Custom LDAP Monitor Does Not Work
Custom LDAP Monitor Does Not Work
https://www.poppelgaard.com/netscaler-case-study-custom-ldap-monitor-does-not-work
Problem Definition
A customer tried to configure custom LDAP monitor, but the monitor failed after it was bound to a load balancing service.
Troubleshooting Steps
The Technical Support Engineers used the nsumon-debug.pl script from the /nsconfig/monitors directory:
root@NS# cd /nsconfig/monitors
root@NS# ls -ltr
total 68
-r-xr-xr-x 1 root wheel 8784 Dec 21 06:08 nswi.pl
-r-xr-xr-x 1 root wheel 2517 Dec 21 06:08 nsumon-debug.pl
-r-xr-xr-x 1 root wheel 3184 Dec 21 06:08 nssnmp.pl
-r-xr-xr-x 1 root wheel 1453 Dec 21 06:08 nssmtp.pl
-r-xr-xr-x 1 root wheel 2509 Dec 21 06:08 nsrdp.pl
-r-xr-xr-x 1 root wheel 2392 Dec 21 06:08 nspop3.pl
-r-xr-xr-x 1 root wheel 3742 Dec 21 06:08 nsntlm-lwp.pl
-r-xr-xr-x 1 root wheel 2769 Dec 21 06:08 nsnntp.pl
-r-xr-xr-x 1 root wheel 2979 Dec 21 06:08 nsmysql.pl
-r-xr-xr-x 1 root wheel 3113 Dec 21 06:08 nsftp.pl
-r-xr-xr-x 1 root wheel 14010 Dec 21 06:08 nsall.pl
drwxr-xr-x 3 root wheel 512 Feb 1 07:18 perl_mod
-r-xr-xr-x 1 root wheel 3793 Feb 29 19:54 nsldaps.pl
-r-xr-xr-x 1 root wheel 3860 Mar 1 01:45 nsldap.pl
With the nsumon-debug.pl script, the engineers set the argument provided in the LDAP Monitor Base DN, Bind DN, and password along with the LDAP IP address and port number.
root@NS7039# nsumon-debug.pl nsldap.pl 10.217.130.120 389 3 “base=cn=users,dc=company,dc=com;bdn=cn=admin,cn=users,dc=company,dc=com;password=xxxxx”
nsldap.pl syntax OK
0
root@NS# nsumon-debug.pl nsldaps.pl 10.217.130.120 636 3 “base=cn=users,dc=company,dc=com;bdn=cn=admin,cn=users,dc=company,dc=com;password=xxxxx”
nsldaps.pl syntax OK
0
The engineers used the following syntax when the LDAP argument had a filter or object:
root@NS7039# nsumon-debug.pl nsldap.pl 10.217.130.120 389 3 “base=cn=users,dc=company,dc=com;bdn=cn=admin,cn=users,dc=company,dc=com;password=xxxxx; filter=objectclass=*;attribute=objectclass”
nsldap.pl syntax OK
0
root@NS# nsumon-debug.pl nsldaps.pl 10.217.130.120 636 3 “base=cn=users,dc=company,dc=com;bdn=cn=admin,cn=users,dc=company,dc=com;password=xxxxx; filter=objectclass=*;attribute=objectclass”
nsldaps.pl syntax OK
0
The listed nsumon-debug.pl scripts were successful. If there were any failures, then the exit reason for nsumon-debug.pl output appears as follows:
root@NS93ncVPX# nsumon-debug.pl nsldaps.pl 10.217.130.120 636 3 ” base=cn=users,dc=company,dc=com;bdn=cn=admin,cn=users,dc=company,dc=com;password=xxxxx”
nsldaps.pl syntax OK
1,Failed to bind to server – Connection reset by peer
root@NS93ncVPX# nsumon-debug.pl nsldap.pl 10.217.130.120 389 3 ” base=cn=users,dc=company,dc=com;bdn=cn=admin,cn=users,dc=company,dc=com;password=xxxxx”
nsldap.pl syntax OK
1,Failed to bind to server – Connection reset by peer
The other error messages or exit reasons could include invalid argument, or broken pipe.
The engineers also verified if LDAP was configured for client authentication that is they verified the LDAP policy.
The engineers also verified if LDAP required any client certificate to connect.
By default, the nsldap.pl script uses only dase, bdn, and password as argument and does not use any certificate to connect to the LDAP. The nsldap.pl script uses the parameter provided as an argument. If the LDAP is expecting a certificate, then certificate must be passed as an argument to the script. Currently, the script does not support a custom argument.
Resolution
To resolve this issue the engineers created a USER monitor instead of LDAP monitor, as shown in the following screen shots:
The engineers bound the user monitor to the load balancing Service.
最新文章
- 应用SuperIO(SIO)和开源跨平台物联网框架ServerSuperIO(SSIO)构建系统的整体方案
- Python 变量范围
- location of the android sdk has not been setup in the preferences
- IIS负载均衡-Application Request Route详解第四篇:使用ARR实现三层部署架构(转载)
- ZOJ 1041 Transmitters
- Binary Tree Zigzag Level Order Traversal
- SGU 132 Another Chocolate Maniac 状态压缩DP
- PYTHON压平嵌套列表
- 【译】 AWK教程指南 附录E-正则表达式
- spring-boot 整合redis作为数据缓存
- Wpf TextChanged事件导致死循环,事件触发循环问题
- Repeater数据绑定和操作
- SVN-TortoiseSVN安装和常用操作步骤
- MFC学习之CWinApp类
- 中介者模式 调停者 Mediator 行为型 设计模式(二十一)
- TCGA一些数据库
- C#验证ip地址的代码
- python中修改工作目录
- webpack - HtmlWebpackPlugin理解
- Action<;T>; Delegate