2020-04-02 14:28:38 +02:00
#!/bin/bash
#############################################################################################################
# Script Name ...: zabbix-ldap-sync.sh
2020-04-14 14:28:17 +02:00
# Version .......: V1.1
# Date ..........: 14.04.2020
2020-04-02 14:28:38 +02:00
# Description....: Synchronise Members of a Actice Directory Group with Zabbix via API
# User wich are removed will be deactivated
# Args ..........:
# Author ........: Bernhard Linz
# Email Business : Bernhard.Linz@datagroup.de
# Email Private : Bernhard@znil.de
#############################################################################################################
2020-04-02 14:30:44 +02:00
# Variables
2020-04-14 14:28:17 +02:00
Script_Version = "V1.1 (2020-04-14)"
2020-04-02 14:30:44 +02:00
# Colors for printf and echo
DEFAULT_FOREGROUND = 39
RED = 31
GREEN = 32
YELLOW = 33
BLUE = 34
MAGENTA = 35
CYAN = 36
LIGHTRED = 91
LIGHTGREEN = 92
LIGHTYELLOW = 93
LIGHTBLUE = 94
LIGHTMAGENTA = 95
LIGHTCYAN = 96
2020-04-02 14:28:38 +02:00
#############################################################################################################
2020-04-02 14:30:44 +02:00
# ______ _ _
# | ____| | | (_)
# | |__ _ _ _ __ ___| |_ _ ___ _ __ ___
# | __| | | | '_ \ / __| __| |/ _ \| '_ \/ __|
# | | | |_| | | | | (__| |_| | (_) | | | \__ \
# |_| \__,_|_| |_|\___|\__|_|\___/|_| |_|___/
#
2020-04-02 14:28:38 +02:00
#############################################################################################################
2020-04-02 14:30:44 +02:00
# Print_Error ### START Function #####################################################################
Print_Error ( ) {
# $1 = Message
echo
echo -e "+- \e[91mERROR: \e[39m------------------------------------------------------------"
printf " $1 "
echo
echo "+---------------------------------------------------------------------"
}
# Print_Error ### END Function #####################################################################
# Print_Status_Text ### START Function #####################################################################
Print_Status_Text ( ) {
if [ " $b_silent " = "false" ] ; then
printf "%-.70s" " ${ 1 } ...................................................................... "
fi
}
# Print_Status_Text ### ENDE Function #####################################################################
# Print_Status_Done ### START Function #####################################################################
Print_Status_Done ( ) {
# RED = 31
# GREEN = 32
if [ " $b_silent " = "false" ] ; then
local status_text = " ${ 1 :- done } "
local status_color = " ${ 2 :- 32 } "
printf " \x1b[" $status_color "m%s\e[m" " $status_text "
echo
fi
}
# Print_Status_Done ### ENDE Function #####################################################################
# Print_Verbose_Text ### START Function #####################################################################
Print_Verbose_Text ( ) {
if [ " $b_verbose " = "true" ] ; then
printf "%-.69s: %s\n" " ${ 1 } ...................................................................... " " ${ 2 } "
fi
}
# Print_Verbose_Text ### ENDE Function #####################################################################
# Check_Prerequisites ### START Function #####################################################################
Check_Prerequisites ( ) {
# $1 = name of command
# $2 = name of Package for Ubuntu/Debian
# $3 = name of Package for CentOS/Red Hat
if ! type " $1 " >/dev/null 2>& 1; then
echo
echo -e "+- \e[91mERROR: Missing Command \e[39m--------------------------------------------"
echo -e " | \e[36m $1 \e[39m is not installed! "
echo "| try:"
echo " | apt install $2 "
echo " | yum install $3 "
echo "+---------------------------------------------------------------------"
exit 1
fi
}
# Check_Prerequisites ### END Function #####################################################################
# Translate_ldapsearch_exitcode ### START Function #####################################################################
Translate_ldapsearch_exitcode ( ) {
case $1 in
0) printf "0: SUCCESS" ; ;
1) printf "1: LDAP_OPERATIONS_ERROR" ; ;
2) printf "2: LDAP_PROTOCOL_ERROR" ; ;
3) printf "3: LDAP_TIMELIMIT_EXCEEDED" ; ;
4) printf "4: LDAP_SIZELIMIT_EXCEEDED" ; ;
7) printf "7: LDAP_AUTH_METHOD_NOT_SUPPORTED" ; ;
8) printf "8: LDAP_STRONG_AUTH_REQUIRED" ; ;
11) printf "11: LDAP_ADMINLIMIT_EXCEEDED" ; ;
13) printf "13: LDAP_CONFIDENTIALITY_REQUIRED" ; ;
16) printf "14: LDAP_NO_SUCH_ATTRIBUTE" ; ;
17) printf "18: LDAP_INAPPROPRIATE_MATCHING" ; ;
32) printf "32: LDAP_NO_SUCH_OBJECT" ; ;
34) printf "34: LDAP_INVALID_DN_SYNTAX" ; ;
48) printf "48: LDAP_INAPPROPRIATE_AUTH" ; ;
49) printf "49: LDAP_INVALID_CREDENTIALS" ; ;
50) printf "50: LDAP_INSUFFICIENT_ACCESS" ; ;
51) printf "51: LDAP_BUSY" ; ;
52) printf "52: LDAP_UNAVAILABLE" ; ;
255) printf "255: LDAP Can't contact LDAP server" ; ;
*) printf " $1 : unkown error " ; ;
esac
echo " (for more details: https://ldapwiki.com/wiki/LDAP%20Result%20Codes)"
}
# Translate_ldapsearch_exitcode ### END Function #####################################################################
# Zabbix_Logout ### START Function #####################################################################
Zabbix_Logout ( ) {
Print_Status_Text "Logout Zabbix API"
if [ " $b_verbose " = "true" ] ; then
Print_Status_Done "checking" $LIGHTCYAN
printf 'curl -k -s -X POST -H "Content-Type:application/json" -d '
printf "'"
printf '{"jsonrpc": "2.0","method":"user.logout","params":[],"id":42,"' " $ZABBIX_authentication_token " '"}'
printf "'"
echo " $ZABBIX_API_URL "
fi
myJSON = $( curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"user.logout","params":[],"id":42,"auth":"' $ZABBIX_authentication_token '"}' $ZABBIX_API_URL )
2020-04-14 13:42:18 +02:00
if [ " $b_verbose " = "true" ] ; then echo " Answer from API: $myJSON " ; fi
2020-04-02 14:30:44 +02:00
if [ " $b_verbose " = "true" ] ; then Print_Status_Text "Logout Zabbix API" ; fi
Print_Status_Done "done" $GREEN
2020-04-14 13:42:18 +02:00
b_Zabbix_is_logged_in = "false"
2020-04-02 14:30:44 +02:00
}
# Zabbix_Logout ### START Function ##################################################################################################################################################################################
# _____ _ _
# / ____| | | |
# | (___ | |_ __ _ _ __| |_ _ _ _ __
# \___ \| __/ _` | '__| __| | | | '_ \
# ____) | || (_| | | | |_| |_| | |_) |
# |_____/ \__\__,_|_| \__|\__,_| .__/
# | |
# |_|
2020-04-02 14:28:38 +02:00
#############################################################################################################
2020-04-02 14:30:44 +02:00
# Check Commandline Arguments
Config_File = "<notset>"
b_Unknown_Parameter = "false"
b_showpasswords = "false"
b_silent = "false"
b_verbose = "false"
while [ [ $# -gt 0 ] ] ; do
current_parameter = " $1 "
case $current_parameter in
-c| -C| --config)
Config_File = " $2 "
shift # past -c / --config
shift # past value
; ;
-p| -P| --ShowPassword)
# Passwords will be displayed in Errors and in Verbose mode
b_showpasswords = "true"
shift # past argument
; ;
-s| -S| --silent)
# be quiet! only errors will be displayed
b_silent = "true"
shift # past argument
; ;
-v| -V| --verbose)
# show some extra information
b_verbose = "true"
shift # past argument
; ;
*) # Catch all other
echo -e " \e[91mUnknown Parameter:\e[39m $1 "
# next parameter will display help and exit script after the loop
b_Unknown_Parameter = "true"
shift # past argument
; ;
esac
done
if [ " $b_Unknown_Parameter " = "true" ] ; then
# ToDo: Create Help text
2020-04-14 14:28:17 +02:00
echo "Parameter error - print help"
echo "In Future here will be some helping text"
2020-04-02 14:30:44 +02:00
exit 1
fi
2020-04-02 14:28:38 +02:00
#############################################################################################################
2020-04-14 13:42:18 +02:00
# Clear Screen
clear
#############################################################################################################
2020-04-02 14:30:44 +02:00
if [ " $b_silent " = "false" ] ; then
echo "---------------------------------------------------------------------------"
echo " zabbix-ldap-sync.sh (Version $Script_Version ) startup "
fi
2020-04-02 14:28:38 +02:00
#############################################################################################################
2020-04-02 14:30:44 +02:00
# Testing for all needed commands (normaly only ldapsearch have to be installed manualy)
Print_Status_Text "Checking prerequisites"
Check_Prerequisites "ldapsearch" "ldap-utils" "openldap-clients"
Check_Prerequisites "curl" "curl" "curl"
Check_Prerequisites "sed" "sed" "sed"
Check_Prerequisites "dirname" "coreutils" "coreutils"
Check_Prerequisites "readlink" "coreutils" "coreutils"
Print_Status_Done "done" $GREEN
2020-04-02 14:28:38 +02:00
#############################################################################################################
2020-04-02 14:30:44 +02:00
# _____ _ _____ __ _ _ _
# | __ \ | | / ____| / _(_) | | (_)
# | |__) |___ __ _ __| | | | ___ _ __ | |_ _ __ _ _ _ _ __ __ _| |_ _ ___ _ __
# | _ // _ \/ _` |/ _` | | | / _ \| '_ \| _| |/ _` | | | | '__/ _` | __| |/ _ \| '_ \
# | | \ \ __/ (_| | (_| | | |___| (_) | | | | | | | (_| | |_| | | | (_| | |_| | (_) | | | |
# |_| \_\___|\__,_|\__,_| \_____\___/|_| |_|_| |_|\__, |\__,_|_| \__,_|\__|_|\___/|_| |_|
# __/ |
# |___/
Print_Status_Text "Searching config file"
