#!/bin/sh
# simple script to check LDAP certificate for expiry and report how many days are left until certificate expires.
# Script Returned output is [HOST] [DAYS]
#
# To report via Zabbix userparameter script Create 
## /etc/zabbix/zabbix_agent.d/userparameter_ldapcert_expiry.conf with content
## UserParameter=ldapcert.ssl.check, sudo /usr/local/bin/chk_ldapcert_expiry.sh

# If you need to enable script execution via /etc/sudoers add at the bottom of file
## # check with zabbix ldap cert expiry
## zabbix         ALL=NOPASSWD: /usr/local/bin/chk_ldapcert_expiry.sh

##

Z=127.0.0.1;
ldap_port='1400';
ldap_cert_location='/etc/openldap/ldap.cert';

SSL_DATE=$(openssl x509 -in $ldap_cert_location -noout -text | grep -i 'Not After' | awk 'BEGIN {OFS = "-"} {print $5,$4,$7}')

# calculate times left for certificate to expiry
EXPTIME=$(date -d$SSL_DATE +%s)
TODAY=$(date +"%b-%d-%Y")
CURRENT=$(date -d$TODAY +%s)
NUM=$(($EXPTIME - $CURRENT))
RESULT=$(($NUM/86400))
echo $(hostname --fqdn) $RESULT