Nagios plugin to report LDAP users locked by the ppolicy overlay
Project description
check_ldap_ppolicy_lockout
Overview
This is Nagios plugin to check for LDAP accounts, which have been locked by the ppolicy overlay due to too many failed login attempts.
Installation
Best install the plugin in a virtual environment, e.g.:
python -m venv /usr/local/lib/check_ldap_ppolicy_lockout
. /usr/local/lib/check_ldap_ppolicy_lockout/bin/activate
pip install check_ldap_ppolicy_lockout
ln -s $(which check_ldap_ppolicy_lockout) /usr/lib/nagios/plugins/check_ldap_ppolicy_lockout
Configuration
Configuration is loaded from ~/.check_ldap_ppolicy_lockout.yaml
or as fallback from /etc/check_ldap_ppolicy_lockout.yaml. This
behaviour may be overruled via the -f command line option.
The following parameters are supported with the defaults shown
for the optional parameters:
alarms:
warning: 1
critical: 5
expire_seconds: 600
ldap:
uri: ldap://localhost # Required
binddn: cn=nagios,ou=services,dc=example,dc=com # Required
bindpw: xxx # Required
tls: true
tls_ca_file: /etc/ssl/certs/ldap_ca.crt # Required if ldap.tls is true
users_base_dn: ou=users,dc=example,dc=com # Required
Usage
usage: check_ldap_ppolicy_lockout [-h] [-f CONFIG_FILE] [-w WARNING] [-c CRITICAL] [-e EXPIRE_SECONDS]
Check for user accounts locked by LDAP ppolicy overlay
options:
-h, --help show this help message and exit
-f, --config-file CONFIG_FILE
Path to configuration file
-w, --warning WARNING
Number of locked users to trigger warning (Default 1).
-c, --critical CRITICAL
Number of locked users to trigger critical alert (Default 5)
-e, --expire-seconds EXPIRE_SECONDS
Seconds after which locks expire (Default 300 - should match your ppolicy lockout-time)```
## Remarks
For AD installations a plugin check_ldap_lockout seems to exist, see also:
* https://nagios.fm4dd.com/plugins/manual/check_ldap_lockout.shtm
A first check suggests that this plugin does not support TLS,
which does not allow an easy adaptation for modern setups.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file check_ldap_ppolicy_lockout-0.1.0.tar.gz.
File metadata
- Download URL: check_ldap_ppolicy_lockout-0.1.0.tar.gz
- Upload date:
- Size: 16.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.1.2 CPython/3.13.5 Linux/6.12.57+deb13-amd64
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
889ba7f985f168e5d0702eb682cb6d90d6f7233cc30a8b8235f39ed6ee164d7b
|
|
| MD5 |
8e28fbedbaf3b536239cd8f0bb8276fd
|
|
| BLAKE2b-256 |
d65f72cf242165fee5547d076c1bdf7809400cfe02effeac89257b47df39c552
|
File details
Details for the file check_ldap_ppolicy_lockout-0.1.0-py3-none-any.whl.
File metadata
- Download URL: check_ldap_ppolicy_lockout-0.1.0-py3-none-any.whl
- Upload date:
- Size: 18.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.1.2 CPython/3.13.5 Linux/6.12.57+deb13-amd64
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d63dd50741c8f9d1dda95e1b36255fcea38f81ff3db54a9aa2eb58617b439ad1
|
|
| MD5 |
d72d81f75484072e61183793296212e6
|
|
| BLAKE2b-256 |
70b5d4a162e5411e1be00dd760818fb6b70ea76a947126e22b34c73cab84aaf1
|