if [ " $Config_File " = "<notset>" ] ; then
# Get the current path of this running script - long solution wich is also working with symlinks
This_Script_Bash_Source = " ${ BASH_SOURCE [0] } "
while [ -h " $This_Script_Bash_Source " ] ; do # resolve $This_Script_Bash_Source until the file is no longer a symlink
This_Script_Path = " $( cd -P " $( dirname " $This_Script_Bash_Source " ) " >/dev/null 2>& 1 && pwd ) "
This_Script_Bash_Source = " $( readlink " $This_Script_Bash_Source " ) "
[ [ $This_Script_Bash_Source != /* ] ] && This_Script_Bash_Source = " $This_Script_Path / $This_Script_Bash_Source " # if $This_Script_Bash_Source was a relative symlink, we need to resolve it relative to the path where the symlink file was located
done
This_Script_Path = " $( cd -P " $( dirname " $This_Script_Bash_Source " ) " >/dev/null 2>& 1 && pwd ) "
# Special case for programming - my own config file, excluded from .git
if test -f " $This_Script_Path /config-znil.sh " ; then
Config_File = " $This_Script_Path /config-znil.sh "
else
Config_File = " $This_Script_Path /config.sh "
fi
2020-04-02 14:28:38 +02:00
fi
2020-04-02 14:30:44 +02:00
# Normal test for the file now
if ! test -f " $Config_File " ; then
Print_Status_Done "Error" $RED
Print_Error " $Config_File not found "
2020-04-02 14:28:38 +02:00
exit 1
2020-04-02 14:30:44 +02:00
else
Print_Status_Done "done" $GREEN
2020-04-02 14:28:38 +02:00
fi
2020-04-02 14:30:44 +02:00
# File exist, read it now
Print_Status_Text 'Reading "' $Config_File '"'
source $Config_File
Print_Status_Done "done" $GREEN
Print_Status_Text "Check all needed Settings"
# if [ -z ${var+x} ]; then echo "var is unset"; else echo "var is set to '$var'"; fi
if [ " $b_verbose " = "true" ] ; then Print_Status_Done "checking" $LIGHTCYAN ; fi
####################################################################################################
if ! [ -z ${ LDAP_Source_URL +x } ] ; then Print_Verbose_Text "LDAP_Source_URL" " ${ LDAP_Source_URL } " ; else Print_Error "Missing LDAP_Source_URL" ; fi
####################################################################################################
if ! [ -z ${ LDAP_Ignore_SSL_Certificate +x } ] ; then
Print_Verbose_Text "LDAP_Ignore_SSL_Certificate" " ${ LDAP_Ignore_SSL_Certificate } "
else
LDAP_Ignore_SSL_Certificate = "true"
Print_Verbose_Text "LDAP_Ignore_SSL_Certificate (using Default Value)" " ${ LDAP_Ignore_SSL_Certificate } "
2020-04-02 14:28:38 +02:00
fi
2020-04-02 14:30:44 +02:00
####################################################################################################
if ! [ -z ${ LDAP_Bind_User_DN +x } ] ; then Print_Verbose_Text "LDAP_Bind_User_DN" " ${ LDAP_Bind_User_DN } " ; else Print_Error "Missing LDAP_Bind_User_DN" ; fi
####################################################################################################
if [ -z ${ LDAP_Bind_User_Password +x } ] ; then
Print_Error "Missing LDAP_Bind_User_Password"
else
if [ " $b_showpasswords " = "true" ] ; then
Print_Verbose_Text "LDAP_Bind_User_Password" " ${ LDAP_Bind_User_Password } " ;
else
Print_Verbose_Text "LDAP_Bind_User_Password" " ${ LDAP_Bind_User_Password : 0 : 3 } *************** "
fi
fi
####################################################################################################
if ! [ -z ${ LDAP_SearchBase +x } ] ; then Print_Verbose_Text "LDAP_SearchBase" " ${ LDAP_SearchBase } " ; else Print_Error "Missing LDAP_SearchBase" ; fi
####################################################################################################
2020-04-14 14:28:17 +02:00
if ! [ -z ${ LDAP_Groupname_for_Sync +x } ] ; then
Print_Verbose_Text "LDAP_Groupname_for_Sync" " ${ LDAP_Groupname_for_Sync } "
2020-04-02 14:30:44 +02:00
else
2020-04-14 14:28:17 +02:00
LDAP_Groupname_for_Sync = "skip"
Print_Verbose_Text "LDAP_Groupname_for_Sync" "skip sync"
2020-04-02 14:30:44 +02:00
fi
2020-04-14 14:28:17 +02:00
if [ " $LDAP_Groupname_for_Sync " = "skip" ] ; then Print_Verbose_Text "LDAP_Groupname_for_Sync" "skip sync" ; fi
2020-04-02 14:30:44 +02:00
####################################################################################################
2020-04-14 14:28:17 +02:00
if ! [ -z ${ ZABBIX_Groupname_for_Sync +x } ] ; then
Print_Verbose_Text "ZABBIX_Groupname_for_Sync" " ${ ZABBIX_Groupname_for_Sync } "
2020-04-02 14:30:44 +02:00
else
2020-04-14 14:28:17 +02:00
ZABBIX_Groupname_for_Sync = "skip"
Print_Verbose_Text "ZABBIX_Groupname_for_Sync" "skip sync"
2020-04-02 14:30:44 +02:00
fi
2020-04-14 14:28:17 +02:00
if [ " $ZABBIX_Groupname_for_Sync " = "skip" ] ; then Print_Verbose_Text "ZABBIX_Groupname_for_Sync" "skip sync" ; fi
2020-04-02 14:30:44 +02:00
####################################################################################################
if ! [ -z ${ ZABBIX_Disabled_User_Group +x } ] ; then
Print_Verbose_Text "ZABBIX_Disabled_User_Group" " ${ ZABBIX_Disabled_User_Group } "
else
ZABBIX_Disabled_User_Group = "Disabled"
Print_Verbose_Text "ZABBIX_Disabled_User_Group (using Default Value)" " ${ ZABBIX_Disabled_User_Group } "
fi
####################################################################################################
if ! [ -z ${ ZABBIX_API_URL +x } ] ; then Print_Verbose_Text "ZABBIX_API_URL" " ${ ZABBIX_API_URL } " ; else Print_Error "Missing ZABBIX_API_URL" ; fi
####################################################################################################
if ! [ -z ${ ZABBIX_API_User +x } ] ; then Print_Verbose_Text "ZABBIX_API_User" " ${ ZABBIX_API_User } " ; else Print_Error "Missing ZABBIX_API_User" ; fi
####################################################################################################
####################################################################################################
if [ -z ${ ZABBIX_API_Password +x } ] ; then
Print_Error "Missing ZABBIX_API_Password"
else
if [ " $b_showpasswords " = "true" ] ; then
Print_Verbose_Text "ZABBIX_API_Password" " ${ ZABBIX_API_Password } " ;
else
Print_Verbose_Text "ZABBIX_API_Password" " ${ ZABBIX_API_Password : 0 : 3 } *************** " ;
fi
fi
####################################################################################################
if ! [ -z ${ ZABBIX_UserType_User +x } ] ; then
Print_Verbose_Text "ZABBIX_UserType_User" " ${ ZABBIX_UserType_User } "
else
ZABBIX_UserType_User = 1
Print_Verbose_Text "ZABBIX_UserType_User (using Default Value)" " ${ ZABBIX_UserType_User } "
fi
####################################################################################################
if ! [ -z ${ ZABBIX_MediaTypeID +x } ] ; then
Print_Verbose_Text "ZABBIX_MediaTypeID" " ${ ZABBIX_MediaTypeID } "
else
ZABBIX_MediaTypeID = 1
Print_Verbose_Text "ZABBIX_MediaTypeID (using Default Value)" " ${ ZABBIX_MediaTypeID } "
fi
####################################################################################################
if [ " $b_verbose " = "false" ] ; then
Print_Status_Done "done" $GREEN
else
Print_Status_Text "Check all needed Settings"
Print_Status_Done "done" $GREEN
2020-04-02 14:28:38 +02:00
fi
#############################################################################################################
# ____ _ _____ _____
# / __ \ | | | __ \ /\ | __ \
# | | | |_ _ ___ _ __ _ _ | | | | | | / \ | |__) |
# | | | | | | |/ _ \ '__| | | | | | | | | |/ /\ \ | ___/
# | |__| | |_| | __/ | | |_| | | |____| |__| / ____ \| |
# \___\_\\__,_|\___|_| \__, | |______|_____/_/ \_\_|
# __/ |
# |___/
#
declare -a LDAP_ARRAY_Members_RAW # Raw Data from ldapsearch
declare -a LDAP_ARRAY_Members_DN # Distinguished names extracted from LDAP_ARRAY_Members_RAW
2020-04-02 14:30:44 +02:00
Print_Status_Text "STEP 1: Getting all Members from Active Directory / LDAP Group"
if [ " $b_verbose " = "true" ] ; then Print_Status_Done "checking" $LIGHTCYAN ; fi
if [ " $b_verbose " = "true" ] ; then
echo
echo "STEP 1: Getting all Members from Active Directory / LDAP Group"
echo "--------------------------------------------------------------"
2020-04-14 14:28:17 +02:00
echo " Group Name SuperAdmin : $LDAP_Groupname_for_Sync "
echo " LDAP Server ..........: $LDAP_Source_URL "
echo " LDAP User ............: $LDAP_Bind_User_DN "
echo " LDAP Search Base .....: $LDAP_SearchBase "
2020-04-02 14:30:44 +02:00
echo "--------------------------------------------------------------"
echo "running ldapsearch:"
fi
2020-04-02 14:28:38 +02:00
if [ LDAP_Ignore_SSL_Certificate = "false" ] ; then
# normal ldapsearch call
2020-04-02 14:30:44 +02:00
if [ " $b_verbose " = "true" ] ; then
if [ " $b_showpasswords " = "true" ] ; then
2020-04-14 14:28:17 +02:00
echo 'ldapsearch -x -H ' $LDAP_Source_URL ' -D "' $LDAP_Bind_User_DN '" -w "' $LDAP_Bind_User_Password '" -b "' $LDAP_SearchBase '" "(&(objectClass=group)(cn="' $LDAP_Groupname_for_Sync '"))"'
2020-04-02 14:30:44 +02:00
else
2020-04-14 14:28:17 +02:00
echo 'ldapsearch -x -H ' $LDAP_Source_URL ' -D "' $LDAP_Bind_User_DN '" -w "***********" -b "' $LDAP_SearchBase '" "(&(objectClass=group)(cn="' $LDAP_Groupname_for_Sync '"))"'
2020-04-02 14:30:44 +02:00
fi
fi
# yes, ldapsearch is called twice - first time without grep to catch the exitcode, 2. time to catch the content
2020-04-14 14:28:17 +02:00
tempvar = ` ldapsearch -x -H $LDAP_Source_URL -D " $LDAP_Bind_User_DN " -w " $LDAP_Bind_User_Password " -b " $LDAP_SearchBase " " (&(objectClass=group)(cn= $LDAP_Groupname_for_Sync )) " o member`
