Zwischenstand: mit 1 Gruppe, Leere gruppen erlaubt

This commit is contained in:
root@zabbix.znil.net 2020-04-14 13:42:18 +02:00
parent 5981427f8a
commit 318b19a5ff
2 changed files with 300 additions and 180 deletions

1
.gitignore vendored
View File

@ -1,3 +1,2 @@
.gitignore
config-znil.sh config-znil.sh

View File

@ -2,7 +2,7 @@
############################################################################################################# #############################################################################################################
# Script Name ...: zabbix-ldap-sync.sh # Script Name ...: zabbix-ldap-sync.sh
# Version .......: V1.0 # Version .......: V1.0
# Date ..........: 01.04.2020 # Date ..........: 09.04.2020
# Description....: Synchronise Members of a Actice Directory Group with Zabbix via API # Description....: Synchronise Members of a Actice Directory Group with Zabbix via API
# User wich are removed will be deactivated # User wich are removed will be deactivated
# Args ..........: # Args ..........:
@ -128,8 +128,10 @@ Zabbix_Logout () {
echo " $ZABBIX_API_URL" echo " $ZABBIX_API_URL"
fi fi
myJSON=$(curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"user.logout","params":[],"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL) myJSON=$(curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"user.logout","params":[],"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL)
if [ "$b_verbose" = "true" ]; then echo "Answer from API: $myJSON"; fi
if [ "$b_verbose" = "true" ]; then Print_Status_Text "Logout Zabbix API"; fi if [ "$b_verbose" = "true" ]; then Print_Status_Text "Logout Zabbix API"; fi
Print_Status_Done "done" $GREEN Print_Status_Done "done" $GREEN
b_Zabbix_is_logged_in="false"
} }
# Zabbix_Logout ### START Function ################################################################################################################################################################################## # Zabbix_Logout ### START Function ##################################################################################################################################################################################
# _____ _ _ # _____ _ _
@ -183,6 +185,9 @@ if [ "$b_Unknown_Parameter" = "true" ]; then
exit 1 exit 1
fi fi
############################################################################################################# #############################################################################################################
# Clear Screen
clear
#############################################################################################################
if [ "$b_silent" = "false" ]; then if [ "$b_silent" = "false" ]; then
echo "---------------------------------------------------------------------------" echo "---------------------------------------------------------------------------"
echo "zabbix-ldap-sync.sh (Version $Script_Version) startup" echo "zabbix-ldap-sync.sh (Version $Script_Version) startup"
@ -444,6 +449,7 @@ else
Print_Error "Exitcode ldapsearch not zero: $(Translate_ldapsearch_exitcode $ldapsearch_exitcode)\nTry -v -p and test command by hand" Print_Error "Exitcode ldapsearch not zero: $(Translate_ldapsearch_exitcode $ldapsearch_exitcode)\nTry -v -p and test command by hand"
exit 1 exit 1
fi fi
if [ "$b_verbose" = "true" ]; then Print_Status_Text "STEP 1: Getting all Members from Active Directory / LDAP Group"; fi
Print_Status_Done "done" $GREEN Print_Status_Done "done" $GREEN
if [ "$b_verbose" = "true" ]; then if [ "$b_verbose" = "true" ]; then
echo 'Got "Distinguished Name" for '${#LDAP_ARRAY_Members_DN[*]}' members:' echo 'Got "Distinguished Name" for '${#LDAP_ARRAY_Members_DN[*]}' members:'
@ -452,17 +458,18 @@ if [ "$b_verbose" = "true" ]; then
done done
echo "--------------------------------------------------------------" echo "--------------------------------------------------------------"
fi fi
# Needed additional arrays
declare -a LDAP_ARRAY_Members_sAMAccountName declare -a LDAP_ARRAY_Members_sAMAccountName
declare -a LDAP_ARRAY_Members_Surname declare -a LDAP_ARRAY_Members_Surname
declare -a LDAP_ARRAY_Members_Givenname declare -a LDAP_ARRAY_Members_Givenname
declare -a LDAP_ARRAY_Members_Email declare -a LDAP_ARRAY_Members_Email
# Only catch the rest if there members in the group
if [ "${#LDAP_ARRAY_Members_DN[*]}" -gt 0 ]; then
Print_Status_Text "Query sAMAccountName, sn, givenName and primary Email-Address"
LDAP_ARRAY_Members_sAMAccountName=() LDAP_ARRAY_Members_sAMAccountName=()
LDAP_ARRAY_Members_Surname=() LDAP_ARRAY_Members_Surname=()
LDAP_ARRAY_Members_Givenname=() LDAP_ARRAY_Members_Givenname=()
LDAP_ARRAY_Members_Email=() LDAP_ARRAY_Members_Email=()
# Only catch the rest if there members in the group
if [ "${#LDAP_ARRAY_Members_DN[*]}" -gt 0 ]; then
Print_Status_Text "Query sAMAccountName, sn, givenName and primary Email-Address"
# Maybe a User have no Surname, Givenname and/or Email - but the will be always a sAMAccountName # Maybe a User have no Surname, Givenname and/or Email - but the will be always a sAMAccountName
# the checks are used for testing this. Set to false for the first run of the loop # the checks are used for testing this. Set to false for the first run of the loop
b_check_sAMAccountName="false" b_check_sAMAccountName="false"
@ -475,13 +482,13 @@ if [ "${#LDAP_ARRAY_Members_DN[*]}" -gt 0 ]; then
# First run of loop will be skipped because b_check_sAMAccountName is false # First run of loop will be skipped because b_check_sAMAccountName is false
if [ "$b_check_sAMAccountName" = "true" ]; then if [ "$b_check_sAMAccountName" = "true" ]; then
if [ "$b_check_Surname" = "false" ]; then if [ "$b_check_Surname" = "false" ]; then
LDAP_ARRAY_Members_Surname+=(" ") LDAP_ARRAY_Members_Surname+=(" - ")
fi fi
if [ "$b_check_Givenname" = "false" ]; then if [ "$b_check_Givenname" = "false" ]; then
LDAP_ARRAY_Members_Givenname+=(" ") LDAP_ARRAY_Members_Givenname+=(" - ")
fi fi
if [ "$b_check_Email" = "false" ]; then if [ "$b_check_Email" = "false" ]; then
LDAP_ARRAY_Members_Email+=(" ") LDAP_ARRAY_Members_Email+=(" - ")
fi fi
fi fi
if [ LDAP_Ignore_SSL_Certificate = "false" ]; then if [ LDAP_Ignore_SSL_Certificate = "false" ]; then
@ -505,33 +512,42 @@ if [ "${#LDAP_ARRAY_Members_DN[*]}" -gt 0 ]; then
if [ "${LDAP_ARRAY_Members_RAW[$k]}" = "sAMAccountName" ]; then if [ "${LDAP_ARRAY_Members_RAW[$k]}" = "sAMAccountName" ]; then
k=$(($k + 1)) k=$(($k + 1))
# echo "add SAM: ${LDAP_ARRAY_Members_RAW[$k]}" # echo "add SAM: ${LDAP_ARRAY_Members_RAW[$k]}"
printf "."
