zabbix
/
zabbix-ldap-sync-bash
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

.gitignore wieder entfernt

master
root@zabbix.znil.net 2020-04-02 14:30:44 +02:00
parent 21dba95116
commit 5981427f8a
4 changed files with 603 additions and 285 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,2 +1,3 @@
.gitignore
config-znil.sh config-znil.sh

141
config.sh
View File

@ -1,65 +1,76 @@
#!/bin/bash #!/bin/bash
############################################################################################################# #############################################################################################################
# _____ __ _ _ _ # _____ __ _ _ _
# / ____| / _(_) | | (_) # / ____| / _(_) | | (_)
# | | ___ _ __ | |_ _ __ _ _ _ _ __ __ _| |_ _ ___ _ __ # | | ___ _ __ | |_ _ __ _ _ _ _ __ __ _| |_ _ ___ _ __
# | | / _ \| '_ \| _| |/ _` | | | | '__/ _` | __| |/ _ \| '_ \ # | | / _ \| '_ \| _| |/ _` | | | | '__/ _` | __| |/ _ \| '_ \
# | |___| (_) | | | | | | | (_| | |_| | | | (_| | |_| | (_) | | | | # | |___| (_) | | | | | | | (_| | |_| | | | (_| | |_| | (_) | | | |
# \_____\___/|_| |_|_| |_|\__, |\__,_|_| \__,_|\__|_|\___/|_| |_| # \_____\___/|_| |_|_| |_|\__, |\__,_|_| \__,_|\__|_|\___/|_| |_|
# __/ | # __/ |
# |___/ # |___/
# Configuration LDAP-Connection (Tested LDAPS with Windows Server 2019) #############################################################################################################
# URL of LDAP / LDAPS Server: # Configuration LDAP-Connection (Tested LDAPS with Windows Server 2019)
# LDAP: # URL of LDAP / LDAPS Server:
# LDAP_Source_URL="ldap://IP_or_DNS_Name_Domain_Controller" # LDAP:
# LDAPS # LDAP_Source_URL="ldap://IP_or_DNS_Name_Domain_Controller"
LDAP_Source_URL="ldaps://172.16.0.10" # LDAPS
# If using LDAPS you can supress the check of the ssl certificate LDAP_Source_URL="ldaps://172.16.0.10"
LDAP_Ignore_SSL_Certificate="true" # If using LDAPS you can supress the check of the ssl certificate
LDAP_Ignore_SSL_Certificate="true"
# Bind user for accessing,
# to get the Distinguished Name of the User run the following command on a domain controller (replace ldapsearch with your Username): # Bind user for accessing,
# dsquery user -samid ldapSearch # to get the Distinguished Name of the User run the following command on a domain controller (replace ldapsearch with your Username):
LDAP_Bind_User_DN="CN=ldapSearch,OU=MyUsers,DC=mydomain,DC=local" # dsquery user -samid ldapSearch
# the passwort og the user (should be marked as never changed) LDAP_Bind_User_DN="CN=ldapSearch,OU=MyUsers,DC=mydomain,DC=local"
# Please avoid special chars which were use in bash like $`´'"\/<>()[]^ # the passwort og the user (should be marked as never changed)
LDAP_Bind_User_Password="9qA3XB1r.##Xr2+7c1HP--!pq" # Please avoid special chars which were use in bash like $`´'"\/<>()[]^
# Searchbase - your Domain name or specify OU LDAP_Bind_User_Password="9qA3XB1r.##Xr2+7c1HP--!pq"
LDAP_SearchBase="DC=znil,DC=local" # Searchbase - your Domain name or specify OU
LDAP_SearchBase="DC=znil,DC=local"
# Name of Groups in LDAP (Active-Directory) and in Zabbix for Sync with Zabbix
# Will be created as User Type "Zabbix Super Admin" # Name of Groups in LDAP (Active-Directory) and in Zabbix for Sync with Zabbix
LDAP_Groupname_ZabbixSuperAdmin_for_Sync="Zabbix-Super-Admin" # if you do not want do use one of these groups set both groupnames to "skip" or comment out these lines
ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync="LDAP-SuperAdmin" # Will be created as User Type "Zabbix Super Admin" (default)
# Will be created as User Type "Zabbix Admin" LDAP_Groupname_ZabbixSuperAdmin_for_Sync="Zabbix-Super-Admin"
LDAP_Groupname_ZabbixAdmin_for_Sync="Zabbix-Admin" ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync="LDAP-SuperAdmin"
ZABBIX_Groupname_ZabbixAdmin_for_Sync="LDAP-Admin" # Will be created as User Type "Zabbix Admin" (default)
# Will be created as User Type "Zabbix User" LDAP_Groupname_ZabbixAdmin_for_Sync="Zabbix-Admin"
LDAP_Groupname_ZabbixUser_for_Sync="Zabbix-User" ZABBIX_Groupname_ZabbixAdmin_for_Sync="LDAP-Admin"
ZABBIX_Groupname_ZabbixUser_for_Sync="LDAP-User" # Will be created as User Type "Zabbix User" (default)
LDAP_Groupname_ZabbixUser_for_Sync="Zabbix-User"
# When you remove an user from the LDAP-Group, the user will moved in this group which is "Not enabled" = Disabled and Frontend access is "disabled" ZABBIX_Groupname_ZabbixUser_for_Sync="LDAP-User"
ZABBIX_Disabled_User_Group="LDAP-Disabled"
# When you remove an user from the LDAP-Group, the user will moved in this group which is "Not enabled" = Disabled and Frontend access is "disabled"
ZABBIX_Disabled_User_Group="Disabled"
# Configuration Zabbix API Connection (Tested with Zabbix 4.4)
# per default ssl checks will be ignored
#ZABBIX_API_URL="http://localhost/zabbix/api_jsonrpc.php" # Configuration Zabbix API Connection (Tested with Zabbix 4.4)
ZABBIX_API_URL="http://localhost/api_jsonrpc.php" # if https:// is used, per default ssl checks will be ignored
ZABBIX_API_Username="zbxapi" #ZABBIX_API_URL="http://localhost/zabbix/api_jsonrpc.php"
ZABBIX_API_Password="2015zbxapi2015" ZABBIX_API_URL="http://localhost/api_jsonrpc.php"
ZABBIX_API_User="API-User"
# Zabbix User type for new created Users: ZABBIX_API_Password="strongpassword73#"
# 1 - (default) Zabbix user;
# 2 - Zabbix admin; # Zabbix User type for new created Users:
# 3 - Zabbix super admin. # 1 - (default) Zabbix user;
ZABBIX_Default_User_Type=1 # 2 - Zabbix admin;
# 3 - Zabbix super admin.
# Zabbix Media Type Id ZABBIX_UserType_User=1
# At new Installation: ZABBIX_UserType_Admin=2
# 1 - Email ZABBIX_UserType_SuperAdmin=3
# 2 - Jabber
# 3 - SMS # Zabbix Media Type Id
ZABBIX_MediaTypeID="1" # At new Installation:
# 1 - Email
ZABBIX_MediaTypeID="4204200000000001" # 2 - Jabber
# 3 - SMS
# Media Type Id can be different if you add own Types, Delete Default Types or If have an Installation witch used "nodes" (Zabbix 2.x) in the past and you have set the bode-Id
ZABBIX_MediaTypeID="1"
#############################################################################################################
# ______ _ __ ______ _ _
# | ____| | | / _| | ____(_) |
# | |__ _ __ __| | ___ | |_ | |__ _| | ___
# | __| | '_ \ / _` | / _ \| _| | __| | | |/ _ \
# | |____| | | | (_| | | (_) | | | | | | | __/
# |______|_| |_|\__,_| \___/|_| |_| |_|_|\___|
#############################################################################################################

3
mytest.sh Executable file
View File

@ -0,0 +1,3 @@
#!/bin/bash
mytemp=`ls -l /root >/dev/null 2>&1 | grep manfred`
echo "Exitcode: $?"

