check_ldaps fails to run successfully inside nagios schedule


I am running nagios 1.2 on a 2.4.21-27.ELsmp i686 host without trouble.
We are needing to migrate off that host and to a host running
2.6.9-34.ELsmp x86_64 host. I’d like to upgrade nagios as well, but time won’t allow
currently, so I’m doing a straight port of 1.2 onto the new host for the
time being.

My issue is that the plugin check_ldaps works on the old host, but not
the new one. It gets even more strange. I can get the command line,
any user, to run check_ldaps successfully, but the nagios binary
continues to launch failed check_ldaps connections.

I’ve updated /etc/openldap/ldap.conf to include TLS_CACERT line to
indicate location of generic cert to use. I however don’t have much
knowledge about the ldap innards making this extra difficult to

What I do know is that any user on new host can run check_ldaps and it
works, but it shows up as failed in the new nagios browser. The nagios
binary has to be started as root




Found the fix for those wondering. For whatever reason, the check_ldaps would not bind using the IP address whilst with the hostname it worked beautifully( using $HOSTALIAS$ instead of $HOSTADDRESS$ <–this being the diff from nagios binary to command line…i was running cmd line with hostname

Also note that using double quotes around the ldap query parms proved a problem when the DN had a space in the name; using single ticks around that fixed that issue as well:

   command_line    $USER1$/check_ldaps -H $HOSTALIAS$ -b -p 636 -D 'cn=mytest,ou=IT Tester,' -P $USER5$ -w 150 -c 300 -t 300