LDAP_ARRAY_Members_sAMAccountName+=("${LDAP_ARRAY_Members_RAW[$k]}") LDAP_ARRAY_Members_sAMAccountName+=("${LDAP_ARRAY_Members_RAW[$k]}")
b_check_sAMAccountName="true" b_check_sAMAccountName="true"
fi fi
if [ "${LDAP_ARRAY_Members_RAW[$k]}" = "sn" ]; then if [ "${LDAP_ARRAY_Members_RAW[$k]}" = "sn" ]; then
k=$(($k + 1)) k=$(($k + 1))
# echo "add SN: ${LDAP_ARRAY_Members_RAW[$k]}" # echo "add SN: ${LDAP_ARRAY_Members_RAW[$k]}"
printf "."
LDAP_ARRAY_Members_Surname+=("${LDAP_ARRAY_Members_RAW[$k]}") LDAP_ARRAY_Members_Surname+=("${LDAP_ARRAY_Members_RAW[$k]}")
b_check_Surname="true" b_check_Surname="true"
fi fi
if [ "${LDAP_ARRAY_Members_RAW[$k]}" = "givenName" ]; then if [ "${LDAP_ARRAY_Members_RAW[$k]}" = "givenName" ]; then
k=$(($k + 1)) k=$(($k + 1))
# echo "add givenName: ${LDAP_ARRAY_Members_RAW[$k]}" # echo "add givenName: ${LDAP_ARRAY_Members_RAW[$k]}"
printf "."
LDAP_ARRAY_Members_Givenname+=("${LDAP_ARRAY_Members_RAW[$k]}") LDAP_ARRAY_Members_Givenname+=("${LDAP_ARRAY_Members_RAW[$k]}")
b_check_Givenname="true" b_check_Givenname="true"
fi fi
if [ "${LDAP_ARRAY_Members_RAW[$k]}" = "mail" ]; then if [ "${LDAP_ARRAY_Members_RAW[$k]}" = "mail" ]; then
k=$(($k + 1)) k=$(($k + 1))
# echo "add Email: ${LDAP_ARRAY_Members_RAW[$k]}" # echo "add Email: ${LDAP_ARRAY_Members_RAW[$k]}"
printf "."
LDAP_ARRAY_Members_Email+=("${LDAP_ARRAY_Members_RAW[$k]}") LDAP_ARRAY_Members_Email+=("${LDAP_ARRAY_Members_RAW[$k]}")
b_check_Email="true" b_check_Email="true"
fi fi
done done
done done
# If only one user is in group and some Values are missing ... we need a special treatment for this:
if [ "$b_check_sAMAccountName" = "true" ]; then
if [ "$b_check_Surname" = "false" ]; then
LDAP_ARRAY_Members_Surname+=(" - ")
fi
if [ "$b_check_Givenname" = "false" ]; then
LDAP_ARRAY_Members_Givenname+=(" - ")
fi
if [ "$b_check_Email" = "false" ]; then
LDAP_ARRAY_Members_Email+=(" - ")
fi
fi
Print_Status_Done "done" $GREEN Print_Status_Done "done" $GREEN
fi fi
unset LDAP_ARRAY_Members_RAW unset LDAP_ARRAY_Members_RAW
@ -551,6 +567,8 @@ if [ "$b_verbose" = "true" ]; then
echo echo
fi fi
############################################################################################################# #############################################################################################################
# ______ _ _ _ _ _ # ______ _ _ _ _ _
# |___ / | | | | (_) | | (_) # |___ / | | | | (_) | | (_)
@ -585,10 +603,12 @@ if [ "${#ZABBIX_authentication_token}" -ne 32 ]; then
else else
b_Zabbix_is_logged_in="true" b_Zabbix_is_logged_in="true"
fi fi
if [ "$b_verbose" = "true" ]; then Print_Status_Text "Login at Zabbix API"; fi Print_Verbose_Text "b_Zabbix_is_logged_in" "$b_Zabbix_is_logged_in"
if [ "$b_verbose" = "true" ]; then
Print_Status_Text "Login at Zabbix API"
fi
Print_Status_Done "done" $GREEN Print_Status_Done "done" $GREEN
Zabbix_Logout
exit 1
############################################################################################################# #############################################################################################################
# ____ ______ _ _ _ _____ # ____ ______ _ _ _ _____
# / __ \ |___ / | | | | (_) / ____| # / __ \ |___ / | | | | (_) / ____|
@ -599,6 +619,9 @@ exit 1
# __/ | | | # __/ | | |
# |___/ |_| # |___/ |_|
# Get UserGrpIds and Members of existing LDAP-User Group in Zabbix # Get UserGrpIds and Members of existing LDAP-User Group in Zabbix
Print_Status_Text "STEP 2: Get Members of Zabbix-LDAP Groups"
Print_Status_Done "checking" $LIGHTCYAN
if [ "$b_verbose" = "true" ]; then
echo echo
echo "STEP 2: Get Members of Zabbix-LDAP Group" echo "STEP 2: Get Members of Zabbix-LDAP Group"
echo "--------------------------------------------------------------" echo "--------------------------------------------------------------"
@ -607,12 +630,22 @@ echo "Zabbix Disabled User Group Name : $ZABBIX_Disabled_User_Group"
echo "Zabbix API URL .................: $ZABBIX_API_User" echo "Zabbix API URL .................: $ZABBIX_API_User"
echo "Zabbix API User ................: $LDAP_Bind_User_DN" echo "Zabbix API User ................: $LDAP_Bind_User_DN"
echo "--------------------------------------------------------------" echo "--------------------------------------------------------------"
fi
############################################################################################################# #############################################################################################################
# Get UsrGrpIds # Get UsrGrpIds
printf "determine UsrGrpID of $ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync ... " Print_Status_Text 'determine UsrGrpID of "'$ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync'"'
if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
declare -a ZABBIX_ARRAY_usrgrpid_RAW declare -a ZABBIX_ARRAY_usrgrpid_RAW
if [ "$b_verbose" = "true" ]; then
printf 'curl -k -s -X POST -H "Content-Type:application/json" -d '
printf "'"
printf '{"jsonrpc":"2.0","method":"usergroup.get","params":{"filter":{"name":"'$ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync'"},"output":"extend","status":0},"id":42,"auth":"'$ZABBIX_authentication_token'"}'
printf "'"
printf " $ZABBIX_API_URL"
fi
tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc":"2.0","method":"usergroup.get","params":{"filter":{"name":"'$ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync'"},"output":"extend","status":0},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL` tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc":"2.0","method":"usergroup.get","params":{"filter":{"name":"'$ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync'"},"output":"extend","status":0},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
#echo $tempvar if [ "$b_verbose" = "true" ]; then echo $tempvar; fi
# The answer is an JSON - we split by the " into an array and search for the wanted values
IFS='"' # " is set as delimiter IFS='"' # " is set as delimiter
ZABBIX_ARRAY_usrgrpid_RAW=($tempvar) ZABBIX_ARRAY_usrgrpid_RAW=($tempvar)
IFS=' ' # space is set as delimiter IFS=' ' # space is set as delimiter
@ -625,10 +658,14 @@ for (( i=0; i < ${#ZABBIX_ARRAY_usrgrpid_RAW[*]}; i++ )); do
break break
fi fi
done done
echo " done" Print_Verbose_Text "$ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync" "$ZABBIX_LDAP_Group_UsrGrpId"
if [ "$b_verbose" = "true" ]; then Print_Status_Text 'determine UsrGrpID of "'$ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync'"'; fi
Print_Status_Done "done" $GREEN
tempvar="" tempvar=""
printf "determine UsrGrpID of $ZABBIX_Disabled_User_Group ... " Print_Status_Text 'determine UsrGrpID of "'$ZABBIX_Disabled_User_Group'"'
if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc":"2.0","method":"usergroup.get","params":{"filter":{"name":"'$ZABBIX_Disabled_User_Group'"},"output":"extend","status":1},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL` tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc":"2.0","method":"usergroup.get","params":{"filter":{"name":"'$ZABBIX_Disabled_User_Group'"},"output":"extend","status":1},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
if [ "$b_verbose" = "true" ]; then echo $tempvar; fi
IFS='"' # " is set as delimiter IFS='"' # " is set as delimiter
ZABBIX_ARRAY_usrgrpid_RAW=($tempvar) ZABBIX_ARRAY_usrgrpid_RAW=($tempvar)
IFS=' ' # space is set as delimiter IFS=' ' # space is set as delimiter
@ -639,19 +676,30 @@ for (( i=0; i < ${#ZABBIX_ARRAY_usrgrpid_RAW[*]}; i++ )); do
break break
fi fi
done done
echo " done" Print_Verbose_Text "$ZABBIX_Disabled_User_Group" "$ZABBIX_Disabled_Group_UsrGrpId"
if [ "$b_verbose" = "true" ]; then Print_Status_Text 'determine UsrGrpID of "'$ZABBIX_Disabled_User_Group'"'; fi
Print_Status_Done "done" $GREEN
tempvar="" tempvar=""
unset ZABBIX_ARRAY_usrgrpid_RAW unset ZABBIX_ARRAY_usrgrpid_RAW
############################################################################################################# #############################################################################################################
# Get alias and userid of Zabbix Group Members # Get alias and userid of the Zabbix Group Members
printf "determine alias and userid of all Members of $ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync " Print_Status_Text 'determine alias and userid for Members of "'$ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync'"'
if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
declare -a ZABBIX_ARRAY_LDAP_GroupMember_alias declare -a ZABBIX_ARRAY_LDAP_GroupMember_alias
declare -a ZABBIX_ARRAY_LDAP_GroupMember_userid declare -a ZABBIX_ARRAY_LDAP_GroupMember_userid
declare -a ZABBIX_ARRAY_LDAP_GroupMember_RAW declare -a ZABBIX_ARRAY_LDAP_GroupMember_RAW
ZABBIX_ARRAY_LDAP_GroupMember_alias=() ZABBIX_ARRAY_LDAP_GroupMember_alias=()
ZABBIX_ARRAY_LDAP_GroupMember_userid=() ZABBIX_ARRAY_LDAP_GroupMember_userid=()
if [ "$b_verbose" = "true" ]; then
printf 'curl -k -s -X POST -H "Content-Type:application/json" -d '
printf "'"
printf '{"jsonrpc": "2.0","method":"user.get","params":{"usrgrpids":"'$ZABBIX_LDAP_Group_UsrGrpId'","output":["alias","userid"]},"id":42,"auth":"'$ZABBIX_authentication_token'"}'
printf "'"
printf " $ZABBIX_API_URL"
fi
tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"user.get","params":{"usrgrpids":"'$ZABBIX_LDAP_Group_UsrGrpId'","output":["alias","userid"]},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL` tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"user.get","params":{"usrgrpids":"'$ZABBIX_LDAP_Group_UsrGrpId'","output":["alias","userid"]},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
if [ "$b_verbose" = "true" ]; then echo $tempvar; fi
IFS='"' # " is set as delimiter IFS='"' # " is set as delimiter
ZABBIX_ARRAY_LDAP_GroupMember_RAW=($tempvar) ZABBIX_ARRAY_LDAP_GroupMember_RAW=($tempvar)
IFS=' ' # space is set as delimiter IFS=' ' # space is set as delimiter
@ -661,16 +709,20 @@ for (( i=0; i < ${#ZABBIX_ARRAY_LDAP_GroupMember_RAW[*]}; i++ )); do
if [ "${ZABBIX_ARRAY_LDAP_GroupMember_RAW[$i]}" = "userid" ]; then if [ "${ZABBIX_ARRAY_LDAP_GroupMember_RAW[$i]}" = "userid" ]; then
i=$(($i + 2)) i=$(($i + 2))
ZABBIX_ARRAY_LDAP_GroupMember_userid+=("${ZABBIX_ARRAY_LDAP_GroupMember_RAW[$i]}") ZABBIX_ARRAY_LDAP_GroupMember_userid+=("${ZABBIX_ARRAY_LDAP_GroupMember_RAW[$i]}")
printf "." Print_Verbose_Text "Found UserId" "${ZABBIX_ARRAY_LDAP_GroupMember_RAW[$i]}"
#printf "."
fi fi
if [ "${ZABBIX_ARRAY_LDAP_GroupMember_RAW[$i]}" = "alias" ]; then if [ "${ZABBIX_ARRAY_LDAP_GroupMember_RAW[$i]}" = "alias" ]; then
i=$(($i + 2)) i=$(($i + 2))
ZABBIX_ARRAY_LDAP_GroupMember_alias+=("${ZABBIX_ARRAY_LDAP_GroupMember_RAW[$i]}") ZABBIX_ARRAY_LDAP_GroupMember_alias+=("${ZABBIX_ARRAY_LDAP_GroupMember_RAW[$i]}")
printf "." Print_Verbose_Text "Found Alias" "${ZABBIX_ARRAY_LDAP_GroupMember_RAW[$i]}"
#printf "."