743
zabbix-ldap-sync.sh
View File

@ -2,7 +2,7 @@
############################################################################################################# #############################################################################################################
# Script Name ...: zabbix-ldap-sync.sh # Script Name ...: zabbix-ldap-sync.sh
# Version .......: V1.0 # Version .......: V1.0
# Date ..........: 30.03.2020 # Date ..........: 01.04.2020
# Description....: Synchronise Members of a Actice Directory Group with Zabbix via API # Description....: Synchronise Members of a Actice Directory Group with Zabbix via API
# User wich are removed will be deactivated # User wich are removed will be deactivated
# Args ..........: # Args ..........:
@ -10,100 +10,360 @@
# Email Business : Bernhard.Linz@datagroup.de # Email Business : Bernhard.Linz@datagroup.de
# Email Private : Bernhard@znil.de # Email Private : Bernhard@znil.de
############################################################################################################# #############################################################################################################
# _____ __ _ _ _ # Variables
# / ____| / _(_) | | (_) Script_Version="V1.0 (2020-04-01)"
# | | ___ _ __ | |_ _ __ _ _ _ _ __ __ _| |_ _ ___ _ __ # Colors for printf and echo
# | | / _ \| '_ \| _| |/ _` | | | | '__/ _` | __| |/ _ \| '_ \ DEFAULT_FOREGROUND=39
# | |___| (_) | | | | | | | (_| | |_| | | | (_| | |_| | (_) | | | | RED=31
# \_____\___/|_| |_|_| |_|\__, |\__,_|_| \__,_|\__|_|\___/|_| |_| GREEN=32
# __/ | YELLOW=33
# |___/ BLUE=34
# Configuration LDAP-Connection (Tested LDAPS with Windows Server 2019) MAGENTA=35
LDAP_Source_URL="ldaps://10.100.12.51" CYAN=36
LDAP_Bind_User_DN="CN=ldapSearch,OU=3.Funktionsbenutzer,DC=znil,DC=local" LIGHTRED=91
LDAP_Bind_User_Password="bier2017" LIGHTGREEN=92
LDAP_SearchBase="DC=znil,DC=local" LIGHTYELLOW=93
LDAP_Groupname_ZabbixSuperAdmin_for_Sync="Zabbix-Admins" LIGHTBLUE=94
LDAP_Ignore_SSL_Certificate="true" LIGHTMAGENTA=95
LIGHTCYAN=96
# Configuration Zabbix API Connection (Tested Zabbix 4.4)
#ZABBIX_API_URL="http://localhost/zabbix/api_jsonrpc.php"
ZABBIX_API_URL="http://localhost/api_jsonrpc.php"
ZABBIX_API_Username="zbxapi"
ZABBIX_API_Password="2015zbxapi2015"
ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync="LDAP-SuperAdmin"
ZABBIX_Disabled_User_Group="Disabled"
# Zabbix User type for new created Users:
# 1 - (default) Zabbix user;
# 2 - Zabbix admin;
# 3 - Zabbix super admin.
ZABBIX_Default_User_Type=1
# Zabbix Media Type Id
# At new Installation:
# 1 - Email
# 2 - Jabber
# 3 - SMS
ZABBIX_MediaTypeID="1"
ZABBIX_MediaTypeID="4204200000000001"
############################################################################################################# #############################################################################################################
# ______ _ _
# | ____| | | (_)
# | |__ _ _ _ __ ___| |_ _ ___ _ __ ___
# | __| | | | '_ \ / __| __| |/ _ \| '_ \/ __|
# | | | |_| | | | | (__| |_| | (_) | | | \__ \
# |_| \__,_|_| |_|\___|\__|_|\___/|_| |_|___/
#
############################################################################################################# #############################################################################################################
# Print_Error ### START Function #####################################################################
Print_Error () {
# $1 = Message
echo
echo -e "+- \e[91mERROR: \e[39m------------------------------------------------------------"
printf "$1"
echo
echo "+---------------------------------------------------------------------"
}
# Print_Error ### END Function #####################################################################
# Print_Status_Text ### START Function #####################################################################
Print_Status_Text () {
if [ "$b_silent" = "false" ]; then
printf "%-.70s" "${1} ......................................................................"
fi
}
# Print_Status_Text ### ENDE Function #####################################################################
# Print_Status_Done ### START Function #####################################################################
Print_Status_Done () {
# RED = 31
# GREEN = 32
if [ "$b_silent" = "false" ]; then
local status_text="${1:-done}"
local status_color="${2:-32}"
printf " \x1b["$status_color"m%s\e[m" "$status_text"
echo
fi
}
# Print_Status_Done ### ENDE Function #####################################################################
# Print_Verbose_Text ### START Function #####################################################################
Print_Verbose_Text () {
if [ "$b_verbose" = "true" ]; then
printf "%-.69s: %s\n" "${1} ......................................................................" "${2}"
fi
}
# Print_Verbose_Text ### ENDE Function #####################################################################
# Check_Prerequisites ### START Function #####################################################################
Check_Prerequisites () {
# $1 = name of command
# $2 = name of Package for Ubuntu/Debian
# $3 = name of Package for CentOS/Red Hat
if ! type "$1" >/dev/null 2>&1; then
echo
echo -e "+- \e[91mERROR: Missing Command \e[39m--------------------------------------------"
echo -e "| \e[36m$1\e[39m is not installed!"