2020-04-02 14:30:44 +02:00
ldapsearch_exitcode = " $? "
if [ " $b_verbose " = "true" ] ; then echo " ldapsearch_exitcode: $ldapsearch_exitcode " ; fi
2020-04-14 14:28:17 +02:00
tempvar = ` ldapsearch -x -H $LDAP_Source_URL -D " $LDAP_Bind_User_DN " -w " $LDAP_Bind_User_Password " -b " $LDAP_SearchBase " " (&(objectClass=group)(cn= $LDAP_Groupname_for_Sync )) " o member | grep member:`
2020-04-02 14:28:38 +02:00
else
# ignore SSL ldapsearch
2020-04-02 14:30:44 +02:00
if [ " $b_verbose " = "true" ] ; then
if [ " $b_showpasswords " = "true" ] ; then
2020-04-14 14:28:17 +02:00
echo 'LDAPTLS_REQCERT=never ldapsearch -x -H ' $LDAP_Source_URL ' -D "' $LDAP_Bind_User_DN '" -w "' $LDAP_Bind_User_Password '" -b "' $LDAP_SearchBase '" "(&(objectClass=group)(cn=' $LDAP_Groupname_for_Sync '))" o member'
2020-04-02 14:30:44 +02:00
else
2020-04-14 14:28:17 +02:00
echo 'LDAPTLS_REQCERT=never ldapsearch -x -H ' $LDAP_Source_URL ' -D "' $LDAP_Bind_User_DN '" -w "***********" -b "' $LDAP_SearchBase '" "(&(objectClass=group)(cn=' $LDAP_Groupname_for_Sync '))" o member'
2020-04-02 14:30:44 +02:00
fi
fi
# yes, ldapsearch is called twice - first time without grep to catch the exitcode, 2. time to catch the content
2020-04-14 14:28:17 +02:00
tempvar = ` LDAPTLS_REQCERT = never ldapsearch -x -H $LDAP_Source_URL -D " $LDAP_Bind_User_DN " -w " $LDAP_Bind_User_Password " -b " $LDAP_SearchBase " " (&(objectClass=group)(cn= $LDAP_Groupname_for_Sync )) " o member`
2020-04-02 14:30:44 +02:00
ldapsearch_exitcode = " $? "
if [ " $b_verbose " = "true" ] ; then echo " ldapsearch_exitcode: $ldapsearch_exitcode " ; fi
2020-04-14 14:28:17 +02:00
tempvar = ` LDAPTLS_REQCERT = never ldapsearch -x -H $LDAP_Source_URL -D " $LDAP_Bind_User_DN " -w " $LDAP_Bind_User_Password " -b " $LDAP_SearchBase " " (&(objectClass=group)(cn= $LDAP_Groupname_for_Sync )) " o member | grep member:`
2020-04-02 14:28:38 +02:00
fi
2020-04-02 14:30:44 +02:00
if [ " $b_verbose " = "true" ] ; then
echo 'Result ldapsearch (with "grep member:" : ' " $tempvar "
echo " Exitcode ldapsearch: $( Translate_ldapsearch_exitcode $ldapsearch_exitcode ) "
fi
# only continue if ldapsearch was succesfull
if [ " $ldapsearch_exitcode " -eq 0 ] ; then
LDAP_ARRAY_Members_RAW = ( $tempvar ) # Split the raw output into an array
LDAP_ARRAY_Members_DN = ( )
for ( ( i = 0; i < ${# LDAP_ARRAY_Members_RAW [*] } ; i++ ) ) ; do
# Search for the word "member:" in Array - the next value is the DN of a Member
if [ " ${ LDAP_ARRAY_Members_RAW [ $i ] : 0 : 7 } " = "member:" ] ; then
i = $(( $i + 1 ))
LDAP_ARRAY_Members_DN += ( " ${ LDAP_ARRAY_Members_RAW [ $i ] } " ) # add new Item to the end of the array
else
# Ok, no "member:" found and the Item was not skipped by i=i+1 - must still belong to the previous Item, which was separated by a space
last_item_of_array = ${# LDAP_ARRAY_Members_DN [*] } # get the Number of Items in the array
last_item_of_array = $(( $last_item_of_array - 1 )) # get the Index of the last one (0 is the first index but the number of Items would be 1)
LDAP_ARRAY_Members_DN[ $last_item_of_array ] += " ${ LDAP_ARRAY_Members_RAW [ $i ] } " # without ( ) -> replace the Item-Value, add no new Item to the array
fi
done
2020-04-02 14:28:38 +02:00
else
2020-04-02 14:30:44 +02:00
Print_Error " Exitcode ldapsearch not zero: $( Translate_ldapsearch_exitcode $ldapsearch_exitcode ) \nTry -v -p and test command by hand "
exit 1
fi
2020-04-14 13:42:18 +02:00
if [ " $b_verbose " = "true" ] ; then Print_Status_Text "STEP 1: Getting all Members from Active Directory / LDAP Group" ; fi
2020-04-02 14:30:44 +02:00
Print_Status_Done "done" $GREEN
if [ " $b_verbose " = "true" ] ; then
2020-04-02 14:28:38 +02:00
echo 'Got "Distinguished Name" for ' ${# LDAP_ARRAY_Members_DN [*] } ' members:'
for ( ( i = 0; i < ${# LDAP_ARRAY_Members_DN [*] } ; i++ ) ) ; do
echo " $i : ${ LDAP_ARRAY_Members_DN [ $i ] } "
done
echo "--------------------------------------------------------------"
fi
2020-04-14 13:42:18 +02:00
# Needed additional arrays
2020-04-02 14:28:38 +02:00
declare -a LDAP_ARRAY_Members_sAMAccountName
declare -a LDAP_ARRAY_Members_Surname
declare -a LDAP_ARRAY_Members_Givenname
declare -a LDAP_ARRAY_Members_Email
2020-04-14 13:42:18 +02:00
LDAP_ARRAY_Members_sAMAccountName = ( )
LDAP_ARRAY_Members_Surname = ( )
LDAP_ARRAY_Members_Givenname = ( )
LDAP_ARRAY_Members_Email = ( )
2020-04-02 14:30:44 +02:00
# Only catch the rest if there members in the group
if [ " ${# LDAP_ARRAY_Members_DN [*] } " -gt 0 ] ; then
Print_Status_Text "Query sAMAccountName, sn, givenName and primary Email-Address"
# Maybe a User have no Surname, Givenname and/or Email - but the will be always a sAMAccountName
# the checks are used for testing this. Set to false for the first run of the loop
2020-04-02 14:28:38 +02:00
b_check_sAMAccountName = "false"
b_check_Surname = "false"
b_check_Givenname = "false"
b_check_Email = "false"
2020-04-02 14:30:44 +02:00
for ( ( i = 0; i < ${# LDAP_ARRAY_Members_DN [*] } ; i++ ) ) ; do
# When the Loop start again we have to for all values. All arrays-size must be equal!
# First run of loop will be skipped because b_check_sAMAccountName is false
if [ " $b_check_sAMAccountName " = "true" ] ; then
if [ " $b_check_Surname " = "false" ] ; then
2020-04-14 13:42:18 +02:00
LDAP_ARRAY_Members_Surname += ( " - " )
2020-04-02 14:30:44 +02:00
fi
if [ " $b_check_Givenname " = "false" ] ; then
2020-04-14 13:42:18 +02:00
LDAP_ARRAY_Members_Givenname += ( " - " )
2020-04-02 14:30:44 +02:00
fi
if [ " $b_check_Email " = "false" ] ; then
2020-04-14 13:42:18 +02:00
LDAP_ARRAY_Members_Email += ( " - " )
2020-04-02 14:30:44 +02:00
fi
2020-04-02 14:28:38 +02:00
fi
2020-04-02 14:30:44 +02:00
if [ LDAP_Ignore_SSL_Certificate = "false" ] ; then
# sed replace all ": " and "new line" to "|"
tempvar = ` ldapsearch -x -H $LDAP_Source_URL -D " $LDAP_Bind_User_DN " -w " $LDAP_Bind_User_Password " -b " ${ LDAP_ARRAY_Members_DN [ $i ] } " o sAMAccountName o sn o givenName o mail | grep "^sn: \|^givenName: \|^sAMAccountName: \|^mail:" | sed 's/$/|/' | sed 's/: /|/' `
else
# sed replace all ": " and "new line" to "|"
tempvar = ` LDAPTLS_REQCERT = never ldapsearch -x -H $LDAP_Source_URL -D " $LDAP_Bind_User_DN " -w " $LDAP_Bind_User_Password " -b " ${ LDAP_ARRAY_Members_DN [ $i ] } " o sAMAccountName o sn o givenName o mail | grep "^sn: \|^givenName: \|^sAMAccountName: \|^mail:" | sed 's/$/|/' | sed 's/: /|/' `
2020-04-02 14:28:38 +02:00
fi
2020-04-02 14:30:44 +02:00
# Remove all "New Line" (yes, again,) but keep all Spaces
tempvar = $( echo " | ${ tempvar //[ $'\t\r\n' ] } | " )
IFS = $'|' # | is set as delimiter
LDAP_ARRAY_Members_RAW = ( $tempvar )
IFS = ' ' # space is set as delimiter
b_check_sAMAccountName = "false"
b_check_Surname = "false"
b_check_Givenname = "false"
b_check_Email = "false"
for ( ( k = 0; k < ${# LDAP_ARRAY_Members_RAW [*] } ; k++ ) ) ; do
# Check sAMAccountName
if [ " ${ LDAP_ARRAY_Members_RAW [ $k ] } " = "sAMAccountName" ] ; then
k = $(( $k + 1 ))
# echo "add SAM: ${LDAP_ARRAY_Members_RAW[$k]}"
LDAP_ARRAY_Members_sAMAccountName += ( " ${ LDAP_ARRAY_Members_RAW [ $k ] } " )
b_check_sAMAccountName = "true"
fi
if [ " ${ LDAP_ARRAY_Members_RAW [ $k ] } " = "sn" ] ; then
k = $(( $k + 1 ))
# echo "add SN: ${LDAP_ARRAY_Members_RAW[$k]}"
LDAP_ARRAY_Members_Surname += ( " ${ LDAP_ARRAY_Members_RAW [ $k ] } " )
b_check_Surname = "true"
fi
if [ " ${ LDAP_ARRAY_Members_RAW [ $k ] } " = "givenName" ] ; then
k = $(( $k + 1 ))
# echo "add givenName: ${LDAP_ARRAY_Members_RAW[$k]}"
LDAP_ARRAY_Members_Givenname += ( " ${ LDAP_ARRAY_Members_RAW [ $k ] } " )
b_check_Givenname = "true"
fi
if [ " ${ LDAP_ARRAY_Members_RAW [ $k ] } " = "mail" ] ; then
k = $(( $k + 1 ))
# echo "add Email: ${LDAP_ARRAY_Members_RAW[$k]}"
LDAP_ARRAY_Members_Email += ( " ${ LDAP_ARRAY_Members_RAW [ $k ] } " )
b_check_Email = "true"
fi
done
2020-04-02 14:28:38 +02:00
done
2020-04-14 13:42:18 +02:00
# If only one user is in group and some Values are missing ... we need a special treatment for this:
if [ " $b_check_sAMAccountName " = "true" ] ; then
if [ " $b_check_Surname " = "false" ] ; then
LDAP_ARRAY_Members_Surname += ( " - " )
fi
if [ " $b_check_Givenname " = "false" ] ; then
LDAP_ARRAY_Members_Givenname += ( " - " )
fi
if [ " $b_check_Email " = "false" ] ; then
LDAP_ARRAY_Members_Email += ( " - " )
fi
fi
2020-04-02 14:30:44 +02:00
Print_Status_Done "done" $GREEN
fi
2020-04-02 14:28:38 +02:00
unset LDAP_ARRAY_Members_RAW
2020-04-02 14:30:44 +02:00
if [ " $b_verbose " = "true" ] ; then
echo "------------------------------------------------------------------------------------------------"
2020-04-14 14:28:17 +02:00
echo " Result from STEP 1: Getting all Members from Active Directory / LDAP Group $LDAP_Groupname_for_Sync "
2020-04-02 14:30:44 +02:00
echo "----+----------------------+----------------------+----------------------+----------------------"
printf "%-3s | %-20s | %-20s | %-20s | %-20s" "No." "sAMAccountName" "Surname" "Givenname" "Email"
2020-04-02 14:28:38 +02:00
printf "\n"
2020-04-02 14:30:44 +02:00
echo "----+----------------------+----------------------+----------------------+----------------------"
for ( ( i = 0; i < ${# LDAP_ARRAY_Members_sAMAccountName [*] } ; i++ ) ) ; do
