Monitoring Acitve Directory..?

Just wondering if anyone can help me out here. I'm trying to build a VIP for LDAP/AD so that when devices need to authenticate, they can hit a VIP rather than physical server that might be down. To make sure that it's really up though, I'd like to implement a proper health check (ie: bind with the servers).

 

 

To do this, I've created a regular user account that I'm using to bind with, but for the life of me I can't get it to work. If someone can give me some tips on what to use I would appreciate it.

 

 

 

Here's the output from the debug:

 

 

Arguments 1-2:

 

::ffff:10.x.y.z

 

389

 

 

Environment variables:

 

BASE=DC=tld,DC=company,DC=COM

 

DEBUG=yes

 

FILTER=(objectcategory=ntdsdsa)

 

MANDATORYATTRS=no

 

MON_TMPL_NAME=my_ldap_query

 

NODE_IP=::ffff:10.x.y.z

 

NODE_PORT=389

 

PASSWORD=secretword

 

SECURITY=none

 

USERNAME=CN=svc_f5,OU=Service Accounts,DC=tld,DC=company,DC=COM

 

Host URL: ldap://[::ffff:10.x.y.z]:389

 

Search failed(1): Operations error

 

 

The account is named svc_f5, and it's in a "Service Accounts" OU. The filter I'm using should just return all the domain controllers.

 

 

Thanks