echo "| try:"
echo "| apt install $2"
echo "| yum install $3"
echo "+---------------------------------------------------------------------"
exit 1
fi
}
# Check_Prerequisites ### END Function #####################################################################
# Translate_ldapsearch_exitcode ### START Function #####################################################################
Translate_ldapsearch_exitcode () {
case $1 in
0) printf "0: SUCCESS";;
1) printf "1: LDAP_OPERATIONS_ERROR";;
2) printf "2: LDAP_PROTOCOL_ERROR";;
3) printf "3: LDAP_TIMELIMIT_EXCEEDED";;
4) printf "4: LDAP_SIZELIMIT_EXCEEDED";;
7) printf "7: LDAP_AUTH_METHOD_NOT_SUPPORTED";;
8) printf "8: LDAP_STRONG_AUTH_REQUIRED";;
11) printf "11: LDAP_ADMINLIMIT_EXCEEDED";;
13) printf "13: LDAP_CONFIDENTIALITY_REQUIRED";;
16) printf "14: LDAP_NO_SUCH_ATTRIBUTE";;
17) printf "18: LDAP_INAPPROPRIATE_MATCHING";;
32) printf "32: LDAP_NO_SUCH_OBJECT";;
34) printf "34: LDAP_INVALID_DN_SYNTAX";;
48) printf "48: LDAP_INAPPROPRIATE_AUTH";;
49) printf "49: LDAP_INVALID_CREDENTIALS";;
50) printf "50: LDAP_INSUFFICIENT_ACCESS";;
51) printf "51: LDAP_BUSY";;
52) printf "52: LDAP_UNAVAILABLE";;
255) printf "255: LDAP Can't contact LDAP server";;
*) printf "$1: unkown error";;
esac
echo " (for more details: https://ldapwiki.com/wiki/LDAP%20Result%20Codes)"
}
# Translate_ldapsearch_exitcode ### END Function #####################################################################
# Zabbix_Logout ### START Function #####################################################################
Zabbix_Logout () {
Print_Status_Text "Logout Zabbix API"
if [ "$b_verbose" = "true" ]; then
Print_Status_Done "checking" $LIGHTCYAN
printf 'curl -k -s -X POST -H "Content-Type:application/json" -d '
printf "'"
printf '{"jsonrpc": "2.0","method":"user.logout","params":[],"id":42,"'"$ZABBIX_authentication_token"'"}'
printf "'"
echo " $ZABBIX_API_URL"
fi
myJSON=$(curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"user.logout","params":[],"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL)
if [ "$b_verbose" = "true" ]; then Print_Status_Text "Logout Zabbix API"; fi
Print_Status_Done "done" $GREEN
}
# Zabbix_Logout ### START Function ##################################################################################################################################################################################
# _____ _ _
# / ____| | | |
# | (___ | |_ __ _ _ __| |_ _ _ _ __
# \___ \| __/ _` | '__| __| | | | '_ \
# ____) | || (_| | | | |_| |_| | |_) |
# |_____/ \__\__,_|_| \__|\__,_| .__/
# | |
# |_|
############################################################################################################# #############################################################################################################
############################################################################################################# # Check Commandline Arguments
############################################################################################################# Config_File="<notset>"
############################################################################################################# b_Unknown_Parameter="false"
############################################################################################################# b_showpasswords="false"
############################################################################################################# b_silent="false"
# _____ _ _ _ _ _ b_verbose="false"
# / ____| | | | (_) (_) | while [[ $# -gt 0 ]]; do
# | | | |__ ___ ___| | __ _ __ _ __ ___ _ __ ___ __ _ _ _ _ ___ _| |_ ___ ___ current_parameter="$1"
# | | | '_ \ / _ \/ __| |/ / | '_ \| '__/ _ \ '__/ _ \/ _` | | | | / __| | __/ _ \/ __| case $current_parameter in
# | |____| | | | __/ (__| < | |_) | | | __/ | | __/ (_| | |_| | \__ \ | || __/\__ \ -c|-C|--config)
# \_____|_| |_|\___|\___|_|\_\ | .__/|_| \___|_| \___|\__, |\__,_|_|___/_|\__\___||___/ Config_File="$2"
# | | | | shift # past -c / --config
# |_| |_| shift # past value
# ldapsearch installed? ;;
if ! type "ldapsearch" > /dev/null; then -p|-P|--ShowPassword)
echo "+- ERROR -----------------------" # Passwords will be displayed in Errors and in Verbose mode
echo "| ldapsearch is not installed!" b_showpasswords="true"
echo "| try:" shift # past argument
echo "| apt install ldap-utils" ;;
echo "| yum install openldap-clients" -s|-S|--silent)
echo "+-------------------------------" # be quiet! only errors will be displayed
b_silent="true"
shift # past argument
;;
-v|-V|--verbose)
# show some extra information
b_verbose="true"
shift # past argument
;;
*) # Catch all other
echo -e "\e[91mUnknown Parameter:\e[39m $1"
# next parameter will display help and exit script after the loop
b_Unknown_Parameter="true"
shift # past argument
;;
esac
done
if [ "$b_Unknown_Parameter" = "true" ]; then
# ToDo: Create Help text
exit 1 exit 1
fi fi
# curl installed? #############################################################################################################
if ! type "curl" > /dev/null; then if [ "$b_silent" = "false" ]; then
echo "+- ERROR -----------------------" echo "---------------------------------------------------------------------------"
echo "| curl is not installed!" echo "zabbix-ldap-sync.sh (Version $Script_Version) startup"
echo "| try:"
echo "| apt install curl"
echo "| yum install curl"
echo "+-------------------------------"
exit 1
fi fi
# sed installed? #############################################################################################################
if ! type "sed" > /dev/null; then # Testing for all needed commands (normaly only ldapsearch have to be installed manualy)
echo "+- ERROR -----------------------" Print_Status_Text "Checking prerequisites"
echo "| sed is not installed!" Check_Prerequisites "ldapsearch" "ldap-utils" "openldap-clients"
echo "| try:" Check_Prerequisites "curl" "curl" "curl"
echo "| apt install sed" Check_Prerequisites "sed" "sed" "sed"
echo "| yum install sed" Check_Prerequisites "dirname" "coreutils" "coreutils"
echo "+-------------------------------" Check_Prerequisites "readlink" "coreutils" "coreutils"
exit 1 Print_Status_Done "done" $GREEN
#############################################################################################################
# _____ _ _____ __ _ _ _
# | __ \ | | / ____| / _(_) | | (_)
# | |__) |___ __ _ __| | | | ___ _ __ | |_ _ __ _ _ _ _ __ __ _| |_ _ ___ _ __
# | _ // _ \/ _` |/ _` | | | / _ \| '_ \| _| |/ _` | | | | '__/ _` | __| |/ _ \| '_ \
# | | \ \ __/ (_| | (_| | | |___| (_) | | | | | | | (_| | |_| | | | (_| | |_| | (_) | | | |
# |_| \_\___|\__,_|\__,_| \_____\___/|_| |_|_| |_|\__, |\__,_|_| \__,_|\__|_|\___/|_| |_|
# __/ |
# |___/
Print_Status_Text "Searching config file"
if [ "$Config_File" = "<notset>" ]; then
# Get the current path of this running script - long solution wich is also working with symlinks
This_Script_Bash_Source="${BASH_SOURCE[0]}"
while [ -h "$This_Script_Bash_Source" ]; do # resolve $This_Script_Bash_Source until the file is no longer a symlink
This_Script_Path="$( cd -P "$( dirname "$This_Script_Bash_Source" )" >/dev/null 2>&1 && pwd )"
This_Script_Bash_Source="$(readlink "$This_Script_Bash_Source")"