printf "%-3s | %-20s | %-20s | %-20s | %-20s" " $i " " ${ LDAP_ARRAY_Members_sAMAccountName [ $i ] } " " ${ LDAP_ARRAY_Members_Surname [ $i ] } " " ${ LDAP_ARRAY_Members_Givenname [ $i ] } " " ${ LDAP_ARRAY_Members_Email [ $i ] } "
printf "\n"
done
echo "------------------------------------------------------------------------------------------------"
echo
echo
fi
2020-04-02 14:28:38 +02:00
2020-04-14 13:42:18 +02:00
2020-04-02 14:28:38 +02:00
#############################################################################################################
# ______ _ _ _ _ _
# |___ / | | | | (_) | | (_)
# / / __ _| |__ | |__ ___ __ | | ___ __ _ _ _ __
# / / / _` | '_ \| '_ \| \ \/ / | | / _ \ / _` | | '_ \
# / /_| (_| | |_) | |_) | |> < | |___| (_) | (_| | | | | |
# /_____\__,_|_.__/|_.__/|_/_/\_\ |______\___/ \__, |_|_| |_|
# __/ |
# |___/
# Login Zabbix API and catch the authentication token
2020-04-02 14:30:44 +02:00
b_Zabbix_is_logged_in = "false"
Print_Status_Text "Login at Zabbix API"
if [ " $b_verbose " = "true" ] ; then Print_Status_Done "checking" $LIGHTCYAN ; fi
if [ " $b_verbose " = "true" ] ; then
2020-04-02 14:28:38 +02:00
printf 'curl -k -s -X POST -H "Content-Type:application/json" -d '
printf "'"
2020-04-02 14:30:44 +02:00
if [ " $b_showpasswords " = "true" ] ; then
printf '{"jsonrpc": "2.0","method":"user.login","params":{"user":"' $ZABBIX_API_User '","password":"' $ZABBIX_API_Password '"},"id":42}'
else
printf '{"jsonrpc": "2.0","method":"user.login","params":{"user":"' $ZABBIX_API_User '","password":"********"},"id":42}'
fi
2020-04-02 14:28:38 +02:00
printf "'"
echo " $ZABBIX_API_URL "
2020-04-02 14:30:44 +02:00
fi
ZABBIX_authentication_token = $( curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"user.login","params":{"user":"' $ZABBIX_API_User '","password":"' $ZABBIX_API_Password '"},"id":42}' $ZABBIX_API_URL | cut -d'"' -f8)
Print_Verbose_Text "Authentification token" " $ZABBIX_authentication_token "
if [ " ${# ZABBIX_authentication_token } " -ne 32 ] ; then
# Token must have 32 Chars - something went wrong
Print_Status_Done "failed" $RED
Print_Error "Login Zabbix API failed\nTry -v -p and test command by hand"
2020-04-02 14:28:38 +02:00
exit 1
2020-04-02 14:30:44 +02:00
else
b_Zabbix_is_logged_in = "true"
2020-04-02 14:28:38 +02:00
fi
2020-04-14 13:42:18 +02:00
Print_Verbose_Text "b_Zabbix_is_logged_in" " $b_Zabbix_is_logged_in "
if [ " $b_verbose " = "true" ] ; then
Print_Status_Text "Login at Zabbix API"
fi
2020-04-02 14:30:44 +02:00
Print_Status_Done "done" $GREEN
2020-04-14 13:42:18 +02:00
2020-04-02 14:28:38 +02:00
#############################################################################################################
# ____ ______ _ _ _ _____
# / __ \ |___ / | | | | (_) / ____|
# | | | |_ _ ___ _ __ _ _ / / __ _| |__ | |__ ___ __ | | __ _ __ ___ _ _ _ __
# | | | | | | |/ _ \ '__| | | | / / / _` | '_ \| '_ \| \ \/ / | | |_ | '__/ _ \| | | | '_ \
# | |__| | |_| | __/ | | |_| | / /_| (_| | |_) | |_) | |> < | |__| | | | (_) | |_| | |_) |
# \___\_\\__,_|\___|_| \__, | /_____\__,_|_.__/|_.__/|_/_/\_\ \_____|_| \___/ \__,_| .__/
# __/ | | |
# |___/ |_|
# Get UserGrpIds and Members of existing LDAP-User Group in Zabbix
2020-04-14 13:42:18 +02:00
Print_Status_Text "STEP 2: Get Members of Zabbix-LDAP Groups"
Print_Status_Done "checking" $LIGHTCYAN
if [ " $b_verbose " = "true" ] ; then
echo
echo "STEP 2: Get Members of Zabbix-LDAP Group"
echo "--------------------------------------------------------------"
2020-04-14 14:28:17 +02:00
echo " Zabbix LDAP Group Name .........: $ZABBIX_Groupname_for_Sync "
2020-04-14 13:42:18 +02:00
echo " Zabbix Disabled User Group Name : $ZABBIX_Disabled_User_Group "
echo " Zabbix API URL .................: $ZABBIX_API_User "
echo " Zabbix API User ................: $LDAP_Bind_User_DN "
echo "--------------------------------------------------------------"
fi
2020-04-02 14:28:38 +02:00
#############################################################################################################
# Get UsrGrpIds
2020-04-14 14:28:17 +02:00
Print_Status_Text 'determine UsrGrpID of "' $ZABBIX_Groupname_for_Sync '"'
2020-04-14 13:42:18 +02:00
if [ " $b_verbose " = "true" ] ; then Print_Status_Done "checking" $LIGHTCYAN ; fi
2020-04-02 14:28:38 +02:00
declare -a ZABBIX_ARRAY_usrgrpid_RAW
2020-04-14 13:42:18 +02:00
if [ " $b_verbose " = "true" ] ; then
printf 'curl -k -s -X POST -H "Content-Type:application/json" -d '
printf "'"
2020-04-14 14:28:17 +02:00
printf '{"jsonrpc":"2.0","method":"usergroup.get","params":{"filter":{"name":"' $ZABBIX_Groupname_for_Sync '"},"output":"extend","status":0},"id":42,"auth":"' $ZABBIX_authentication_token '"}'
2020-04-14 13:42:18 +02:00
printf "'"
printf " $ZABBIX_API_URL "
fi
2020-04-14 14:28:17 +02:00
tempvar = ` curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc":"2.0","method":"usergroup.get","params":{"filter":{"name":"' $ZABBIX_Groupname_for_Sync '"},"output":"extend","status":0},"id":42,"auth":"' $ZABBIX_authentication_token '"}' $ZABBIX_API_URL `
2020-04-14 13:42:18 +02:00
if [ " $b_verbose " = "true" ] ; then echo $tempvar ; fi
# The answer is an JSON - we split by the " into an array and search for the wanted values
2020-04-02 14:28:38 +02:00
IFS = '"' # " is set as delimiter
ZABBIX_ARRAY_usrgrpid_RAW = ( $tempvar )
IFS = ' ' # space is set as delimiter
for ( ( i = 0; i < ${# ZABBIX_ARRAY_usrgrpid_RAW [*] } ; i++ ) ) ; do
#echo "Wert $i: ${ZABBIX_ARRAY_usrgrpid_RAW[$i]}"
if [ " ${ ZABBIX_ARRAY_usrgrpid_RAW [ $i ] } " = "usrgrpid" ] ; then
i = $(( $i + 2 ))
ZABBIX_LDAP_Group_UsrGrpId = " ${ ZABBIX_ARRAY_usrgrpid_RAW [ $i ] } "
# i=${#ZABBIX_ARRAY_usrgrpid_RAW[*]}
break
fi
done
2020-04-14 14:28:17 +02:00
Print_Verbose_Text " $ZABBIX_Groupname_for_Sync " " $ZABBIX_LDAP_Group_UsrGrpId "
if [ " $b_verbose " = "true" ] ; then Print_Status_Text 'determine UsrGrpID of "' $ZABBIX_Groupname_for_Sync '"' ; fi
2020-04-14 13:42:18 +02:00
Print_Status_Done "done" $GREEN
2020-04-02 14:28:38 +02:00
tempvar = ""
2020-04-14 13:42:18 +02:00
Print_Status_Text 'determine UsrGrpID of "' $ZABBIX_Disabled_User_Group '"'
if [ " $b_verbose " = "true" ] ; then Print_Status_Done "checking" $LIGHTCYAN ; fi
2020-04-02 14:28:38 +02:00
tempvar = ` curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc":"2.0","method":"usergroup.get","params":{"filter":{"name":"' $ZABBIX_Disabled_User_Group '"},"output":"extend","status":1},"id":42,"auth":"' $ZABBIX_authentication_token '"}' $ZABBIX_API_URL `
2020-04-14 13:42:18 +02:00
if [ " $b_verbose " = "true" ] ; then echo $tempvar ; fi
2020-04-02 14:28:38 +02:00
IFS = '"' # " is set as delimiter
ZABBIX_ARRAY_usrgrpid_RAW = ( $tempvar )
IFS = ' ' # space is set as delimiter
for ( ( i = 0; i < ${# ZABBIX_ARRAY_usrgrpid_RAW [*] } ; i++ ) ) ; do
if [ " ${ ZABBIX_ARRAY_usrgrpid_RAW [ $i ] } " = "usrgrpid" ] ; then
i = $(( $i + 2 ))
ZABBIX_Disabled_Group_UsrGrpId = " ${ ZABBIX_ARRAY_usrgrpid_RAW [ $i ] } "
break
fi
done
2020-04-14 13:42:18 +02:00
Print_Verbose_Text " $ZABBIX_Disabled_User_Group " " $ZABBIX_Disabled_Group_UsrGrpId "
if [ " $b_verbose " = "true" ] ; then Print_Status_Text 'determine UsrGrpID of "' $ZABBIX_Disabled_User_Group '"' ; fi
Print_Status_Done "done" $GREEN
2020-04-02 14:28:38 +02:00
tempvar = ""
unset ZABBIX_ARRAY_usrgrpid_RAW
#############################################################################################################
2020-04-14 13:42:18 +02:00
# Get alias and userid of the Zabbix Group Members
2020-04-14 14:28:17 +02:00
Print_Status_Text 'determine alias and userid for Members of "' $ZABBIX_Groupname_for_Sync '"'
2020-04-14 13:42:18 +02:00
if [ " $b_verbose " = "true" ] ; then Print_Status_Done "checking" $LIGHTCYAN ; fi
2020-04-02 14:28:38 +02:00
declare -a ZABBIX_ARRAY_LDAP_GroupMember_alias
declare -a ZABBIX_ARRAY_LDAP_GroupMember_userid
declare -a ZABBIX_ARRAY_LDAP_GroupMember_RAW
ZABBIX_ARRAY_LDAP_GroupMember_alias = ( )
ZABBIX_ARRAY_LDAP_GroupMember_userid = ( )
2020-04-14 13:42:18 +02:00
if [ " $b_verbose " = "true" ] ; then
printf 'curl -k -s -X POST -H "Content-Type:application/json" -d '
printf "'"
printf '{"jsonrpc": "2.0","method":"user.get","params":{"usrgrpids":"' $ZABBIX_LDAP_Group_UsrGrpId '","output":["alias","userid"]},"id":42,"auth":"' $ZABBIX_authentication_token '"}'
printf "'"
printf " $ZABBIX_API_URL "
fi
2020-04-02 14:28:38 +02:00
tempvar = ` curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"user.get","params":{"usrgrpids":"' $ZABBIX_LDAP_Group_UsrGrpId '","output":["alias","userid"]},"id":42,"auth":"' $ZABBIX_authentication_token '"}' $ZABBIX_API_URL `
2020-04-14 13:42:18 +02:00
if [ " $b_verbose " = "true" ] ; then echo $tempvar ; fi
2020-04-02 14:28:38 +02:00
IFS = '"' # " is set as delimiter
ZABBIX_ARRAY_LDAP_GroupMember_RAW = ( $tempvar )
IFS = ' ' # space is set as delimiter
for ( ( i = 0; i < ${# ZABBIX_ARRAY_LDAP_GroupMember_RAW [*] } ; i++ ) ) ; do
#echo "Wert $i: ${ZABBIX_ARRAY_LDAP_GroupMember_RAW[$i]}"
# Wir gehen davon aus das UserId und Alias immer - in beliebiger Reihenfolge - hintereinander kommen, der Index der beiden Arrays sollte also zueinander passen
if [ " ${ ZABBIX_ARRAY_LDAP_GroupMember_RAW [ $i ] } " = "userid" ] ; then
i = $(( $i + 2 ))
ZABBIX_ARRAY_LDAP_GroupMember_userid += ( " ${ ZABBIX_ARRAY_LDAP_GroupMember_RAW [ $i ] } " )
2020-04-14 13:42:18 +02:00
Print_Verbose_Text "Found UserId" " ${ ZABBIX_ARRAY_LDAP_GroupMember_RAW [ $i ] } "
#printf "."