fi fi
done done
echo " done!" if [ "$b_verbose" = "true" ]; then Print_Status_Text 'determine alias and userid for Members of "'$ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync'"'; fi
Print_Status_Done "done" $GREEN
unset ZABBIX_ARRAY_LDAP_GroupMember_RAW unset ZABBIX_ARRAY_LDAP_GroupMember_RAW
if [ "$b_verbose" = "true" ]; then
echo "------------------------------------------------------------------------------------------------" echo "------------------------------------------------------------------------------------------------"
echo "Result from STEP 2: Get Members of Zabbix-LDAP Group $ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync" echo "Result from STEP 2: Get Members of Zabbix-LDAP Group $ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync"
echo "----+----------------------+----------------------+----------------------+----------------------" echo "----+----------------------+----------------------+----------------------+----------------------"
@ -683,8 +735,7 @@ for (( i=0; i < ${#ZABBIX_ARRAY_LDAP_GroupMember_alias[*]}; i++ )); do
done done
echo "------------------------------------------------------------------------------------------------" echo "------------------------------------------------------------------------------------------------"
echo echo
echo fi
echo
############################################################################################################# #############################################################################################################
# _____ _____ # _____ _____
# / ____| / ____| # / ____| / ____|
@ -694,51 +745,64 @@ echo
# \_____\___/|_| |_| |_| .__/ \__,_|_| \___| \_____|_| \___/ \__,_| .__/|___/ # \_____\___/|_| |_| |_| .__/ \__,_|_| \___| \_____|_| \___/ \__,_| .__/|___/
# | | | | # | | | |
# |_| |_| # |_| |_|
Print_Status_Text "STEP 3: Compare Groups for changes"
Print_Status_Done "checking" $LIGHTCYAN
if [ "$b_verbose" = "true" ]; then
echo echo
echo "STEP 3: Compare Groups for changes" echo "STEP 3: Compare Groups for changes"
echo "--------------------------------------------------------------" echo "--------------------------------------------------------------"
echo "AD / LDAP Group Name ...........: $LDAP_Groupname_ZabbixSuperAdmin_for_Sync" echo "AD / LDAP Group Name ...........: $LDAP_Groupname_ZabbixSuperAdmin_for_Sync"
echo "Zabbix LDAP Group Name .........: $ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync" echo "Zabbix LDAP Group Name .........: $ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync"
echo "--------------------------------------------------------------" echo "--------------------------------------------------------------"
fi
b_Must_Sync_Users="false" b_Must_Sync_Users="false"
# Check 1: # Check 1:
printf "Check 1: Compare Number of Users ... " Print_Status_Text "Check 1: Number of Users LDAP"
printf "should: ${#LDAP_ARRAY_Members_sAMAccountName[*]} ... " Print_Status_Done "${#LDAP_ARRAY_Members_sAMAccountName[*]}" $DEFAULT_FOREGROUND
printf "Is: ${#ZABBIX_ARRAY_LDAP_GroupMember_alias[*]} ... " Print_Status_Text "Check 1: Number of Users Zabbix"
Print_Status_Done "${#ZABBIX_ARRAY_LDAP_GroupMember_alias[*]}" $DEFAULT_FOREGROUND
Print_Status_Text "Check 1: Number of Users"
if [ "${#LDAP_ARRAY_Members_sAMAccountName[*]}" -eq "${#ZABBIX_ARRAY_LDAP_GroupMember_alias[*]}" ]; then if [ "${#LDAP_ARRAY_Members_sAMAccountName[*]}" -eq "${#ZABBIX_ARRAY_LDAP_GroupMember_alias[*]}" ]; then
echo "equal!" Print_Status_Done "equal" $GREEN
else else
echo "differently! Start synchronizing!" Print_Status_Done "not equal" $RED
b_Must_Sync_Users="true" b_Must_Sync_Users="true"
fi fi
# Check 2: # Check 2:
if [ "$b_Must_Sync_Users" = "false" ]; then if [ "$b_Must_Sync_Users" = "false" ]; then
# make Compare case insensitive, save original settings # make Compare case insensitive, save original settings
orig_nocasematch=$(shopt -p nocasematch) orig_nocasematch=$(shopt -p nocasematch)
shopt -s nocasematch shopt -s nocasematch
printf "Check 2: Compare Active Directory sAMAccountName with Zabbix Alias " Print_Status_Text "Check 2: Compare Active Directory sAMAccountName with Zabbix Alias"
if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
# Check every sAMAccountName and find a alias for it # Check every sAMAccountName and find a alias for it
for (( i=0; i < ${#LDAP_ARRAY_Members_sAMAccountName[*]}; i++ )); do for (( i=0; i < ${#LDAP_ARRAY_Members_sAMAccountName[*]}; i++ )); do
b_alias_was_found="false" b_alias_was_found="false"
for (( k=0; k < ${#ZABBIX_ARRAY_LDAP_GroupMember_alias[*]}; k++ )); do for (( k=0; k < ${#ZABBIX_ARRAY_LDAP_GroupMember_alias[*]}; k++ )); do
if [[ "${LDAP_ARRAY_Members_sAMAccountName[$i]}" == "${ZABBIX_ARRAY_LDAP_GroupMember_alias[$k]}" ]]; then if [[ "${LDAP_ARRAY_Members_sAMAccountName[$i]}" == "${ZABBIX_ARRAY_LDAP_GroupMember_alias[$k]}" ]]; then
printf "." # printf "."
Print_Verbose_Text "${LDAP_ARRAY_Members_sAMAccountName[$i]}" "found"
b_alias_was_found="true" b_alias_was_found="true"
# if user have found the loop can be finished
break break
fi fi
done done
if [ "$b_alias_was_found" = "false" ]; then if [ "$b_alias_was_found" = "false" ]; then
b_Must_Sync_Users="true" b_Must_Sync_Users="true"
echo " ${LDAP_ARRAY_Members_sAMAccountName[$i]} not found! Start synchronizing!" Print_Verbose_Text "${LDAP_ARRAY_Members_sAMAccountName[$i]}" "not found"
if [ "$b_verbose" = "true" ]; then Print_Status_Text "Check 2: Compare Active Directory sAMAccountName with Zabbix Alias"; fi
Print_Status_Done "mismatch" $RED
# one user was not found, we can exit the test, we must sync
break break
fi fi
done done
# restore original case sensitive/insenstive settings # restore original case sensitive/insenstive settings
$orig_nocasematch $orig_nocasematch
echo " done!" if [ "$b_verbose" = "true" ]; then Print_Status_Text "Check 2: Compare Active Directory sAMAccountName with Zabbix Alias"; fi
if [ "$b_Must_Sync_Users" = "false" ]; then Print_Status_Done "done" $GREEN; fi
fi fi
############################################################################################################# #############################################################################################################
# _____ _ _ _ # _____ _ _ _
# / ____| | | (_) (_) # / ____| | | (_) (_)
@ -749,9 +813,13 @@ fi
# __/ | __/ | # __/ | __/ |
# |___/ |___/ # |___/ |___/
if [ "$b_Must_Sync_Users" = "true" ]; then if [ "$b_Must_Sync_Users" = "true" ]; then
Print_Status_Text "STEP 4: Get all Zabbix Users with alias and userid"
if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
if [ "$b_verbose" = "true" ]; then
echo echo
echo "--------------------------------------------------------------" echo "--------------------------------------------------------------"
echo "STEP 4: Get all Zabbix Users with alias and userid" echo "STEP 4: Get all Zabbix Users with alias and userid"
fi
# get a List of all Zabbix Users to get the possible UserIds of new Users # get a List of all Zabbix Users to get the possible UserIds of new Users
tempvar="" tempvar=""
declare -a ZABBIX_ARRAY_AllUser_alias declare -a ZABBIX_ARRAY_AllUser_alias
@ -759,11 +827,20 @@ if [ "$b_Must_Sync_Users" = "true" ]; then
declare -a ZABBIX_ARRAY_AllUser_RAW declare -a ZABBIX_ARRAY_AllUser_RAW
ZABBIX_ARRAY_AllUser_alias=() ZABBIX_ARRAY_AllUser_alias=()
ZABBIX_ARRAY_AllUser_userid=() ZABBIX_ARRAY_AllUser_userid=()
if [ "$b_verbose" = "true" ]; then
printf 'curl -k -s -X POST -H "Content-Type:application/json" -d '
printf "'"
printf '{"jsonrpc": "2.0","method":"user.get","params":{"output":["alias","userid"]},"id":42,"auth":"'$ZABBIX_authentication_token'"}'
printf "'"
echo $ZABBIX_API_URL
fi
tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"user.get","params":{"output":["alias","userid"]},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL` tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"user.get","params":{"output":["alias","userid"]},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
if [ "$b_verbose" = "true" ]; then
echo $tempvar
fi
IFS='"' # " is set as delimiter IFS='"' # " is set as delimiter
ZABBIX_ARRAY_AllUser_RAW=($tempvar) ZABBIX_ARRAY_AllUser_RAW=($tempvar)
IFS=' ' # space is set as delimiter IFS=' ' # space is set as delimiter
printf "Processing ."