[[ $This_Script_Bash_Source != /* ]] && This_Script_Bash_Source="$This_Script_Path/$This_Script_Bash_Source" # if $This_Script_Bash_Source was a relative symlink, we need to resolve it relative to the path where the symlink file was located
done
This_Script_Path="$( cd -P "$( dirname "$This_Script_Bash_Source" )" >/dev/null 2>&1 && pwd )"
# Special case for programming - my own config file, excluded from .git
if test -f "$This_Script_Path/config-znil.sh"; then
Config_File="$This_Script_Path/config-znil.sh"
else
Config_File="$This_Script_Path/config.sh"
fi
fi fi
# printf installed? # Normal test for the file now
if ! type "printf" > /dev/null; then if ! test -f "$Config_File"; then
echo "+- ERROR -----------------------" Print_Status_Done "Error" $RED
echo "| printf is not installed!" Print_Error "$Config_File not found"
echo "| try:"
echo "| apt install sed"
echo "| yum install sed"
echo "+-------------------------------"
exit 1 exit 1
else
Print_Status_Done "done" $GREEN
fi
# File exist, read it now
Print_Status_Text 'Reading "'$Config_File'"'
source $Config_File
Print_Status_Done "done" $GREEN
Print_Status_Text "Check all needed Settings"
# if [ -z ${var+x} ]; then echo "var is unset"; else echo "var is set to '$var'"; fi
if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
####################################################################################################
if ! [ -z ${LDAP_Source_URL+x} ]; then Print_Verbose_Text "LDAP_Source_URL" "${LDAP_Source_URL}"; else Print_Error "Missing LDAP_Source_URL"; fi
####################################################################################################
if ! [ -z ${LDAP_Ignore_SSL_Certificate+x} ]; then
Print_Verbose_Text "LDAP_Ignore_SSL_Certificate" "${LDAP_Ignore_SSL_Certificate}"
else
LDAP_Ignore_SSL_Certificate="true"
Print_Verbose_Text "LDAP_Ignore_SSL_Certificate (using Default Value)" "${LDAP_Ignore_SSL_Certificate}"
fi
####################################################################################################
if ! [ -z ${LDAP_Bind_User_DN+x} ]; then Print_Verbose_Text "LDAP_Bind_User_DN" "${LDAP_Bind_User_DN}"; else Print_Error "Missing LDAP_Bind_User_DN"; fi
####################################################################################################
if [ -z ${LDAP_Bind_User_Password+x} ]; then
Print_Error "Missing LDAP_Bind_User_Password"
else
if [ "$b_showpasswords" = "true" ]; then
Print_Verbose_Text "LDAP_Bind_User_Password" "${LDAP_Bind_User_Password}";
else
Print_Verbose_Text "LDAP_Bind_User_Password" "${LDAP_Bind_User_Password:0:3}***************"
fi
fi
####################################################################################################
if ! [ -z ${LDAP_SearchBase+x} ]; then Print_Verbose_Text "LDAP_SearchBase" "${LDAP_SearchBase}"; else Print_Error "Missing LDAP_SearchBase"; fi
####################################################################################################
if ! [ -z ${LDAP_Groupname_ZabbixSuperAdmin_for_Sync+x} ]; then
Print_Verbose_Text "LDAP_Groupname_ZabbixSuperAdmin_for_Sync" "${LDAP_Groupname_ZabbixSuperAdmin_for_Sync}"
else
LDAP_Groupname_ZabbixSuperAdmin_for_Sync="skip"
Print_Verbose_Text "LDAP_Groupname_ZabbixSuperAdmin_for_Sync" "skip sync"
fi
if [ "$LDAP_Groupname_ZabbixSuperAdmin_for_Sync" = "skip" ]; then Print_Verbose_Text "LDAP_Groupname_ZabbixSuperAdmin_for_Sync" "skip sync"; fi
####################################################################################################
if ! [ -z ${ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync+x} ]; then
Print_Verbose_Text "ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync" "${ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync}"
else
ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync="skip"
Print_Verbose_Text "ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync" "skip sync"
fi
if [ "$ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync" = "skip" ]; then Print_Verbose_Text "ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync" "skip sync"; fi
####################################################################################################
if ! [ -z ${LDAP_Groupname_ZabbixAdmin_for_Sync+x} ]; then
Print_Verbose_Text "LDAP_Groupname_ZabbixAdmin_for_Sync" "${LDAP_Groupname_ZabbixAdmin_for_Sync}"
else
LDAP_Groupname_ZabbixAdmin_for_Sync="skip"
Print_Verbose_Text "LDAP_Groupname_ZabbixAdmin_for_Sync" "skip sync"
fi
if [ "$LDAP_Groupname_ZabbixAdmin_for_Sync" = "skip" ]; then Print_Verbose_Text "LDAP_Groupname_ZabbixAdmin_for_Sync" "skip sync"; fi
####################################################################################################
if ! [ -z ${ZABBIX_Groupname_ZabbixAdmin_for_Sync+x} ]; then
Print_Verbose_Text "ZABBIX_Groupname_ZabbixAdmin_for_Sync" "${ZABBIX_Groupname_ZabbixAdmin_for_Sync}"
else
ZABBIX_Groupname_ZabbixAdmin_for_Sync="skip"
Print_Verbose_Text "ZABBIX_Groupname_ZabbixAdmin_for_Sync" "skip sync"
fi
if [ "$ZABBIX_Groupname_ZabbixAdmin_for_Sync" = "skip" ]; then Print_Verbose_Text "ZABBIX_Groupname_ZabbixAdmin_for_Sync" "skip sync"; fi
####################################################################################################
if ! [ -z ${LDAP_Groupname_ZabbixUser_for_Sync+x} ]; then
Print_Verbose_Text "LDAP_Groupname_ZabbixUser_for_Sync" "${LDAP_Groupname_ZabbixUser_for_Sync}"
else
LDAP_Groupname_ZabbixUser_for_Sync="skip"
Print_Verbose_Text "LDAP_Groupname_ZabbixUser_for_Sync" "skip sync"
fi
if [ "$LDAP_Groupname_ZabbixUser_for_Sync" = "skip" ]; then Print_Verbose_Text "LDAP_Groupname_ZabbixUser_for_Sync" "skip sync"; fi
####################################################################################################
if ! [ -z ${ZABBIX_Groupname_ZabbixUser_for_Sync+x} ]; then
Print_Verbose_Text "ZABBIX_Groupname_ZabbixUser_for_Sync" "${ZABBIX_Groupname_ZabbixUser_for_Sync}"
else
ZABBIX_Groupname_ZabbixUser_for_Sync="skip"
Print_Verbose_Text "ZABBIX_Groupname_ZabbixUser_for_Sync" "skip sync"
fi
if [ "$ZABBIX_Groupname_ZabbixUser_for_Sync" = "skip" ]; then Print_Verbose_Text "ZABBIX_Groupname_ZabbixUser_for_Sync" "skip sync"; fi
####################################################################################################
if ! [ -z ${ZABBIX_Disabled_User_Group+x} ]; then
Print_Verbose_Text "ZABBIX_Disabled_User_Group" "${ZABBIX_Disabled_User_Group}"
else
ZABBIX_Disabled_User_Group="Disabled"
Print_Verbose_Text "ZABBIX_Disabled_User_Group (using Default Value)" "${ZABBIX_Disabled_User_Group}"
fi
####################################################################################################
if ! [ -z ${ZABBIX_API_URL+x} ]; then Print_Verbose_Text "ZABBIX_API_URL" "${ZABBIX_API_URL}"; else Print_Error "Missing ZABBIX_API_URL"; fi
####################################################################################################
if ! [ -z ${ZABBIX_API_User+x} ]; then Print_Verbose_Text "ZABBIX_API_User" "${ZABBIX_API_User}"; else Print_Error "Missing ZABBIX_API_User"; fi
####################################################################################################
####################################################################################################
if [ -z ${ZABBIX_API_Password+x} ]; then
Print_Error "Missing ZABBIX_API_Password"
else