2020-04-02 14:28:38 +02:00
fi
if [ " ${ ZABBIX_ARRAY_LDAP_GroupMember_RAW [ $i ] } " = "alias" ] ; then
i = $(( $i + 2 ))
ZABBIX_ARRAY_LDAP_GroupMember_alias += ( " ${ ZABBIX_ARRAY_LDAP_GroupMember_RAW [ $i ] } " )
2020-04-14 13:42:18 +02:00
Print_Verbose_Text "Found Alias" " ${ ZABBIX_ARRAY_LDAP_GroupMember_RAW [ $i ] } "
#printf "."
2020-04-02 14:28:38 +02:00
fi
done
2020-04-14 14:28:17 +02:00
if [ " $b_verbose " = "true" ] ; then Print_Status_Text 'determine alias and userid for Members of "' $ZABBIX_Groupname_for_Sync '"' ; fi
2020-04-14 13:42:18 +02:00
Print_Status_Done "done" $GREEN
2020-04-02 14:28:38 +02:00
unset ZABBIX_ARRAY_LDAP_GroupMember_RAW
2020-04-14 13:42:18 +02:00
if [ " $b_verbose " = "true" ] ; then
echo "------------------------------------------------------------------------------------------------"
2020-04-14 14:28:17 +02:00
echo " Result from STEP 2: Get Members of Zabbix-LDAP Group $ZABBIX_Groupname_for_Sync "
2020-04-14 13:42:18 +02:00
echo "----+----------------------+----------------------+----------------------+----------------------"
printf "%-3s | %-20s | %-20s | %-20s | %-20s" "No." "Alias" "UserId" " " " "
2020-04-02 14:28:38 +02:00
printf "\n"
2020-04-14 13:42:18 +02:00
echo "----+----------------------+----------------------+----------------------+----------------------"
for ( ( i = 0; i < ${# ZABBIX_ARRAY_LDAP_GroupMember_alias [*] } ; i++ ) ) ; do
printf "%-3s | %-20s | %-20s | %-20s | %-20s" " $i " " ${ ZABBIX_ARRAY_LDAP_GroupMember_alias [ $i ] } " " ${ ZABBIX_ARRAY_LDAP_GroupMember_userid [ $i ] } " " " " "
printf "\n"
done
echo "------------------------------------------------------------------------------------------------"
echo
fi
2020-04-02 14:28:38 +02:00
#############################################################################################################
# _____ _____
# / ____| / ____|
# | | ___ _ __ ___ _ __ __ _ _ __ ___ | | __ _ __ ___ _ _ _ __ ___
# | | / _ \| '_ ` _ \| '_ \ / _` | '__/ _ \ | | |_ | '__/ _ \| | | | '_ \/ __|
# | |___| (_) | | | | | | |_) | (_| | | | __/ | |__| | | | (_) | |_| | |_) \__ \
# \_____\___/|_| |_| |_| .__/ \__,_|_| \___| \_____|_| \___/ \__,_| .__/|___/
# | | | |
# |_| |_|
2020-04-14 13:42:18 +02:00
Print_Status_Text "STEP 3: Compare Groups for changes"
Print_Status_Done "checking" $LIGHTCYAN
if [ " $b_verbose " = "true" ] ; then
echo
echo "STEP 3: Compare Groups for changes"
echo "--------------------------------------------------------------"
2020-04-14 14:28:17 +02:00
echo " AD / LDAP Group Name ...........: $LDAP_Groupname_for_Sync "
echo " Zabbix LDAP Group Name .........: $ZABBIX_Groupname_for_Sync "
2020-04-14 13:42:18 +02:00
echo "--------------------------------------------------------------"
fi
2020-04-02 14:28:38 +02:00
b_Must_Sync_Users = "false"
# Check 1:
2020-04-14 13:42:18 +02:00
Print_Status_Text "Check 1: Number of Users LDAP"
Print_Status_Done " ${# LDAP_ARRAY_Members_sAMAccountName [*] } " $DEFAULT_FOREGROUND
Print_Status_Text "Check 1: Number of Users Zabbix"
Print_Status_Done " ${# ZABBIX_ARRAY_LDAP_GroupMember_alias [*] } " $DEFAULT_FOREGROUND
Print_Status_Text "Check 1: Number of Users"
2020-04-02 14:28:38 +02:00
if [ " ${# LDAP_ARRAY_Members_sAMAccountName [*] } " -eq " ${# ZABBIX_ARRAY_LDAP_GroupMember_alias [*] } " ] ; then
2020-04-14 13:42:18 +02:00
Print_Status_Done "equal" $GREEN
2020-04-02 14:28:38 +02:00
else
2020-04-14 13:42:18 +02:00
Print_Status_Done "not equal" $RED
2020-04-02 14:28:38 +02:00
b_Must_Sync_Users = "true"
fi
2020-04-14 13:42:18 +02:00
2020-04-02 14:28:38 +02:00
# Check 2:
if [ " $b_Must_Sync_Users " = "false" ] ; then
# make Compare case insensitive, save original settings
orig_nocasematch = $( shopt -p nocasematch)
shopt -s nocasematch
2020-04-14 13:42:18 +02:00
Print_Status_Text "Check 2: Compare Active Directory sAMAccountName with Zabbix Alias"
if [ " $b_verbose " = "true" ] ; then Print_Status_Done "checking" $LIGHTCYAN ; fi
2020-04-02 14:28:38 +02:00
# Check every sAMAccountName and find a alias for it
for ( ( i = 0; i < ${# LDAP_ARRAY_Members_sAMAccountName [*] } ; i++ ) ) ; do
b_alias_was_found = "false"
for ( ( k = 0; k < ${# ZABBIX_ARRAY_LDAP_GroupMember_alias [*] } ; k++ ) ) ; do
if [ [ " ${ LDAP_ARRAY_Members_sAMAccountName [ $i ] } " = = " ${ ZABBIX_ARRAY_LDAP_GroupMember_alias [ $k ] } " ] ] ; then