for (( i=0; i < ${#ZABBIX_ARRAY_AllUser_RAW[*]}; i++ )); do for (( i=0; i < ${#ZABBIX_ARRAY_AllUser_RAW[*]}; i++ )); do
# We assume that the UserId and Alias always come one after the other in any order, so the index of the two arrays should match # We assume that the UserId and Alias always come one after the other in any order, so the index of the two arrays should match
if [ "${ZABBIX_ARRAY_AllUser_RAW[$i]}" = "userid" ]; then if [ "${ZABBIX_ARRAY_AllUser_RAW[$i]}" = "userid" ]; then
@ -777,8 +854,10 @@ if [ "$b_Must_Sync_Users" = "true" ]; then
printf "." printf "."
fi fi
done done
echo " done!"
unset ZABBIX_ARRAY_AllUser_RAW unset ZABBIX_ARRAY_AllUser_RAW
if [ "$b_verbose" = "true" ]; then Print_Status_Text "STEP 4: Get all Zabbix Users with alias and userid"; fi
Print_Status_Done "done" $GREEN
if [ "$b_verbose" = "true" ]; then
echo "------------------------------------------------------------------------------------------------" echo "------------------------------------------------------------------------------------------------"
echo "Result from STEP 4: Get all Zabbix Users with alias and userid" echo "Result from STEP 4: Get all Zabbix Users with alias and userid"
echo "----+----------------------+----------------------+----------------------+----------------------" echo "----+----------------------+----------------------+----------------------+----------------------"
@ -790,12 +869,14 @@ if [ "$b_Must_Sync_Users" = "true" ]; then
printf "\n" printf "\n"
done done
echo "------------------------------------------------------------------------------------------------" echo "------------------------------------------------------------------------------------------------"
echo fi
echo Print_Status_Text "STEP 5: Compare LDAP user with existing Zabbix User"
echo if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
if [ "$b_verbose" = "true" ]; then
echo echo
echo "--------------------------------------------------------------" echo "--------------------------------------------------------------"
echo "STEP 5: Compare LDAP user with existing Zabbix User" echo "STEP 5: Compare LDAP user with existing Zabbix User"
fi
# additional Array for Zabbix-UserId # additional Array for Zabbix-UserId
declare -a LDAP_ARRAY_Members_UserId declare -a LDAP_ARRAY_Members_UserId
LDAP_ARRAY_Members_UserId=() LDAP_ARRAY_Members_UserId=()
@ -805,11 +886,13 @@ if [ "$b_Must_Sync_Users" = "true" ]; then
# make Compare case insensitive, save original settings # make Compare case insensitive, save original settings
orig_nocasematch=$(shopt -p nocasematch) orig_nocasematch=$(shopt -p nocasematch)
shopt -s nocasematch shopt -s nocasematch
i_CounterNewUsers=0
for (( i=0; i < ${#LDAP_ARRAY_Members_sAMAccountName[*]}; i++ )); do for (( i=0; i < ${#LDAP_ARRAY_Members_sAMAccountName[*]}; i++ )); do
b_we_have_a_winner="false" b_we_have_a_winner="false"
for (( k=0; k < ${#ZABBIX_ARRAY_AllUser_alias[*]}; k++ )); do for (( k=0; k < ${#ZABBIX_ARRAY_AllUser_alias[*]}; k++ )); do
if [[ "${LDAP_ARRAY_Members_sAMAccountName[$i]}" == "${ZABBIX_ARRAY_AllUser_alias[$k]}" ]]; then if [[ "${LDAP_ARRAY_Members_sAMAccountName[$i]}" == "${ZABBIX_ARRAY_AllUser_alias[$k]}" ]]; then
LDAP_ARRAY_Members_UserId+=("${ZABBIX_ARRAY_AllUser_userid[$k]}") LDAP_ARRAY_Members_UserId+=("${ZABBIX_ARRAY_AllUser_userid[$k]}")
Print_Verbose_Text "Found existing User: ${LDAP_ARRAY_Members_sAMAccountName[$i]}" "${ZABBIX_ARRAY_AllUser_alias[$k]}"
b_we_have_a_winner="true" b_we_have_a_winner="true"
break break
fi fi
@ -819,11 +902,20 @@ if [ "$b_Must_Sync_Users" = "true" ]; then
# User was not found - but we need an array item to have all array index identical and matched to each other # User was not found - but we need an array item to have all array index identical and matched to each other
# also mark this User to have to be created # also mark this User to have to be created
LDAP_ARRAY_Members_UserId+=("create-user") LDAP_ARRAY_Members_UserId+=("create-user")
Print_Verbose_Text "No Zabbix user found: ${LDAP_ARRAY_Members_sAMAccountName[$i]}" "will be created"
b_have_to_create_new_user="true" b_have_to_create_new_user="true"
i_CounterNewUsers=$(($i_CounterNewUsers + 1))
fi fi
done done
# restore original case sensitive/insenstive settings # restore original case sensitive/insenstive settings
$orig_nocasematch $orig_nocasematch
if [ "$b_verbose" = "true" ]; then Print_Status_Text "STEP 5: Compare LDAP user with existing Zabbix User"; fi
if [ "$b_have_to_create_new_user" = "true" ]; then
Print_Status_Done "must create $i_CounterNewUsers new user" $RED
else
Print_Status_Done "done" $GREEN
fi
if [ "$b_verbose" = "true" ]; then
echo "----------------------------------------------------------------------------------------------------------------------" echo "----------------------------------------------------------------------------------------------------------------------"
echo "Result from STEP 5: Compare LDAP user with existing Zabbix User" echo "Result from STEP 5: Compare LDAP user with existing Zabbix User"
echo "----+----------------------+----------------------+----------------------+--------------------------+-----------------" echo "----+----------------------+----------------------+----------------------+--------------------------+-----------------"
@ -835,39 +927,45 @@ if [ "$b_Must_Sync_Users" = "true" ]; then
printf "\n" printf "\n"
done done
echo "----------------------------------------------------------------------------------------------------------------------" echo "----------------------------------------------------------------------------------------------------------------------"
echo fi
echo
echo
############################################################################################################# #############################################################################################################
if [ "$b_have_to_create_new_user" = "true" ]; then if [ "$b_have_to_create_new_user" = "true" ]; then
Print_Status_Text "STEP 6: Create needed $i_CounterNewUsers new Zabbix-User"
if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
if [ "$b_verbose" = "true" ]; then
echo "--------------------------------------------------------------" echo "--------------------------------------------------------------"