if [ "$b_showpasswords" = "true" ]; then
Print_Verbose_Text "ZABBIX_API_Password" "${ZABBIX_API_Password}";
else
Print_Verbose_Text "ZABBIX_API_Password" "${ZABBIX_API_Password:0:3}***************";
fi
fi
####################################################################################################
if ! [ -z ${ZABBIX_UserType_User+x} ]; then
Print_Verbose_Text "ZABBIX_UserType_User" "${ZABBIX_UserType_User}"
else
ZABBIX_UserType_User=1
Print_Verbose_Text "ZABBIX_UserType_User (using Default Value)" "${ZABBIX_UserType_User}"
fi
####################################################################################################
if ! [ -z ${ZABBIX_UserType_Admin+x} ]; then
Print_Verbose_Text "ZABBIX_UserType_Admin" "${ZABBIX_UserType_Admin}"
else
ZABBIX_UserType_Admin=1
Print_Verbose_Text "ZABBIX_UserType_Admin (using Default Value)" "${ZABBIX_UserType_Admin}"
fi
####################################################################################################
if ! [ -z ${ZABBIX_UserType_SuperAdmin+x} ]; then
Print_Verbose_Text "ZABBIX_UserType_SuperAdmin" "${ZABBIX_UserType_SuperAdmin}"
else
ZABBIX_UserType_SuperAdmin=1
Print_Verbose_Text "ZABBIX_UserType_SuperAdmin (using Default Value)" "${ZABBIX_UserType_SuperAdmin}"
fi
####################################################################################################
if ! [ -z ${ZABBIX_MediaTypeID+x} ]; then
Print_Verbose_Text "ZABBIX_MediaTypeID" "${ZABBIX_MediaTypeID}"
else
ZABBIX_MediaTypeID=1
Print_Verbose_Text "ZABBIX_MediaTypeID (using Default Value)" "${ZABBIX_MediaTypeID}"
fi
####################################################################################################
if [ "$b_verbose" = "false" ]; then
Print_Status_Done "done" $GREEN
else
Print_Status_Text "Check all needed Settings"
Print_Status_Done "done" $GREEN
fi fi
############################################################################################################# #############################################################################################################
@ -118,148 +378,178 @@ fi
# #
declare -a LDAP_ARRAY_Members_RAW # Raw Data from ldapsearch declare -a LDAP_ARRAY_Members_RAW # Raw Data from ldapsearch
declare -a LDAP_ARRAY_Members_DN # Distinguished names extracted from LDAP_ARRAY_Members_RAW declare -a LDAP_ARRAY_Members_DN # Distinguished names extracted from LDAP_ARRAY_Members_RAW
echo Print_Status_Text "STEP 1: Getting all Members from Active Directory / LDAP Group"
echo "STEP 1: Getting all Members from Active Directory / LDAP Group" if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
echo "--------------------------------------------------------------" if [ "$b_verbose" = "true" ]; then
echo "Group Name ......: $LDAP_Groupname_ZabbixSuperAdmin_for_Sync" echo
echo "LDAP Server .....: $LDAP_Source_URL" echo "STEP 1: Getting all Members from Active Directory / LDAP Group"
echo "LDAP User .......: $LDAP_Bind_User_DN" echo "--------------------------------------------------------------"
echo "LDAP Search Base : $LDAP_SearchBase" echo "Group Name ......: $LDAP_Groupname_ZabbixSuperAdmin_for_Sync"
echo "--------------------------------------------------------------" echo "LDAP Server .....: $LDAP_Source_URL"
echo "LDAP User .......: $LDAP_Bind_User_DN"
echo "LDAP Search Base : $LDAP_SearchBase"
echo "--------------------------------------------------------------"
echo "running ldapsearch:"
fi
if [ LDAP_Ignore_SSL_Certificate = "false" ]; then if [ LDAP_Ignore_SSL_Certificate = "false" ]; then
# normal ldapsearch call # normal ldapsearch call
if [ "$b_verbose" = "true" ]; then
if [ "$b_showpasswords" = "true" ]; then
echo 'ldapsearch -x -H '$LDAP_Source_URL' -D "'$LDAP_Bind_User_DN'" -w "'$LDAP_Bind_User_Password'" -b "'$LDAP_SearchBase'" "(&(objectClass=group)(cn="'$LDAP_Groupname_ZabbixSuperAdmin_for_Sync'"))"'
else
echo 'ldapsearch -x -H '$LDAP_Source_URL' -D "'$LDAP_Bind_User_DN'" -w "***********" -b "'$LDAP_SearchBase'" "(&(objectClass=group)(cn="'$LDAP_Groupname_ZabbixSuperAdmin_for_Sync'"))"'
fi
fi
# yes, ldapsearch is called twice - first time without grep to catch the exitcode, 2. time to catch the content
tempvar=`ldapsearch -x -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "$LDAP_SearchBase" "(&(objectClass=group)(cn=$LDAP_Groupname_ZabbixSuperAdmin_for_Sync))" o member`
ldapsearch_exitcode="$?"
if [ "$b_verbose" = "true" ]; then echo "ldapsearch_exitcode: $ldapsearch_exitcode"; fi
tempvar=`ldapsearch -x -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "$LDAP_SearchBase" "(&(objectClass=group)(cn=$LDAP_Groupname_ZabbixSuperAdmin_for_Sync))" o member | grep member:` tempvar=`ldapsearch -x -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "$LDAP_SearchBase" "(&(objectClass=group)(cn=$LDAP_Groupname_ZabbixSuperAdmin_for_Sync))" o member | grep member:`
else else
# ignore SSL ldapsearch # ignore SSL ldapsearch
if [ "$b_verbose" = "true" ]; then
if [ "$b_showpasswords" = "true" ]; then
echo 'LDAPTLS_REQCERT=never ldapsearch -x -H '$LDAP_Source_URL' -D "'$LDAP_Bind_User_DN'" -w "'$LDAP_Bind_User_Password'" -b "'$LDAP_SearchBase'" "(&(objectClass=group)(cn='$LDAP_Groupname_ZabbixSuperAdmin_for_Sync'))" o member'
else
echo 'LDAPTLS_REQCERT=never ldapsearch -x -H '$LDAP_Source_URL' -D "'$LDAP_Bind_User_DN'" -w "***********" -b "'$LDAP_SearchBase'" "(&(objectClass=group)(cn='$LDAP_Groupname_ZabbixSuperAdmin_for_Sync'))" o member'
fi
fi
# yes, ldapsearch is called twice - first time without grep to catch the exitcode, 2. time to catch the content
tempvar=`LDAPTLS_REQCERT=never ldapsearch -x -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "$LDAP_SearchBase" "(&(objectClass=group)(cn=$LDAP_Groupname_ZabbixSuperAdmin_for_Sync))" o member`
ldapsearch_exitcode="$?"
if [ "$b_verbose" = "true" ]; then echo "ldapsearch_exitcode: $ldapsearch_exitcode"; fi
tempvar=`LDAPTLS_REQCERT=never ldapsearch -x -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "$LDAP_SearchBase" "(&(objectClass=group)(cn=$LDAP_Groupname_ZabbixSuperAdmin_for_Sync))" o member | grep member:` tempvar=`LDAPTLS_REQCERT=never ldapsearch -x -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "$LDAP_SearchBase" "(&(objectClass=group)(cn=$LDAP_Groupname_ZabbixSuperAdmin_for_Sync))" o member | grep member:`
fi fi
LDAP_ARRAY_Members_RAW=($tempvar) # Split the raw output into an array if [ "$b_verbose" = "true" ]; then
LDAP_ARRAY_Members_DN=() echo 'Result ldapsearch (with "grep member:" : '"$tempvar"
for (( i=0; i < ${#LDAP_ARRAY_Members_RAW[*]}; i++ )); do echo "Exitcode ldapsearch: $(Translate_ldapsearch_exitcode $ldapsearch_exitcode)"
# Search for the word "member:" in Array - the next value is the DN of a Member fi
if [ "${LDAP_ARRAY_Members_RAW[$i]:0:7}" = "member:" ]; then # only continue if ldapsearch was succesfull
i=$(($i + 1)) if [ "$ldapsearch_exitcode" -eq 0 ];then
LDAP_ARRAY_Members_DN+=("${LDAP_ARRAY_Members_RAW[$i]}") # add new Item to the end of the array LDAP_ARRAY_Members_RAW=($tempvar) # Split the raw output into an array
else LDAP_ARRAY_Members_DN=()
# Ok, no "member:" found and the Item was not skipped by i=i+1 - must still belong to the previous Item, which was separated by a space for (( i=0; i < ${#LDAP_ARRAY_Members_RAW[*]}; i++ )); do
last_item_of_array=${#LDAP_ARRAY_Members_DN[*]} # get the Number of Items in the array # Search for the word "member:" in Array - the next value is the DN of a Member