2020-04-14 13:42:18 +02:00
# printf "."
Print_Verbose_Text " ${ LDAP_ARRAY_Members_sAMAccountName [ $i ] } " "found"
2020-04-02 14:28:38 +02:00
b_alias_was_found = "true"
2020-04-14 13:42:18 +02:00
# if user have found the loop can be finished
2020-04-02 14:28:38 +02:00
break
fi
done
if [ " $b_alias_was_found " = "false" ] ; then
b_Must_Sync_Users = "true"
2020-04-14 13:42:18 +02:00
Print_Verbose_Text " ${ LDAP_ARRAY_Members_sAMAccountName [ $i ] } " "not found"
if [ " $b_verbose " = "true" ] ; then Print_Status_Text "Check 2: Compare Active Directory sAMAccountName with Zabbix Alias" ; fi
Print_Status_Done "mismatch" $RED
# one user was not found, we can exit the test, we must sync
2020-04-02 14:28:38 +02:00
break
fi
done
# restore original case sensitive/insenstive settings
$orig_nocasematch
2020-04-14 13:42:18 +02:00
if [ " $b_verbose " = "true" ] ; then Print_Status_Text "Check 2: Compare Active Directory sAMAccountName with Zabbix Alias" ; fi
if [ " $b_Must_Sync_Users " = "false" ] ; then Print_Status_Done "done" $GREEN ; fi
2020-04-02 14:28:38 +02:00
fi
#############################################################################################################
# _____ _ _ _
# / ____| | | (_) (_)
# | (___ _ _ _ __ ___| |__ _ __ ___ _ __ _ _____ _ __ __ _
# \___ \| | | | '_ \ / __| '_ \| '__/ _ \| '_ \| |_ / | '_ \ / _` |
# ____) | |_| | | | | (__| | | | | | (_) | | | | |/ /| | | | | (_| |
# |_____/ \__, |_| |_|\___|_| |_|_| \___/|_| |_|_/___|_|_| |_|\__, |
# __/ | __/ |
# |___/ |___/
if [ " $b_Must_Sync_Users " = "true" ] ; then
2020-04-14 13:42:18 +02:00
Print_Status_Text "STEP 4: Get all Zabbix Users with alias and userid"
if [ " $b_verbose " = "true" ] ; then Print_Status_Done "checking" $LIGHTCYAN ; fi
if [ " $b_verbose " = "true" ] ; then
echo
echo "--------------------------------------------------------------"
echo "STEP 4: Get all Zabbix Users with alias and userid"
fi
2020-04-02 14:28:38 +02:00
# get a List of all Zabbix Users to get the possible UserIds of new Users
tempvar = ""
declare -a ZABBIX_ARRAY_AllUser_alias
declare -a ZABBIX_ARRAY_AllUser_userid
declare -a ZABBIX_ARRAY_AllUser_RAW
ZABBIX_ARRAY_AllUser_alias = ( )
ZABBIX_ARRAY_AllUser_userid = ( )
2020-04-14 13:42:18 +02:00
if [ " $b_verbose " = "true" ] ; then
printf 'curl -k -s -X POST -H "Content-Type:application/json" -d '
printf "'"
printf '{"jsonrpc": "2.0","method":"user.get","params":{"output":["alias","userid"]},"id":42,"auth":"' $ZABBIX_authentication_token '"}'
printf "'"
echo $ZABBIX_API_URL
fi
2020-04-02 14:28:38 +02:00
tempvar = ` curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"user.get","params":{"output":["alias","userid"]},"id":42,"auth":"' $ZABBIX_authentication_token '"}' $ZABBIX_API_URL `
2020-04-14 13:42:18 +02:00
if [ " $b_verbose " = "true" ] ; then
echo $tempvar
fi
2020-04-02 14:28:38 +02:00
IFS = '"' # " is set as delimiter
ZABBIX_ARRAY_AllUser_RAW = ( $tempvar )
IFS = ' ' # space is set as delimiter
for ( ( i = 0; i < ${# ZABBIX_ARRAY_AllUser_RAW [*] } ; i++ ) ) ; do
# We assume that the UserId and Alias always come one after the other in any order, so the index of the two arrays should match
if [ " ${ ZABBIX_ARRAY_AllUser_RAW [ $i ] } " = "userid" ] ; then
i = $(( $i + 2 ))
ZABBIX_ARRAY_AllUser_userid += ( " ${ ZABBIX_ARRAY_AllUser_RAW [ $i ] } " )
fi
if [ " ${ ZABBIX_ARRAY_AllUser_RAW [ $i ] } " = "alias" ] ; then
i = $(( $i + 2 ))
ZABBIX_ARRAY_AllUser_alias += ( " ${ ZABBIX_ARRAY_AllUser_RAW [ $i ] } " )
fi
done
unset ZABBIX_ARRAY_AllUser_RAW
2020-04-14 13:42:18 +02:00
if [ " $b_verbose " = "true" ] ; then Print_Status_Text "STEP 4: Get all Zabbix Users with alias and userid" ; fi
Print_Status_Done "done" $GREEN
if [ " $b_verbose " = "true" ] ; then
echo "------------------------------------------------------------------------------------------------"
echo "Result from STEP 4: Get all Zabbix Users with alias and userid"
echo "----+----------------------+----------------------+----------------------+----------------------"
printf "%-3s | %-20s | %-20s | %-20s | %-20s" "No." "Alias" "UserId" " " " "
2020-04-02 14:28:38 +02:00
printf "\n"
2020-04-14 13:42:18 +02:00
echo "----+----------------------+----------------------+----------------------+----------------------"
for ( ( i = 0; i < ${# ZABBIX_ARRAY_AllUser_alias [*] } ; i++ ) ) ; do
printf "%-3s | %-20s | %-20s | %-20s | %-20s" " $i " " ${ ZABBIX_ARRAY_AllUser_alias [ $i ] } " " ${ ZABBIX_ARRAY_AllUser_userid [ $i ] } " " " " "
printf "\n"
done
echo "------------------------------------------------------------------------------------------------"
fi
Print_Status_Text "STEP 5: Compare LDAP user with existing Zabbix User"
if [ " $b_verbose " = "true" ] ; then Print_Status_Done "checking" $LIGHTCYAN ; fi
if [ " $b_verbose " = "true" ] ; then
echo
echo "--------------------------------------------------------------"
echo "STEP 5: Compare LDAP user with existing Zabbix User"
fi
2020-04-02 14:28:38 +02:00
# additional Array for Zabbix-UserId
declare -a LDAP_ARRAY_Members_UserId
LDAP_ARRAY_Members_UserId = ( )
# Merker ob wir neue Benutzer anlegen müssen
b_have_to_create_new_user = "false"
# Compare LDAP-User with Zabbix-User
# make Compare case insensitive, save original settings
orig_nocasematch = $( shopt -p nocasematch)
shopt -s nocasematch
2020-04-14 13:42:18 +02:00
i_CounterNewUsers = 0
2020-04-02 14:28:38 +02:00
for ( ( i = 0; i < ${# LDAP_ARRAY_Members_sAMAccountName [*] } ; i++ ) ) ; do
b_we_have_a_winner = "false"
for ( ( k = 0; k < ${# ZABBIX_ARRAY_AllUser_alias [*] } ; k++ ) ) ; do
if [ [ " ${ LDAP_ARRAY_Members_sAMAccountName [ $i ] } " = = " ${ ZABBIX_ARRAY_AllUser_alias [ $k ] } " ] ] ; then
LDAP_ARRAY_Members_UserId += ( " ${ ZABBIX_ARRAY_AllUser_userid [ $k ] } " )
2020-04-14 13:42:18 +02:00
Print_Verbose_Text " Found existing User: ${ LDAP_ARRAY_Members_sAMAccountName [ $i ] } " " ${ ZABBIX_ARRAY_AllUser_alias [ $k ] } "
2020-04-02 14:28:38 +02:00
b_we_have_a_winner = "true"
break
fi
done
# User was found?
if [ " $b_we_have_a_winner " = "false" ] ; then
# User was not found - but we need an array item to have all array index identical and matched to each other
# also mark this User to have to be created
LDAP_ARRAY_Members_UserId += ( "create-user" )
2020-04-14 13:42:18 +02:00
Print_Verbose_Text " No Zabbix user found: ${ LDAP_ARRAY_Members_sAMAccountName [ $i ] } " "will be created"
2020-04-02 14:28:38 +02:00
b_have_to_create_new_user = "true"
2020-04-14 13:42:18 +02:00
i_CounterNewUsers = $(( $i_CounterNewUsers + 1 ))
2020-04-02 14:28:38 +02:00
fi
done
# restore original case sensitive/insenstive settings
$orig_nocasematch
2020-04-14 13:42:18 +02:00
if [ " $b_verbose " = "true" ] ; then Print_Status_Text "STEP 5: Compare LDAP user with existing Zabbix User" ; fi
if [ " $b_have_to_create_new_user " = "true" ] ; then
Print_Status_Done " must create $i_CounterNewUsers new user " $RED
else
Print_Status_Done "done" $GREEN
fi
if [ " $b_verbose " = "true" ] ; then
echo "----------------------------------------------------------------------------------------------------------------------"
echo "Result from STEP 5: Compare LDAP user with existing Zabbix User"
echo "----+----------------------+----------------------+----------------------+--------------------------+-----------------"
printf "%-3s | %-20s | %-20s | %-20s | %-24s | %-20s" "No." "sAMAccountName" "Surname" "Givenname" "Zabbix-UserId" "Email-Address"
2020-04-02 14:28:38 +02:00
printf "\n"
2020-04-14 13:42:18 +02:00
echo "----+----------------------+----------------------+----------------------+--------------------------+-----------------"
for ( ( i = 0; i < ${# LDAP_ARRAY_Members_sAMAccountName [*] } ; i++ ) ) ; do
printf "%-3s | %-20s | %-20s | %-20s | %-24s | %-20s" " $i " " ${ LDAP_ARRAY_Members_sAMAccountName [ $i ] } " " ${ LDAP_ARRAY_Members_Surname [ $i ] } " " ${ LDAP_ARRAY_Members_Givenname [ $i ] } " " ${ LDAP_ARRAY_Members_UserId [ $i ] } " " ${ LDAP_ARRAY_Members_Email [ $i ] } "
printf "\n"
done
echo "----------------------------------------------------------------------------------------------------------------------"
fi
2020-04-02 14:28:38 +02:00
#############################################################################################################
if [ " $b_have_to_create_new_user " = "true" ] ; then
2020-04-14 13:42:18 +02:00
Print_Status_Text " STEP 6: Create needed $i_CounterNewUsers new Zabbix-User "
if [ " $b_verbose " = "true" ] ; then Print_Status_Done "checking" $LIGHTCYAN ; fi
if [ " $b_verbose " = "true" ] ; then
echo "--------------------------------------------------------------"
echo " STEP 6: Create needed $i_CounterNewUsers new Zabbix-User "
fi
2020-04-02 14:28:38 +02:00
declare -a ZABBIX_ARRAY_New_User_RAW
# Search for all User with UserId "create-user"
for ( ( i = 0; i < ${# LDAP_ARRAY_Members_sAMAccountName [*] } ; i++ ) ) ; do
if [ " ${ LDAP_ARRAY_Members_UserId [ $i ] } " = "create-user" ] ; then
2020-04-14 13:42:18 +02:00
# printf "Create new user ${LDAP_ARRAY_Members_sAMAccountName[$i]} ... "
2020-04-02 14:28:38 +02:00