echo "STEP 6: Create needed new Zabbix-User" echo "STEP 6: Create needed $i_CounterNewUsers new Zabbix-User"
fi
declare -a ZABBIX_ARRAY_New_User_RAW declare -a ZABBIX_ARRAY_New_User_RAW
# Search for all User with UserId "create-user" # Search for all User with UserId "create-user"
for (( i=0; i < ${#LDAP_ARRAY_Members_sAMAccountName[*]}; i++ )); do for (( i=0; i < ${#LDAP_ARRAY_Members_sAMAccountName[*]}; i++ )); do
if [ "${LDAP_ARRAY_Members_UserId[$i]}" = "create-user" ]; then if [ "${LDAP_ARRAY_Members_UserId[$i]}" = "create-user" ]; then
printf "Create new user ${LDAP_ARRAY_Members_sAMAccountName[$i]} ... " # printf "Create new user ${LDAP_ARRAY_Members_sAMAccountName[$i]} ... "
tempSAM='"'"${LDAP_ARRAY_Members_sAMAccountName[$i]}"'"' tempSAM='"'"${LDAP_ARRAY_Members_sAMAccountName[$i]}"'"'
# Check the things we have # Check the things we have
create_combination="" create_combination=""
if [ "${LDAP_ARRAY_Members_Surname[$i]}" != " " ]; then if [ "${LDAP_ARRAY_Members_Surname[$i]}" != " - " ]; then
create_combination+="X" create_combination+="X"
tempSURNAME='"'"${LDAP_ARRAY_Members_Surname[$i]}"'"' tempSURNAME='"'"${LDAP_ARRAY_Members_Surname[$i]}"'"'
Print_Verbose_Text "tempSURNAME" "$tempSURNAME"
else else
create_combination+="O" create_combination+="O"
fi fi
if [ "${LDAP_ARRAY_Members_Givenname[$i]}" != " " ]; then if [ "${LDAP_ARRAY_Members_Givenname[$i]}" != " - " ]; then
create_combination+="X" create_combination+="X"
tempNAME='"'"${LDAP_ARRAY_Members_Givenname[$i]}"'"' tempNAME='"'"${LDAP_ARRAY_Members_Givenname[$i]}"'"'
Print_Verbose_Text "tempNAME" "$tempNAME"
else else
create_combination+="O" create_combination+="O"
fi fi
if [ "${LDAP_ARRAY_Members_Email[$i]}" != " " ]; then if [ "${LDAP_ARRAY_Members_Email[$i]}" != " - " ]; then
create_combination+="X" create_combination+="X"
tempEmail='"'"${LDAP_ARRAY_Members_Email[$i]}"'"' tempEmail='"'"${LDAP_ARRAY_Members_Email[$i]}"'"'
Print_Verbose_Text "tempEmail" "$tempEmail"
else else
create_combination+="O" create_combination+="O"
fi fi
Print_Verbose_Text "Create Combination" "$create_combination"
# create_combination should be OOO, OOX, OXO, OXX, XOO, XOX, XXO or XXX # create_combination should be OOO, OOX, OXO, OXX, XOO, XOX, XXO or XXX
tempvar="" tempvar=""
case "$create_combination" in case "$create_combination" in
@ -897,7 +995,7 @@ if [ "$b_Must_Sync_Users" = "true" ]; then
tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"user.create","params":{"alias":'"$tempSAM"',"name":'"$tempNAME"',"surname":'"$tempSURNAME"',"user_medias":[{"mediatypeid": "'$ZABBIX_MediaTypeID'","sendto":['"$tempEmail"']}],"usrgrps":[{"usrgrpid":"'$ZABBIX_LDAP_Group_UsrGrpId'"}],"type":'$ZABBIX_UserType_User'},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL` tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"user.create","params":{"alias":'"$tempSAM"',"name":'"$tempNAME"',"surname":'"$tempSURNAME"',"user_medias":[{"mediatypeid": "'$ZABBIX_MediaTypeID'","sendto":['"$tempEmail"']}],"usrgrps":[{"usrgrpid":"'$ZABBIX_LDAP_Group_UsrGrpId'"}],"type":'$ZABBIX_UserType_User'},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
;; ;;
esac esac
#echo "$tempvar" if [ "$b_verbose" = "true" ]; then echo "$tempvar"; fi
# Catch the new UserId from the answer # Catch the new UserId from the answer
IFS='"' # " is set as delimiter IFS='"' # " is set as delimiter
ZABBIX_ARRAY_New_User_RAW=($tempvar) ZABBIX_ARRAY_New_User_RAW=($tempvar)
@ -908,9 +1006,12 @@ if [ "$b_Must_Sync_Users" = "true" ]; then
LDAP_ARRAY_Members_UserId[$i]="${ZABBIX_ARRAY_New_User_RAW[$k]}" LDAP_ARRAY_Members_UserId[$i]="${ZABBIX_ARRAY_New_User_RAW[$k]}"
fi fi
done done
echo " done (UserId: LDAP_ARRAY_Members_UserId[$i])" Print_Verbose_Text "Created: ${LDAP_ARRAY_Members_sAMAccountName[$i]}" "LDAP_ARRAY_Members_UserId[$i]"
fi fi
done done
if [ "$b_verbose" = "true" ]; then Print_Status_Text "STEP 6: Create needed $i_CounterNewUsers new Zabbix-User"; fi
Print_Status_Done "done" $GREEN
if [ "$b_verbose" = "true" ]; then
echo "-------------------------------------------------------------------------------------------------------------" echo "-------------------------------------------------------------------------------------------------------------"
echo "Result from STEP 6: Create needed new Zabbix-User" echo "Result from STEP 6: Create needed new Zabbix-User"
echo "----+----------------------+----------------------+----------------------+--------------------------+-----------------" echo "----+----------------------+----------------------+----------------------+--------------------------+-----------------"
@ -922,44 +1023,61 @@ if [ "$b_Must_Sync_Users" = "true" ]; then
printf "\n" printf "\n"
done done
echo "----------------------------------------------------------------------------------------------------------------------" echo "----------------------------------------------------------------------------------------------------------------------"
echo fi
echo
echo
fi fi
############################################################################################################# #############################################################################################################
Print_Status_Text "STEP 7: Replace Members of Group $ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync"
if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
if [ "$b_verbose" = "true" ]; then
echo "--------------------------------------------------------------" echo "--------------------------------------------------------------"
echo "STEP 7: Replace Members of Group $ZABBIX_LDAP_Group" echo "STEP 7: Replace Members of Group $ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync"
printf "Create list of UserIds ..." fi
tempvar="" tempvar=""
list_of_userids="" list_of_userids=""
for (( i=0; i < ${#LDAP_ARRAY_Members_sAMAccountName[*]}; i++ )); do for (( i=0; i < ${#LDAP_ARRAY_Members_sAMAccountName[*]}; i++ )); do
list_of_userids+='"'${LDAP_ARRAY_Members_UserId[$i]}'"' list_of_userids+='"'${LDAP_ARRAY_Members_UserId[$i]}'"'
list_of_userids+="," list_of_userids+=","
done done
list_of_userids=${list_of_userids::-1} # maybe the list is empty! So we have to check
echo " done" if [ "$list_of_userids" != "" ]; then list_of_userids=${list_of_userids::-1}; fi