last_item_of_array=$(($last_item_of_array - 1)) # get the Index of the last one (0 is the first index but the number of Items would be 1) if [ "${LDAP_ARRAY_Members_RAW[$i]:0:7}" = "member:" ]; then
LDAP_ARRAY_Members_DN[$last_item_of_array]+=" ${LDAP_ARRAY_Members_RAW[$i]}" # without ( ) -> replace the Item-Value, add no new Item to the array i=$(($i + 1))
fi LDAP_ARRAY_Members_DN+=("${LDAP_ARRAY_Members_RAW[$i]}") # add new Item to the end of the array
done else
if [ "${#LDAP_ARRAY_Members_DN[*]}" -eq 0 ]; then # Ok, no "member:" found and the Item was not skipped by i=i+1 - must still belong to the previous Item, which was separated by a space
# No Members in Group or an error with ldapsearch last_item_of_array=${#LDAP_ARRAY_Members_DN[*]} # get the Number of Items in the array
echo "+- ERROR -----------------------" last_item_of_array=$(($last_item_of_array - 1)) # get the Index of the last one (0 is the first index but the number of Items would be 1)
echo " No Members in Group or an Error with ldapsearch" LDAP_ARRAY_Members_DN[$last_item_of_array]+=" ${LDAP_ARRAY_Members_RAW[$i]}" # without ( ) -> replace the Item-Value, add no new Item to the array
echo " try the following commands manual for testing:" fi
echo 'ldapsearch -x -H '$LDAP_Source_URL' -D "'$LDAP_Bind_User_DN'" -w "'$LDAP_Bind_User_Password'" -b "'$LDAP_SearchBase'" "(&(objectClass=group)(cn='$LDAP_Groupname_ZabbixSuperAdmin_for_Sync'))"' done
echo "With ignore SSL Certificate:"
echo 'LDAPTLS_REQCERT=never ldapsearch -x -H '$LDAP_Source_URL' -D "'$LDAP_Bind_User_DN'" -w "'$LDAP_Bind_User_Password'" -b "'$LDAP_SearchBase'" "(&(objectClass=group)(cn='$LDAP_Groupname_ZabbixSuperAdmin_for_Sync'))"'
echo "+-------------------------------"
exit 1
else else
Print_Error "Exitcode ldapsearch not zero: $(Translate_ldapsearch_exitcode $ldapsearch_exitcode)\nTry -v -p and test command by hand"
exit 1
fi
Print_Status_Done "done" $GREEN
if [ "$b_verbose" = "true" ]; then
echo 'Got "Distinguished Name" for '${#LDAP_ARRAY_Members_DN[*]}' members:' echo 'Got "Distinguished Name" for '${#LDAP_ARRAY_Members_DN[*]}' members:'
for (( i=0; i < ${#LDAP_ARRAY_Members_DN[*]}; i++ )); do for (( i=0; i < ${#LDAP_ARRAY_Members_DN[*]}; i++ )); do
echo "$i: ${LDAP_ARRAY_Members_DN[$i]}" echo "$i: ${LDAP_ARRAY_Members_DN[$i]}"
done done
echo "--------------------------------------------------------------" echo "--------------------------------------------------------------"
fi fi
printf "Query sAMAccountName, sn, givenName and primary Email-Address "
declare -a LDAP_ARRAY_Members_sAMAccountName declare -a LDAP_ARRAY_Members_sAMAccountName
declare -a LDAP_ARRAY_Members_Surname declare -a LDAP_ARRAY_Members_Surname
declare -a LDAP_ARRAY_Members_Givenname declare -a LDAP_ARRAY_Members_Givenname
declare -a LDAP_ARRAY_Members_Email declare -a LDAP_ARRAY_Members_Email
LDAP_ARRAY_Members_sAMAccountName=() # Only catch the rest if there members in the group
LDAP_ARRAY_Members_Surname=() if [ "${#LDAP_ARRAY_Members_DN[*]}" -gt 0 ]; then
LDAP_ARRAY_Members_Givenname=() Print_Status_Text "Query sAMAccountName, sn, givenName and primary Email-Address"
LDAP_ARRAY_Members_Email=() LDAP_ARRAY_Members_sAMAccountName=()
# Maybe a User have no Surname, Givenname and/or Email - but the will be always a sAMAccountName LDAP_ARRAY_Members_Surname=()
# the checks are used for testing this. Set to false for the first run of the loop LDAP_ARRAY_Members_Givenname=()
b_check_sAMAccountName="false" LDAP_ARRAY_Members_Email=()
b_check_Surname="false" # Maybe a User have no Surname, Givenname and/or Email - but the will be always a sAMAccountName
b_check_Givenname="false" # the checks are used for testing this. Set to false for the first run of the loop
b_check_Email="false"
for (( i=0; i < ${#LDAP_ARRAY_Members_DN[*]}; i++ )); do
# When the Loop start again we have to for all values. All arrays-size must be equal!
# First run of loop will be skipped because b_check_sAMAccountName is false
if [ "$b_check_sAMAccountName" = "true" ]; then
if [ "$b_check_Surname" = "false" ]; then
LDAP_ARRAY_Members_Surname+=(" ")
fi
if [ "$b_check_Givenname" = "false" ]; then
LDAP_ARRAY_Members_Givenname+=(" ")
fi
if [ "$b_check_Email" = "false" ]; then
LDAP_ARRAY_Members_Email+=(" ")
fi
fi
if [ LDAP_Ignore_SSL_Certificate = "false" ]; then
# sed replace all ": " and "new line" to "|"
tempvar=`ldapsearch -x -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "${LDAP_ARRAY_Members_DN[$i]}" o sAMAccountName o sn o givenName o mail | grep "^sn: \|^givenName: \|^sAMAccountName: \|^mail:" | sed 's/$/|/' | sed 's/: /|/'`
else
# sed replace all ": " and "new line" to "|"
tempvar=`LDAPTLS_REQCERT=never ldapsearch -x -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "${LDAP_ARRAY_Members_DN[$i]}" o sAMAccountName o sn o givenName o mail | grep "^sn: \|^givenName: \|^sAMAccountName: \|^mail:" | sed 's/$/|/' | sed 's/: /|/'`
fi
# Remove all "New Line" (yes, again,) but keep all Spaces
tempvar=$(echo "|${tempvar//[$'\t\r\n']}|")
IFS=$'|' # | is set as delimiter
LDAP_ARRAY_Members_RAW=($tempvar)
IFS=' ' # space is set as delimiter
b_check_sAMAccountName="false" b_check_sAMAccountName="false"
b_check_Surname="false" b_check_Surname="false"
b_check_Givenname="false" b_check_Givenname="false"
b_check_Email="false" b_check_Email="false"
for (( k=0; k < ${#LDAP_ARRAY_Members_RAW[*]}; k++ )); do
# Check sAMAccountName for (( i=0; i < ${#LDAP_ARRAY_Members_DN[*]}; i++ )); do
if [ "${LDAP_ARRAY_Members_RAW[$k]}" = "sAMAccountName" ]; then # When the Loop start again we have to for all values. All arrays-size must be equal!
k=$(($k + 1)) # First run of loop will be skipped because b_check_sAMAccountName is false
# echo "add SAM: ${LDAP_ARRAY_Members_RAW[$k]}" if [ "$b_check_sAMAccountName" = "true" ]; then
printf "." if [ "$b_check_Surname" = "false" ]; then
LDAP_ARRAY_Members_sAMAccountName+=("${LDAP_ARRAY_Members_RAW[$k]}") LDAP_ARRAY_Members_Surname+=(" ")
b_check_sAMAccountName="true" fi
if [ "$b_check_Givenname" = "false" ]; then
LDAP_ARRAY_Members_Givenname+=(" ")
fi
if [ "$b_check_Email" = "false" ]; then
LDAP_ARRAY_Members_Email+=(" ")
fi
fi fi
if [ "${LDAP_ARRAY_Members_RAW[$k]}" = "sn" ]; then if [ LDAP_Ignore_SSL_Certificate = "false" ]; then
k=$(($k + 1)) # sed replace all ": " and "new line" to "|"
# echo "add SN: ${LDAP_ARRAY_Members_RAW[$k]}" tempvar=`ldapsearch -x -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "${LDAP_ARRAY_Members_DN[$i]}" o sAMAccountName o sn o givenName o mail | grep "^sn: \|^givenName: \|^sAMAccountName: \|^mail:" | sed 's/$/|/' | sed 's/: /|/'`
printf "." else
LDAP_ARRAY_Members_Surname+=("${LDAP_ARRAY_Members_RAW[$k]}") # sed replace all ": " and "new line" to "|"
b_check_Surname="true" tempvar=`LDAPTLS_REQCERT=never ldapsearch -x -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "${LDAP_ARRAY_Members_DN[$i]}" o sAMAccountName o sn o givenName o mail | grep "^sn: \|^givenName: \|^sAMAccountName: \|^mail:" | sed 's/$/|/' | sed 's/: /|/'`
fi
if [ "${LDAP_ARRAY_Members_RAW[$k]}" = "givenName" ]; then
k=$(($k + 1))
# echo "add givenName: ${LDAP_ARRAY_Members_RAW[$k]}"
printf "."