tempSAM = '"' " ${ LDAP_ARRAY_Members_sAMAccountName [ $i ] } " '"'
# Check the things we have
create_combination = ""
2020-04-14 13:42:18 +02:00
if [ " ${ LDAP_ARRAY_Members_Surname [ $i ] } " != " - " ] ; then
2020-04-02 14:28:38 +02:00
create_combination += "X"
tempSURNAME = '"' " ${ LDAP_ARRAY_Members_Surname [ $i ] } " '"'
2020-04-14 13:42:18 +02:00
Print_Verbose_Text "tempSURNAME" " $tempSURNAME "
2020-04-02 14:28:38 +02:00
else
create_combination += "O"
fi
2020-04-14 13:42:18 +02:00
if [ " ${ LDAP_ARRAY_Members_Givenname [ $i ] } " != " - " ] ; then
2020-04-02 14:28:38 +02:00
create_combination += "X"
tempNAME = '"' " ${ LDAP_ARRAY_Members_Givenname [ $i ] } " '"'
2020-04-14 13:42:18 +02:00
Print_Verbose_Text "tempNAME" " $tempNAME "
2020-04-02 14:28:38 +02:00
else
create_combination += "O"
fi
2020-04-14 13:42:18 +02:00
if [ " ${ LDAP_ARRAY_Members_Email [ $i ] } " != " - " ] ; then
2020-04-02 14:28:38 +02:00
create_combination += "X"
tempEmail = '"' " ${ LDAP_ARRAY_Members_Email [ $i ] } " '"'
2020-04-14 13:42:18 +02:00
Print_Verbose_Text "tempEmail" " $tempEmail "
2020-04-02 14:28:38 +02:00
else
create_combination += "O"
fi
2020-04-14 13:42:18 +02:00
Print_Verbose_Text "Create Combination" " $create_combination "
2020-04-02 14:28:38 +02:00
# create_combination should be OOO, OOX, OXO, OXX, XOO, XOX, XXO or XXX
tempvar = ""
case " $create_combination " in
"OOO" ) # No Surname, Givenname or Email
2020-04-02 14:30:44 +02:00
tempvar = ` curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc":"2.0","method":"user.create","params":{"alias":' " $tempSAM " ',"usrgrps":[{"usrgrpid":"' $ZABBIX_LDAP_Group_UsrGrpId '"}],"type":' $ZABBIX_UserType_User '},"id":42,"auth":"' $ZABBIX_authentication_token '"}' $ZABBIX_API_URL `
2020-04-02 14:28:38 +02:00
; ;
"OOX" ) # Email, but no Surname or Givenname
2020-04-02 14:30:44 +02:00
tempvar = ` curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc":"2.0","method":"user.create","params":{"alias":' " $tempSAM " ',"user_medias":[{"mediatypeid": "' $ZABBIX_MediaTypeID '","sendto":[' " $tempEmail " ']}],"usrgrps":[{"usrgrpid":"' $ZABBIX_LDAP_Group_UsrGrpId '"}],"type":' $ZABBIX_UserType_User '},"id":42,"auth":"' $ZABBIX_authentication_token '"}' $ZABBIX_API_URL `
2020-04-02 14:28:38 +02:00
; ;
"OXO" ) # Givenname, but no Surname or Email
2020-04-02 14:30:44 +02:00
tempvar = ` curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc":"2.0","method":"user.create","params":{"alias":' " $tempSAM " ',"name":' " $tempNAME " ',"usrgrps":[{"usrgrpid":"' $ZABBIX_LDAP_Group_UsrGrpId '"}],"type":' $ZABBIX_UserType_User '},"id":42,"auth":"' $ZABBIX_authentication_token '"}' $ZABBIX_API_URL `
2020-04-02 14:28:38 +02:00
; ;
"OXX" ) # Givenname and Email, no Surname
2020-04-02 14:30:44 +02:00
tempvar = ` curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc":"2.0","method":"user.create","params":{"alias":' " $tempSAM " ',"user_medias":[{"mediatypeid": "' $ZABBIX_MediaTypeID '","sendto":[' " $tempEmail " ']}],"name":' " $tempNAME " ',"usrgrps":[{"usrgrpid":"' $ZABBIX_LDAP_Group_UsrGrpId '"}],"type":' $ZABBIX_UserType_User '},"id":42,"auth":"' $ZABBIX_authentication_token '"}' $ZABBIX_API_URL `
2020-04-02 14:28:38 +02:00
; ;
"XOO" ) # Surname, but no Givenname or Email
2020-04-02 14:30:44 +02:00
tempvar = ` curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc":"2.0","method":"user.create","params":{"alias":' " $tempSAM " ',"surname":' " $tempSURNAME " ',"usrgrps":[{"usrgrpid":"' $ZABBIX_LDAP_Group_UsrGrpId '"}],"type":' $ZABBIX_UserType_User '},"id":42,"auth":"' $ZABBIX_authentication_token '"}' $ZABBIX_API_URL `
2020-04-02 14:28:38 +02:00
; ;
"XOX" ) # Surname and Email, but no Givenname
2020-04-02 14:30:44 +02:00
tempvar = ` curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"user.create","params":{"alias":' " $tempSAM " ',"surname":' " $tempSURNAME " ',"user_medias":[{"mediatypeid": "' $ZABBIX_MediaTypeID '","sendto":[' " $tempEmail " ']}],"usrgrps":[{"usrgrpid":"' $ZABBIX_LDAP_Group_UsrGrpId '"}],"type":' $ZABBIX_UserType_User '},"id":42,"auth":"' $ZABBIX_authentication_token '"}' $ZABBIX_API_URL `
2020-04-02 14:28:38 +02:00
; ;
"XXO" ) # Surname and Givenname, but no Email
2020-04-02 14:30:44 +02:00
tempvar = ` curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc":"2.0","method":"user.create","params":{"alias":' " $tempSAM " ',"name":' " $tempNAME " ',"surname":' " $tempSURNAME " ',"usrgrps":[{"usrgrpid":"' $ZABBIX_LDAP_Group_UsrGrpId '"}],"type":' $ZABBIX_UserType_User '},"id":42,"auth":"' $ZABBIX_authentication_token '"}' $ZABBIX_API_URL `
2020-04-02 14:28:38 +02:00
; ;
"XXX" ) # Surname, Givenname and Email
2020-04-02 14:30:44 +02:00
tempvar = ` curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"user.create","params":{"alias":' " $tempSAM " ',"name":' " $tempNAME " ',"surname":' " $tempSURNAME " ',"user_medias":[{"mediatypeid": "' $ZABBIX_MediaTypeID '","sendto":[' " $tempEmail " ']}],"usrgrps":[{"usrgrpid":"' $ZABBIX_LDAP_Group_UsrGrpId '"}],"type":' $ZABBIX_UserType_User '},"id":42,"auth":"' $ZABBIX_authentication_token '"}' $ZABBIX_API_URL `
2020-04-02 14:28:38 +02:00
; ;
esac
2020-04-14 13:42:18 +02:00
if [ " $b_verbose " = "true" ] ; then echo " $tempvar " ; fi
2020-04-02 14:28:38 +02:00
# Catch the new UserId from the answer
IFS = '"' # " is set as delimiter
ZABBIX_ARRAY_New_User_RAW = ( $tempvar )
IFS = ' ' # space is set as delimiter
for ( ( k = 0; k < ${# ZABBIX_ARRAY_New_User_RAW [*] } ; k++ ) ) ; do
if [ " ${ ZABBIX_ARRAY_New_User_RAW [ $k ] } " = "userids" ] ; then
k = $(( $k + 2 ))
LDAP_ARRAY_Members_UserId[ $i ] = " ${ ZABBIX_ARRAY_New_User_RAW [ $k ] } "
fi
done
2020-04-14 13:42:18 +02:00
Print_Verbose_Text " Created: ${ LDAP_ARRAY_Members_sAMAccountName [ $i ] } " " LDAP_ARRAY_Members_UserId[ $i ] "
2020-04-02 14:28:38 +02:00
fi
done
2020-04-14 13:42:18 +02:00
if [ " $b_verbose " = "true" ] ; then Print_Status_Text " STEP 6: Create needed $i_CounterNewUsers new Zabbix-User " ; fi
Print_Status_Done "done" $GREEN
if [ " $b_verbose " = "true" ] ; then
echo "-------------------------------------------------------------------------------------------------------------"
echo "Result from STEP 6: Create needed new Zabbix-User"
echo "----+----------------------+----------------------+----------------------+--------------------------+-----------------"
printf "%-3s | %-20s | %-20s | %-20s | %-24s | %-20s" "No." "sAMAccountName" "Surname" "Givenname" "Zabbix-UserId" "Email-Address"
2020-04-02 14:28:38 +02:00
printf "\n"
2020-04-14 13:42:18 +02:00
echo "----+----------------------+----------------------+----------------------+--------------------------+-----------------"
for ( ( i = 0; i < ${# LDAP_ARRAY_Members_sAMAccountName [*] } ; i++ ) ) ; do
printf "%-3s | %-20s | %-20s | %-20s | %-24s | %-20s" " $i " " ${ LDAP_ARRAY_Members_sAMAccountName [ $i ] } " " ${ LDAP_ARRAY_Members_Surname [ $i ] } " " ${ LDAP_ARRAY_Members_Givenname [ $i ] } " " ${ LDAP_ARRAY_Members_UserId [ $i ] } " " ${ LDAP_ARRAY_Members_Email [ $i ] } "
printf "\n"
done
echo "----------------------------------------------------------------------------------------------------------------------"
fi
2020-04-14 14:28:17 +02:00
else
Print_Status_Text " STEP 6: Create needed $i_CounterNewUsers new Zabbix-User "
Print_Status_Done "skipped" $GREEN
2020-04-02 14:28:38 +02:00
fi
#############################################################################################################
2020-04-14 14:28:17 +02:00
Print_Status_Text " STEP 7: Replace Members of Group $ZABBIX_Groupname_for_Sync "
2020-04-14 13:42:18 +02:00
if [ " $b_verbose " = "true" ] ; then Print_Status_Done "checking" $LIGHTCYAN ; fi
if [ " $b_verbose " = "true" ] ; then
echo "--------------------------------------------------------------"
2020-04-14 14:28:17 +02:00
echo " STEP 7: Replace Members of Group $ZABBIX_Groupname_for_Sync "
2020-04-14 13:42:18 +02:00
fi
2020-04-02 14:28:38 +02:00
tempvar = ""
list_of_userids = ""
for ( ( i = 0; i < ${# LDAP_ARRAY_Members_sAMAccountName [*] } ; i++ ) ) ; do
list_of_userids += '"' ${ LDAP_ARRAY_Members_UserId [ $i ] } '"'
list_of_userids += ","
done
2020-04-14 13:42:18 +02:00
# maybe the list is empty! So we have to check
if [ " $list_of_userids " != "" ] ; then list_of_userids = ${ list_of_userids : :- 1 } ; fi
2020-04-14 14:28:17 +02:00
if [ " $b_verbose " = "true" ] ; then printf " Update Zabbix Group $ZABBIX_Groupname_for_Sync via API (Replace) " ; fi
2020-04-14 13:42:18 +02:00
if [ " $b_verbose " = "true" ] ; then
printf 'curl -k -s -X POST -H "Content-Type:application/json" -d '
printf "'"
printf '{"jsonrpc": "2.0","method":"usergroup.update","params":{"usrgrpid":"' $ZABBIX_LDAP_Group_UsrGrpId '","userids":[' $list_of_userids ']},"id":42,"auth":"' $ZABBIX_authentication_token '"}'
printf "' "
echo $ZABBIX_API_URL
fi
2020-04-02 14:28:38 +02:00
tempvar = ` curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"usergroup.update","params":{"usrgrpid":"' $ZABBIX_LDAP_Group_UsrGrpId '","userids":[' $list_of_userids ']},"id":42,"auth":"' $ZABBIX_authentication_token '"}' $ZABBIX_API_URL `
2020-04-14 13:42:18 +02:00