printf "Update Zabbix Group $ZABBIX_LDAP_Group via API (Replace) ... " if [ "$b_verbose" = "true" ]; then printf "Update Zabbix Group $ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync via API (Replace)"; fi
if [ "$b_verbose" = "true" ]; then
printf 'curl -k -s -X POST -H "Content-Type:application/json" -d '
printf "'"
printf '{"jsonrpc": "2.0","method":"usergroup.update","params":{"usrgrpid":"'$ZABBIX_LDAP_Group_UsrGrpId'","userids":['$list_of_userids']},"id":42,"auth":"'$ZABBIX_authentication_token'"}'
printf "' "
echo $ZABBIX_API_URL
fi
tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"usergroup.update","params":{"usrgrpid":"'$ZABBIX_LDAP_Group_UsrGrpId'","userids":['$list_of_userids']},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL` tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"usergroup.update","params":{"usrgrpid":"'$ZABBIX_LDAP_Group_UsrGrpId'","userids":['$list_of_userids']},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
echo "done!" if [ "$b_verbose" = "true" ]; then echo $tempvar; fi
echo if [ "$b_verbose" = "true" ]; then Print_Status_Text "STEP 7: Replace Members of Group $ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync"; fi
echo Print_Status_Done "done" $GREEN
echo
echo
############################################################################################################# #############################################################################################################
# 1. get a List of all User in the "Disabled User" group # 1. get a List of all User in the "Disabled User" group
# 2. Remove all active user from this List # 2. Remove all active user from this List
# 3. Add all user wich was removed from LDAP-Group but was in the Zabbix-LDAP-Group found # 3. Add all user wich was removed from LDAP-Group but was in the Zabbix-LDAP-Group found
# 4. Update Members of Group "Disabled User" via Zabbix API # 4. Update Members of Group "Disabled User" via Zabbix API
Print_Status_Text "STEP 8: Get List of all disabled user in Group $ZABBIX_Disabled_User_Group"
if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
if [ "$b_verbose" = "true" ]; then
echo "--------------------------------------------------------------" echo "--------------------------------------------------------------"
echo "STEP 8: Get List of all disabled user in Group $ZABBIX_Disabled_User_Group" echo "STEP 8: Get List of all disabled user in Group $ZABBIX_Disabled_User_Group"
fi
# 1. get a List of all User in the "Disabled User" group # 1. get a List of all User in the "Disabled User" group
printf "Fetching UserIds ... "
declare -a ZABBIX_ARRAY_disabled_User_userid declare -a ZABBIX_ARRAY_disabled_User_userid
declare -a ZABBIX_ARRAY_disabled_User_RAW declare -a ZABBIX_ARRAY_disabled_User_RAW
ZABBIX_ARRAY_disabled_User_userid=() ZABBIX_ARRAY_disabled_User_userid=()
if [ "$b_verbose" = "true" ]; then
printf 'curl -k -s -X POST -H "Content-Type:application/json" -d '
printf "'"
printf '{"jsonrpc": "2.0","method":"user.get","params":{"usrgrpids":"'$ZABBIX_Disabled_Group_UsrGrpId'","output":["userid"],"status":1},"id":42,"auth":"'$ZABBIX_authentication_token'"}'
printf "'"
echo $ZABBIX_API_URL
fi
tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"user.get","params":{"usrgrpids":"'$ZABBIX_Disabled_Group_UsrGrpId'","output":["userid"],"status":1},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL` tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"user.get","params":{"usrgrpids":"'$ZABBIX_Disabled_Group_UsrGrpId'","output":["userid"],"status":1},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
#echo $tempvar if [ "$b_verbose" = "true" ]; then echo $tempvar; fi
IFS='"' # " is set as delimiter IFS='"' # " is set as delimiter
ZABBIX_ARRAY_disabled_User_RAW=($tempvar) ZABBIX_ARRAY_disabled_User_RAW=($tempvar)
IFS=' ' # space is set as delimiter IFS=' ' # space is set as delimiter
@ -970,18 +1088,19 @@ if [ "$b_Must_Sync_Users" = "true" ]; then
fi fi
done done
unset ZABBIX_ARRAY_disabled_User_RAW unset ZABBIX_ARRAY_disabled_User_RAW
echo " done!" if [ "$b_verbose" = "true" ]; then Print_Status_Text "STEP 8: Get List of all disabled user in Group $ZABBIX_Disabled_User_Group"; fi
echo Print_Status_Done "done" $GREEN
echo Print_Status_Text "STEP 9: Remove active user, add inactive user"
echo if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
echo if [ "$b_verbose" = "true" ]; then
echo "--------------------------------------------------------------" echo "--------------------------------------------------------------"
echo "STEP 9: Remove active user, add inactive user" echo "STEP 9: Remove active user, add inactive user"
fi
# 2. Remove all active user from this List # 2. Remove all active user from this List
# 3. Add all user wich was removed from LDAP-Group but was in the Zabbix-LDAP-Group found # 3. Add all user wich was removed from LDAP-Group but was in the Zabbix-LDAP-Group found
declare -a new_ZABBIX_ARRAY_disabled_User_userid declare -a new_ZABBIX_ARRAY_disabled_User_userid
new_ZABBIX_ARRAY_disabled_User_userid=() new_ZABBIX_ARRAY_disabled_User_userid=()
printf "Removing active Users from List ... " if [ "$b_verbose" = "true" ]; then Print_Status_Text "Removing active Users from List"; fi
for (( i=0; i < ${#ZABBIX_ARRAY_disabled_User_userid[*]}; i++ )); do for (( i=0; i < ${#ZABBIX_ARRAY_disabled_User_userid[*]}; i++ )); do
b_skip_this_user="false" b_skip_this_user="false"
for (( k=0; k < ${#LDAP_ARRAY_Members_UserId[*]}; k++ )); do for (( k=0; k < ${#LDAP_ARRAY_Members_UserId[*]}; k++ )); do
@ -993,8 +1112,8 @@ if [ "$b_Must_Sync_Users" = "true" ]; then
new_ZABBIX_ARRAY_disabled_User_userid+=("${ZABBIX_ARRAY_disabled_User_userid[$i]}") new_ZABBIX_ARRAY_disabled_User_userid+=("${ZABBIX_ARRAY_disabled_User_userid[$i]}")
fi fi
done done
echo "done!" if [ "$b_verbose" = "true" ]; then Print_Status_Done "done" $GREEN; fi
printf "Adding inactive Users ... " if [ "$b_verbose" = "true" ]; then Print_Status_Text "Adding inactive Users"; fi
for (( i=0; i < ${#ZABBIX_ARRAY_LDAP_GroupMember_userid[*]}; i++ )); do for (( i=0; i < ${#ZABBIX_ARRAY_LDAP_GroupMember_userid[*]}; i++ )); do
b_skip_this_user="false" b_skip_this_user="false"
for (( k=0; k < ${#LDAP_ARRAY_Members_UserId[*]}; k++ )); do for (( k=0; k < ${#LDAP_ARRAY_Members_UserId[*]}; k++ )); do