LDAP_ARRAY_Members_Givenname+=("${LDAP_ARRAY_Members_RAW[$k]}")
b_check_Givenname="true"
fi
if [ "${LDAP_ARRAY_Members_RAW[$k]}" = "mail" ]; then
k=$(($k + 1))
# echo "add Email: ${LDAP_ARRAY_Members_RAW[$k]}"
printf "."
LDAP_ARRAY_Members_Email+=("${LDAP_ARRAY_Members_RAW[$k]}")
b_check_Email="true"
fi fi
# Remove all "New Line" (yes, again,) but keep all Spaces
tempvar=$(echo "|${tempvar//[$'\t\r\n']}|")
IFS=$'|' # | is set as delimiter
LDAP_ARRAY_Members_RAW=($tempvar)
IFS=' ' # space is set as delimiter
b_check_sAMAccountName="false"
b_check_Surname="false"
b_check_Givenname="false"
b_check_Email="false"
for (( k=0; k < ${#LDAP_ARRAY_Members_RAW[*]}; k++ )); do
# Check sAMAccountName
if [ "${LDAP_ARRAY_Members_RAW[$k]}" = "sAMAccountName" ]; then
k=$(($k + 1))
# echo "add SAM: ${LDAP_ARRAY_Members_RAW[$k]}"
printf "."
LDAP_ARRAY_Members_sAMAccountName+=("${LDAP_ARRAY_Members_RAW[$k]}")
b_check_sAMAccountName="true"
fi
if [ "${LDAP_ARRAY_Members_RAW[$k]}" = "sn" ]; then
k=$(($k + 1))
# echo "add SN: ${LDAP_ARRAY_Members_RAW[$k]}"
printf "."
LDAP_ARRAY_Members_Surname+=("${LDAP_ARRAY_Members_RAW[$k]}")
b_check_Surname="true"
fi
if [ "${LDAP_ARRAY_Members_RAW[$k]}" = "givenName" ]; then
k=$(($k + 1))
# echo "add givenName: ${LDAP_ARRAY_Members_RAW[$k]}"
printf "."
LDAP_ARRAY_Members_Givenname+=("${LDAP_ARRAY_Members_RAW[$k]}")
b_check_Givenname="true"
fi
if [ "${LDAP_ARRAY_Members_RAW[$k]}" = "mail" ]; then
k=$(($k + 1))
# echo "add Email: ${LDAP_ARRAY_Members_RAW[$k]}"
printf "."
LDAP_ARRAY_Members_Email+=("${LDAP_ARRAY_Members_RAW[$k]}")
b_check_Email="true"
fi
done
done done
done Print_Status_Done "done" $GREEN
echo " done" fi
unset LDAP_ARRAY_Members_RAW unset LDAP_ARRAY_Members_RAW
echo "------------------------------------------------------------------------------------------------" if [ "$b_verbose" = "true" ]; then
echo "Result from STEP 1: Getting all Members from Active Directory / LDAP Group $LDAP_Groupname_ZabbixSuperAdmin_for_Sync" echo "------------------------------------------------------------------------------------------------"
echo "----+----------------------+----------------------+----------------------+----------------------" echo "Result from STEP 1: Getting all Members from Active Directory / LDAP Group $LDAP_Groupname_ZabbixSuperAdmin_for_Sync"
printf "%-3s | %-20s | %-20s | %-20s | %-20s" "No." "sAMAccountName" "Surname" "Givenname" "Email" echo "----+----------------------+----------------------+----------------------+----------------------"
printf "\n" printf "%-3s | %-20s | %-20s | %-20s | %-20s" "No." "sAMAccountName" "Surname" "Givenname" "Email"
echo "----+----------------------+----------------------+----------------------+----------------------"
for (( i=0; i < ${#LDAP_ARRAY_Members_sAMAccountName[*]}; i++ )); do
printf "%-3s | %-20s | %-20s | %-20s | %-20s" "$i" "${LDAP_ARRAY_Members_sAMAccountName[$i]}" "${LDAP_ARRAY_Members_Surname[$i]}" "${LDAP_ARRAY_Members_Givenname[$i]}" "${LDAP_ARRAY_Members_Email[$i]}"
printf "\n" printf "\n"
done echo "----+----------------------+----------------------+----------------------+----------------------"
echo "------------------------------------------------------------------------------------------------" for (( i=0; i < ${#LDAP_ARRAY_Members_sAMAccountName[*]}; i++ )); do
echo printf "%-3s | %-20s | %-20s | %-20s | %-20s" "$i" "${LDAP_ARRAY_Members_sAMAccountName[$i]}" "${LDAP_ARRAY_Members_Surname[$i]}" "${LDAP_ARRAY_Members_Givenname[$i]}" "${LDAP_ARRAY_Members_Email[$i]}"
echo printf "\n"
echo done
echo "------------------------------------------------------------------------------------------------"
echo
echo
fi
############################################################################################################# #############################################################################################################
# ______ _ _ _ _ _ # ______ _ _ _ _ _
@ -271,21 +561,34 @@ echo
# __/ | # __/ |
# |___/ # |___/
# Login Zabbix API and catch the authentication token # Login Zabbix API and catch the authentication token
ZABBIX_authentication_token=$(curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"user.login","params":{"user":"'$ZABBIX_API_Username'","password":"'$ZABBIX_API_Password'"},"id":42}' $ZABBIX_API_URL | cut -d'"' -f8) b_Zabbix_is_logged_in="false"
#echo Anmeldetoken: $ZABBIX_authentication_token Print_Status_Text "Login at Zabbix API"
if [ "${#ZABBIX_authentication_token}" -ne 32 ]; then if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
# Token have 32 Chars - something went wrong if [ "$b_verbose" = "true" ]; then
echo "+- ERROR -----------------------"
echo " Login Zabbix API failed!"