if [ " $b_verbose " = "true" ] ; then echo $tempvar ; fi
2020-04-14 14:28:17 +02:00
if [ " $b_verbose " = "true" ] ; then Print_Status_Text " STEP 7: Replace Members of Group $ZABBIX_Groupname_for_Sync " ; fi
2020-04-14 13:42:18 +02:00
Print_Status_Done "done" $GREEN
2020-04-02 14:28:38 +02:00
#############################################################################################################
# 1. get a List of all User in the "Disabled User" group
# 2. Remove all active user from this List
# 3. Add all user wich was removed from LDAP-Group but was in the Zabbix-LDAP-Group found
# 4. Update Members of Group "Disabled User" via Zabbix API
2020-04-14 13:42:18 +02:00
Print_Status_Text " STEP 8: Get List of all disabled user in Group $ZABBIX_Disabled_User_Group "
if [ " $b_verbose " = "true" ] ; then Print_Status_Done "checking" $LIGHTCYAN ; fi
if [ " $b_verbose " = "true" ] ; then
echo "--------------------------------------------------------------"
echo " STEP 8: Get List of all disabled user in Group $ZABBIX_Disabled_User_Group "
fi
2020-04-02 14:28:38 +02:00
# 1. get a List of all User in the "Disabled User" group
declare -a ZABBIX_ARRAY_disabled_User_userid
declare -a ZABBIX_ARRAY_disabled_User_RAW
ZABBIX_ARRAY_disabled_User_userid = ( )
2020-04-14 13:42:18 +02:00
if [ " $b_verbose " = "true" ] ; then
printf 'curl -k -s -X POST -H "Content-Type:application/json" -d '
printf "'"
printf '{"jsonrpc": "2.0","method":"user.get","params":{"usrgrpids":"' $ZABBIX_Disabled_Group_UsrGrpId '","output":["userid"],"status":1},"id":42,"auth":"' $ZABBIX_authentication_token '"}'
printf "'"
echo $ZABBIX_API_URL
fi
2020-04-02 14:28:38 +02:00
tempvar = ` curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"user.get","params":{"usrgrpids":"' $ZABBIX_Disabled_Group_UsrGrpId '","output":["userid"],"status":1},"id":42,"auth":"' $ZABBIX_authentication_token '"}' $ZABBIX_API_URL `
2020-04-14 13:42:18 +02:00
if [ " $b_verbose " = "true" ] ; then echo $tempvar ; fi
2020-04-02 14:28:38 +02:00
IFS = '"' # " is set as delimiter
ZABBIX_ARRAY_disabled_User_RAW = ( $tempvar )
IFS = ' ' # space is set as delimiter
for ( ( i = 0; i < ${# ZABBIX_ARRAY_disabled_User_RAW [*] } ; i++ ) ) ; do
if [ " ${ ZABBIX_ARRAY_disabled_User_RAW [ $i ] } " = "userid" ] ; then
i = $(( $i + 2 ))
ZABBIX_ARRAY_disabled_User_userid += ( " ${ ZABBIX_ARRAY_disabled_User_RAW [ $i ] } " )
fi
done
unset ZABBIX_ARRAY_disabled_User_RAW
2020-04-14 13:42:18 +02:00
if [ " $b_verbose " = "true" ] ; then Print_Status_Text " STEP 8: Get List of all disabled user in Group $ZABBIX_Disabled_User_Group " ; fi
Print_Status_Done "done" $GREEN
Print_Status_Text "STEP 9: Remove active user, add inactive user"
if [ " $b_verbose " = "true" ] ; then Print_Status_Done "checking" $LIGHTCYAN ; fi
if [ " $b_verbose " = "true" ] ; then
echo "--------------------------------------------------------------"
echo "STEP 9: Remove active user, add inactive user"
fi
2020-04-02 14:28:38 +02:00
# 2. Remove all active user from this List
# 3. Add all user wich was removed from LDAP-Group but was in the Zabbix-LDAP-Group found
declare -a new_ZABBIX_ARRAY_disabled_User_userid
new_ZABBIX_ARRAY_disabled_User_userid = ( )
2020-04-14 13:42:18 +02:00
if [ " $b_verbose " = "true" ] ; then Print_Status_Text "Removing active Users from List" ; fi
2020-04-02 14:28:38 +02:00
for ( ( i = 0; i < ${# ZABBIX_ARRAY_disabled_User_userid [*] } ; i++ ) ) ; do
b_skip_this_user = "false"
for ( ( k = 0; k < ${# LDAP_ARRAY_Members_UserId [*] } ; k++ ) ) ; do
if [ " ${ ZABBIX_ARRAY_disabled_User_userid [ $i ] } " = " ${ LDAP_ARRAY_Members_UserId [ $k ] } " ] ; then
b_skip_this_user = "true"
fi
done
if [ " $b_skip_this_user " = "false" ] ; then
new_ZABBIX_ARRAY_disabled_User_userid += ( " ${ ZABBIX_ARRAY_disabled_User_userid [ $i ] } " )
fi
done
2020-04-14 13:42:18 +02:00
if [ " $b_verbose " = "true" ] ; then Print_Status_Done "done" $GREEN ; fi
if [ " $b_verbose " = "true" ] ; then Print_Status_Text "Adding inactive Users" ; fi
2020-04-02 14:28:38 +02:00
for ( ( i = 0; i < ${# ZABBIX_ARRAY_LDAP_GroupMember_userid [*] } ; i++ ) ) ; do
b_skip_this_user = "false"
for ( ( k = 0; k < ${# LDAP_ARRAY_Members_UserId [*] } ; k++ ) ) ; do
if [ " ${ ZABBIX_ARRAY_LDAP_GroupMember_userid [ $i ] } " = " ${ LDAP_ARRAY_Members_UserId [ $k ] } " ] ; then
b_skip_this_user = "true"
fi
done
if [ " $b_skip_this_user " = "false" ] ; then
new_ZABBIX_ARRAY_disabled_User_userid += ( " ${ ZABBIX_ARRAY_LDAP_GroupMember_userid [ $i ] } " )
fi
done
2020-04-14 13:42:18 +02:00
if [ " $b_verbose " = "true" ] ; then Print_Status_Done "done" $GREEN ; fi
if [ " $b_verbose " = "true" ] ; then Print_Status_Text "STEP 9: Remove active user, add inactive user" ; fi
Print_Status_Done "done" $GREEN
Print_Status_Text " STEP 10: Replace Members of Group $ZABBIX_Disabled_User_Group "
if [ " $b_verbose " = "true" ] ; then Print_Status_Done "checking" $LIGHTCYAN ; fi
if [ " $b_verbose " = "true" ] ; then
echo "--------------------------------------------------------------"
echo " STEP 10: Replace Members of Group $ZABBIX_Disabled_User_Group "
fi
2020-04-02 14:28:38 +02:00
tempvar = ""
2020-04-14 13:42:18 +02:00
# maybe the list is empty! So we have to check
if [ " $list_of_userids " != "" ] ; then list_of_userids = ${ list_of_userids : :- 1 } ; fi
2020-04-02 14:28:38 +02:00
for ( ( i = 0; i < ${# new_ZABBIX_ARRAY_disabled_User_userid [*] } ; i++ ) ) ; do
list_of_userids += '"' ${ new_ZABBIX_ARRAY_disabled_User_userid [ $i ] } '"'
list_of_userids += ","
done
list_of_userids = ${ list_of_userids : :- 1 }
2020-04-14 13:42:18 +02:00
if [ " $b_verbose " = "true" ] ; then
printf 'curl -k -s -X POST -H "Content-Type:application/json" -d '
printf "'"
printf '{"jsonrpc": "2.0","method":"usergroup.update","params":{"usrgrpid":"' $ZABBIX_Disabled_Group_UsrGrpId '","userids":[' $list_of_userids ']},"id":42,"auth":"' $ZABBIX_authentication_token '"}'
printf "' "
echo $ZABBIX_API_URL
fi
2020-04-02 14:28:38 +02:00
tempvar = ` curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"usergroup.update","params":{"usrgrpid":"' $ZABBIX_Disabled_Group_UsrGrpId '","userids":[' $list_of_userids ']},"id":42,"auth":"' $ZABBIX_authentication_token '"}' $ZABBIX_API_URL `
2020-04-14 13:42:18 +02:00
if [ " $b_verbose " = "true" ] ; then echo $tempvar ; fi
if [ " $b_verbose " = "true" ] ; then Print_Status_Text " STEP 10: Replace Members of Group $ZABBIX_Disabled_User_Group " ; fi
Print_Status_Done "done" $GREEN
2020-04-02 14:28:38 +02:00
#############################################################################################################
2020-04-14 14:28:17 +02:00
Print_Status_Text " STEP 11: Replace Members of Group $ZABBIX_Groupname_for_Sync (2. Time) "
2020-04-14 13:42:18 +02:00
if [ " $b_verbose " = "true" ] ; then Print_Status_Done "checking" $LIGHTCYAN ; fi
if [ " $b_verbose " = "true" ] ; then
echo "--------------------------------------------------------------"
2020-04-14 14:28:17 +02:00
echo " STEP 11: Replace Members of Group $ZABBIX_Groupname_for_Sync (2. Time) "
2020-04-14 13:42:18 +02:00
fi
2020-04-02 14:28:38 +02:00
# we have to do this twice if we move user between enabled and disabled and they are only in the Zabbix-LDAP-Group - they must be in one Group!"
# If a user is a now a member of the deactivated user group we can now remove the user from the Zabbix-LDAP-Group
tempvar = ""
list_of_userids = ""
for ( ( i = 0; i < ${# LDAP_ARRAY_Members_sAMAccountName [*] } ; i++ ) ) ; do
list_of_userids += '"' ${ LDAP_ARRAY_Members_UserId [ $i ] } '"'
list_of_userids += ","
done
2020-04-14 13:42:18 +02:00
# maybe the list is empty! So we have to check
if [ " $list_of_userids " != "" ] ; then list_of_userids = ${ list_of_userids : :- 1 } ; fi
2020-04-02 14:28:38 +02:00
tempvar = ` curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"usergroup.update","params":{"usrgrpid":"' $ZABBIX_LDAP_Group_UsrGrpId '","userids":[' $list_of_userids ']},"id":42,"auth":"' $ZABBIX_authentication_token '"}' $ZABBIX_API_URL `
2020-04-14 14:28:17 +02:00
if [ " $b_verbose " = "true" ] ; then Print_Status_Text " STEP 11: Replace Members of Group $ZABBIX_Groupname_for_Sync (2. Time) " ; fi
2020-04-14 13:42:18 +02:00
Print_Status_Done "done" $GREEN
2020-04-02 14:28:38 +02:00
else
2020-04-14 13:42:18 +02:00
Print_Status_Text "STEP 3: Compare Groups for changes"
Print_Status_Done "no changes" $GREEN
2020-04-02 14:28:38 +02:00
fi
#############################################################################################################
# ______ _ _ _ _ _
# |___ / | | | | (_) | | | |
# / / __ _| |__ | |__ ___ __ | | ___ __ _ ___ _ _| |_
# / / / _` | '_ \| '_ \| \ \/ / | | / _ \ / _` |/ _ \| | | | __|
# / /_| (_| | |_) | |_) | |> < | |___| (_) | (_| | (_) | |_| | |_
# /_____\__,_|_.__/|_.__/|_/_/\_\ |______\___/ \__, |\___/ \__,_|\__|
# __/ |
# |___/
2020-04-14 13:42:18 +02:00
# Logout before exit
if [ " $b_Zabbix_is_logged_in " = "true" ] ; then
Zabbix_Logout
fi
#############################################################################################################
2020-04-02 14:28:38 +02:00
exit 0