@ -1006,56 +1125,58 @@ if [ "$b_Must_Sync_Users" = "true" ]; then
new_ZABBIX_ARRAY_disabled_User_userid+=("${ZABBIX_ARRAY_LDAP_GroupMember_userid[$i]}") new_ZABBIX_ARRAY_disabled_User_userid+=("${ZABBIX_ARRAY_LDAP_GroupMember_userid[$i]}")
fi fi
done done
echo "done!" if [ "$b_verbose" = "true" ]; then Print_Status_Done "done" $GREEN; fi
if [ "$b_verbose" = "true" ]; then Print_Status_Text "STEP 9: Remove active user, add inactive user"; fi
echo Print_Status_Done "done" $GREEN
echo Print_Status_Text "STEP 10: Replace Members of Group $ZABBIX_Disabled_User_Group"
echo if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
echo if [ "$b_verbose" = "true" ]; then
echo "--------------------------------------------------------------" echo "--------------------------------------------------------------"
echo "STEP 9: Replace Members of Group $ZABBIX_Disabled_User_Group" echo "STEP 10: Replace Members of Group $ZABBIX_Disabled_User_Group"
printf "Create list of UserIds ..." fi
tempvar="" tempvar=""
list_of_userids="" # maybe the list is empty! So we have to check
if [ "$list_of_userids" != "" ]; then list_of_userids=${list_of_userids::-1}; fi
for (( i=0; i < ${#new_ZABBIX_ARRAY_disabled_User_userid[*]}; i++ )); do for (( i=0; i < ${#new_ZABBIX_ARRAY_disabled_User_userid[*]}; i++ )); do
list_of_userids+='"'${new_ZABBIX_ARRAY_disabled_User_userid[$i]}'"' list_of_userids+='"'${new_ZABBIX_ARRAY_disabled_User_userid[$i]}'"'
list_of_userids+="," list_of_userids+=","
done done
list_of_userids=${list_of_userids::-1} list_of_userids=${list_of_userids::-1}
printf "Update Zabbix Group $ZABBIX_Disabled_User_Group via API (Replace) ... " if [ "$b_verbose" = "true" ]; then
printf 'curl -k -s -X POST -H "Content-Type:application/json" -d '
printf "'"
printf '{"jsonrpc": "2.0","method":"usergroup.update","params":{"usrgrpid":"'$ZABBIX_Disabled_Group_UsrGrpId'","userids":['$list_of_userids']},"id":42,"auth":"'$ZABBIX_authentication_token'"}'
printf "' "
echo $ZABBIX_API_URL
fi
tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"usergroup.update","params":{"usrgrpid":"'$ZABBIX_Disabled_Group_UsrGrpId'","userids":['$list_of_userids']},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL` tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"usergroup.update","params":{"usrgrpid":"'$ZABBIX_Disabled_Group_UsrGrpId'","userids":['$list_of_userids']},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
echo "done!" if [ "$b_verbose" = "true" ]; then echo $tempvar; fi
echo if [ "$b_verbose" = "true" ]; then Print_Status_Text "STEP 10: Replace Members of Group $ZABBIX_Disabled_User_Group"; fi
echo Print_Status_Done "done" $GREEN
echo
echo
############################################################################################################# #############################################################################################################
Print_Status_Text "STEP 11: Replace Members of Group $ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync (2. Time)"
if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
if [ "$b_verbose" = "true" ]; then
echo "--------------------------------------------------------------" echo "--------------------------------------------------------------"
echo "STEP 10: Replace Members of Group $ZABBIX_LDAP_Group (2. Time)" echo "STEP 11: Replace Members of Group $ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync (2. Time)"
fi
# we have to do this twice if we move user between enabled and disabled and they are only in the Zabbix-LDAP-Group - they must be in one Group!" # we have to do this twice if we move user between enabled and disabled and they are only in the Zabbix-LDAP-Group - they must be in one Group!"
# If a user is a now a member of the deactivated user group we can now remove the user from the Zabbix-LDAP-Group # If a user is a now a member of the deactivated user group we can now remove the user from the Zabbix-LDAP-Group
printf "Create list of UserIds ..."
tempvar="" tempvar=""
list_of_userids="" list_of_userids=""
for (( i=0; i < ${#LDAP_ARRAY_Members_sAMAccountName[*]}; i++ )); do for (( i=0; i < ${#LDAP_ARRAY_Members_sAMAccountName[*]}; i++ )); do
list_of_userids+='"'${LDAP_ARRAY_Members_UserId[$i]}'"' list_of_userids+='"'${LDAP_ARRAY_Members_UserId[$i]}'"'
list_of_userids+="," list_of_userids+=","
done done
list_of_userids=${list_of_userids::-1} # maybe the list is empty! So we have to check
echo " done" if [ "$list_of_userids" != "" ]; then list_of_userids=${list_of_userids::-1}; fi
printf "Update Zabbix Group $ZABBIX_LDAP_Group via API (Replace) ... "
tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"usergroup.update","params":{"usrgrpid":"'$ZABBIX_LDAP_Group_UsrGrpId'","userids":['$list_of_userids']},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL` tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"usergroup.update","params":{"usrgrpid":"'$ZABBIX_LDAP_Group_UsrGrpId'","userids":['$list_of_userids']},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
echo "done!" if [ "$b_verbose" = "true" ]; then Print_Status_Text "STEP 11: Replace Members of Group $ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync (2. Time)"; fi
echo Print_Status_Done "done" $GREEN
echo
echo
echo
else else
echo Print_Status_Text "STEP 3: Compare Groups for changes"
echo "No Changes found! Nothing to do!" Print_Status_Done "no changes" $GREEN
echo
fi fi
############################################################################################################# #############################################################################################################
# ______ _ _ _ _ _ # ______ _ _ _ _ _
# |___ / | | | | (_) | | | | # |___ / | | | | (_) | | | |
@ -1065,9 +1186,9 @@ fi
# /_____\__,_|_.__/|_.__/|_/_/\_\ |______\___/ \__, |\___/ \__,_|\__| # /_____\__,_|_.__/|_.__/|_/_/\_\ |______\___/ \__, |\___/ \__,_|\__|
# __/ | # __/ |
# |___/ # |___/
echo # Logout before exit
printf "Logout Zabbix API ... " if [ "$b_Zabbix_is_logged_in" = "true" ]; then
myJSON=$(curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"user.logout","params":[],"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL) Zabbix_Logout
echo "done" fi
echo #############################################################################################################
exit 0 exit 0