echo " try the following commands manual for testing:"
printf 'curl -k -s -X POST -H "Content-Type:application/json" -d ' printf 'curl -k -s -X POST -H "Content-Type:application/json" -d '
printf "'" printf "'"
printf '{"jsonrpc": "2.0","method":"user.login","params":{"user":"'$ZABBIX_API_Username'","password":"'$ZABBIX_API_Password'"},"id":42}' if [ "$b_showpasswords" = "true" ]; then
printf '{"jsonrpc": "2.0","method":"user.login","params":{"user":"'$ZABBIX_API_User'","password":"'$ZABBIX_API_Password'"},"id":42}'
else
printf '{"jsonrpc": "2.0","method":"user.login","params":{"user":"'$ZABBIX_API_User'","password":"********"},"id":42}'
fi
printf "'" printf "'"
echo " $ZABBIX_API_URL" echo " $ZABBIX_API_URL"
echo "+-------------------------------"
exit 1
fi fi
ZABBIX_authentication_token=$(curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"user.login","params":{"user":"'$ZABBIX_API_User'","password":"'$ZABBIX_API_Password'"},"id":42}' $ZABBIX_API_URL | cut -d'"' -f8)
Print_Verbose_Text "Authentification token" "$ZABBIX_authentication_token"
if [ "${#ZABBIX_authentication_token}" -ne 32 ]; then
# Token must have 32 Chars - something went wrong
Print_Status_Done "failed" $RED
Print_Error "Login Zabbix API failed\nTry -v -p and test command by hand"
exit 1
else
b_Zabbix_is_logged_in="true"
fi
if [ "$b_verbose" = "true" ]; then Print_Status_Text "Login at Zabbix API"; fi
Print_Status_Done "done" $GREEN
Zabbix_Logout
exit 1
############################################################################################################# #############################################################################################################
# ____ ______ _ _ _ _____ # ____ ______ _ _ _ _____
# / __ \ |___ / | | | | (_) / ____| # / __ \ |___ / | | | | (_) / ____|
@ -301,7 +604,7 @@ echo "STEP 2: Get Members of Zabbix-LDAP Group"
echo "--------------------------------------------------------------" echo "--------------------------------------------------------------"
echo "Zabbix LDAP Group Name .........: $ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync" echo "Zabbix LDAP Group Name .........: $ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync"
echo "Zabbix Disabled User Group Name : $ZABBIX_Disabled_User_Group" echo "Zabbix Disabled User Group Name : $ZABBIX_Disabled_User_Group"
echo "Zabbix API URL .................: $ZABBIX_API_Username" echo "Zabbix API URL .................: $ZABBIX_API_User"
echo "Zabbix API User ................: $LDAP_Bind_User_DN" echo "Zabbix API User ................: $LDAP_Bind_User_DN"
echo "--------------------------------------------------------------" echo "--------------------------------------------------------------"
############################################################################################################# #############################################################################################################
@ -569,29 +872,29 @@ if [ "$b_Must_Sync_Users" = "true" ]; then
tempvar="" tempvar=""
case "$create_combination" in case "$create_combination" in
"OOO") # No Surname, Givenname or Email "OOO") # No Surname, Givenname or Email
tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc":"2.0","method":"user.create","params":{"alias":'"$tempSAM"',"usrgrps":[{"usrgrpid":"'$ZABBIX_LDAP_Group_UsrGrpId'"}],"type":'$ZABBIX_Default_User_Type'},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL` tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc":"2.0","method":"user.create","params":{"alias":'"$tempSAM"',"usrgrps":[{"usrgrpid":"'$ZABBIX_LDAP_Group_UsrGrpId'"}],"type":'$ZABBIX_UserType_User'},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
;; ;;
"OOX") # Email, but no Surname or Givenname "OOX") # Email, but no Surname or Givenname
tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc":"2.0","method":"user.create","params":{"alias":'"$tempSAM"',"user_medias":[{"mediatypeid": "'$ZABBIX_MediaTypeID'","sendto":['"$tempEmail"']}],"usrgrps":[{"usrgrpid":"'$ZABBIX_LDAP_Group_UsrGrpId'"}],"type":'$ZABBIX_Default_User_Type'},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL` tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc":"2.0","method":"user.create","params":{"alias":'"$tempSAM"',"user_medias":[{"mediatypeid": "'$ZABBIX_MediaTypeID'","sendto":['"$tempEmail"']}],"usrgrps":[{"usrgrpid":"'$ZABBIX_LDAP_Group_UsrGrpId'"}],"type":'$ZABBIX_UserType_User'},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
;; ;;
"OXO") # Givenname, but no Surname or Email "OXO") # Givenname, but no Surname or Email
tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc":"2.0","method":"user.create","params":{"alias":'"$tempSAM"',"name":'"$tempNAME"',"usrgrps":[{"usrgrpid":"'$ZABBIX_LDAP_Group_UsrGrpId'"}],"type":'$ZABBIX_Default_User_Type'},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL` tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc":"2.0","method":"user.create","params":{"alias":'"$tempSAM"',"name":'"$tempNAME"',"usrgrps":[{"usrgrpid":"'$ZABBIX_LDAP_Group_UsrGrpId'"}],"type":'$ZABBIX_UserType_User'},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
;; ;;
"OXX") # Givenname and Email, no Surname "OXX") # Givenname and Email, no Surname
tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc":"2.0","method":"user.create","params":{"alias":'"$tempSAM"',"user_medias":[{"mediatypeid": "'$ZABBIX_MediaTypeID'","sendto":['"$tempEmail"']}],"name":'"$tempNAME"',"usrgrps":[{"usrgrpid":"'$ZABBIX_LDAP_Group_UsrGrpId'"}],"type":'$ZABBIX_Default_User_Type'},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL` tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc":"2.0","method":"user.create","params":{"alias":'"$tempSAM"',"user_medias":[{"mediatypeid": "'$ZABBIX_MediaTypeID'","sendto":['"$tempEmail"']}],"name":'"$tempNAME"',"usrgrps":[{"usrgrpid":"'$ZABBIX_LDAP_Group_UsrGrpId'"}],"type":'$ZABBIX_UserType_User'},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
;; ;;
"XOO") # Surname, but no Givenname or Email "XOO") # Surname, but no Givenname or Email
tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc":"2.0","method":"user.create","params":{"alias":'"$tempSAM"',"surname":'"$tempSURNAME"',"usrgrps":[{"usrgrpid":"'$ZABBIX_LDAP_Group_UsrGrpId'"}],"type":'$ZABBIX_Default_User_Type'},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL` tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc":"2.0","method":"user.create","params":{"alias":'"$tempSAM"',"surname":'"$tempSURNAME"',"usrgrps":[{"usrgrpid":"'$ZABBIX_LDAP_Group_UsrGrpId'"}],"type":'$ZABBIX_UserType_User'},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
;; ;;
"XOX") # Surname and Email, but no Givenname "XOX") # Surname and Email, but no Givenname
tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"user.create","params":{"alias":'"$tempSAM"',"surname":'"$tempSURNAME"',"user_medias":[{"mediatypeid": "'$ZABBIX_MediaTypeID'","sendto":['"$tempEmail"']}],"usrgrps":[{"usrgrpid":"'$ZABBIX_LDAP_Group_UsrGrpId'"}],"type":'$ZABBIX_Default_User_Type'},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL` tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"user.create","params":{"alias":'"$tempSAM"',"surname":'"$tempSURNAME"',"user_medias":[{"mediatypeid": "'$ZABBIX_MediaTypeID'","sendto":['"$tempEmail"']}],"usrgrps":[{"usrgrpid":"'$ZABBIX_LDAP_Group_UsrGrpId'"}],"type":'$ZABBIX_UserType_User'},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
;; ;;
"XXO") # Surname and Givenname, but no Email "XXO") # Surname and Givenname, but no Email
tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc":"2.0","method":"user.create","params":{"alias":'"$tempSAM"',"name":'"$tempNAME"',"surname":'"$tempSURNAME"',"usrgrps":[{"usrgrpid":"'$ZABBIX_LDAP_Group_UsrGrpId'"}],"type":'$ZABBIX_Default_User_Type'},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL` tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc":"2.0","method":"user.create","params":{"alias":'"$tempSAM"',"name":'"$tempNAME"',"surname":'"$tempSURNAME"',"usrgrps":[{"usrgrpid":"'$ZABBIX_LDAP_Group_UsrGrpId'"}],"type":'$ZABBIX_UserType_User'},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
;; ;;
"XXX") # Surname, Givenname and Email "XXX") # Surname, Givenname and Email
tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"user.create","params":{"alias":'"$tempSAM"',"name":'"$tempNAME"',"surname":'"$tempSURNAME"',"user_medias":[{"mediatypeid": "'$ZABBIX_MediaTypeID'","sendto":['"$tempEmail"']}],"usrgrps":[{"usrgrpid":"'$ZABBIX_LDAP_Group_UsrGrpId'"}],"type":'$ZABBIX_Default_User_Type'},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL` tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"user.create","params":{"alias":'"$tempSAM"',"name":'"$tempNAME"',"surname":'"$tempSURNAME"',"user_medias":[{"mediatypeid": "'$ZABBIX_MediaTypeID'","sendto":['"$tempEmail"']}],"usrgrps":[{"usrgrpid":"'$ZABBIX_LDAP_Group_UsrGrpId'"}],"type":'$ZABBIX_UserType_User'},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
;; ;;
esac esac
#echo "$tempvar" #echo "$tempvar"