline you can type something like
$ !-2 # run the last but one command from the history
$ !! # repeat the last command
$ !ls # repeat the last command that started with 'ls'
The problem is that the ! must be escaped (at least sometimes ) if it occurs in strings and the syntax itself is hard to remember. And it can lead to surprising results:
$ echo "what !!"
echo "what echo "what !""
what echo what !
Good news is that this behaviour can be turned off completely with set +H.
Maybe try to put that in the site user’s .profile?
Hi, i will check if i’s possible with 2.3 - but i can not test the upgrade in the next weeks.
Changing the LDAP Password is not possible from my site, but i’ve asked the responsibles (hopefully they will not come with password complexity policy)