Final Version 1.1

This commit is contained in:
root@zabbix.znil.net 2020-04-14 14:28:17 +02:00
parent 318b19a5ff
commit cd128aee46
2 changed files with 54 additions and 107 deletions

View File

@ -24,21 +24,13 @@ LDAP_Ignore_SSL_Certificate="true"
LDAP_Bind_User_DN="CN=ldapSearch,OU=MyUsers,DC=mydomain,DC=local" LDAP_Bind_User_DN="CN=ldapSearch,OU=MyUsers,DC=mydomain,DC=local"
# the passwort og the user (should be marked as never changed) # the passwort og the user (should be marked as never changed)
# Please avoid special chars which were use in bash like $`´'"\/<>()[]^ # Please avoid special chars which were use in bash like $`´'"\/<>()[]^
LDAP_Bind_User_Password="9qA3XB1r.##Xr2+7c1HP--!pq" LDAP_Bind_User_Password="9qA3XB1r##Xr27c1HPpq"
# Searchbase - your Domain name or specify OU # Searchbase - your Domain name or specify OU
LDAP_SearchBase="DC=znil,DC=local" LDAP_SearchBase="DC=exampledomain,DC=local"
# Name of Groups in LDAP (Active-Directory) and in Zabbix for Sync with Zabbix # Name of Groups in LDAP (Active-Directory) and in Zabbix for Sync with Zabbix
# if you do not want do use one of these groups set both groupnames to "skip" or comment out these lines ZABBIX_Groupname_for_Sync="Zabbix-Super-Admin"
# Will be created as User Type "Zabbix Super Admin" (default) ZABBIX_Groupname_for_Sync="LDAP-SuperAdmin"
LDAP_Groupname_ZabbixSuperAdmin_for_Sync="Zabbix-Super-Admin"
ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync="LDAP-SuperAdmin"
# Will be created as User Type "Zabbix Admin" (default)
LDAP_Groupname_ZabbixAdmin_for_Sync="Zabbix-Admin"
ZABBIX_Groupname_ZabbixAdmin_for_Sync="LDAP-Admin"
# Will be created as User Type "Zabbix User" (default)
LDAP_Groupname_ZabbixUser_for_Sync="Zabbix-User"
ZABBIX_Groupname_ZabbixUser_for_Sync="LDAP-User"
# When you remove an user from the LDAP-Group, the user will moved in this group which is "Not enabled" = Disabled and Frontend access is "disabled" # When you remove an user from the LDAP-Group, the user will moved in this group which is "Not enabled" = Disabled and Frontend access is "disabled"
ZABBIX_Disabled_User_Group="Disabled" ZABBIX_Disabled_User_Group="Disabled"
@ -55,9 +47,7 @@ ZABBIX_API_Password="strongpassword73#"
# 1 - (default) Zabbix user; # 1 - (default) Zabbix user;
# 2 - Zabbix admin; # 2 - Zabbix admin;
# 3 - Zabbix super admin. # 3 - Zabbix super admin.
ZABBIX_UserType_User=1 ZABBIX_UserType_User=3
ZABBIX_UserType_Admin=2
ZABBIX_UserType_SuperAdmin=3
# Zabbix Media Type Id # Zabbix Media Type Id
# At new Installation: # At new Installation:

View File

@ -1,8 +1,8 @@
#!/bin/bash #!/bin/bash
############################################################################################################# #############################################################################################################
# Script Name ...: zabbix-ldap-sync.sh # Script Name ...: zabbix-ldap-sync.sh
# Version .......: V1.0 # Version .......: V1.1
# Date ..........: 09.04.2020 # Date ..........: 14.04.2020
# Description....: Synchronise Members of a Actice Directory Group with Zabbix via API # Description....: Synchronise Members of a Actice Directory Group with Zabbix via API
# User wich are removed will be deactivated # User wich are removed will be deactivated
# Args ..........: # Args ..........:
@ -11,7 +11,7 @@
# Email Private : Bernhard@znil.de # Email Private : Bernhard@znil.de
############################################################################################################# #############################################################################################################
# Variables # Variables
Script_Version="V1.0 (2020-04-01)" Script_Version="V1.1 (2020-04-14)"
# Colors for printf and echo # Colors for printf and echo
DEFAULT_FOREGROUND=39 DEFAULT_FOREGROUND=39
RED=31 RED=31
@ -182,6 +182,8 @@ while [[ $# -gt 0 ]]; do
done done
if [ "$b_Unknown_Parameter" = "true" ]; then if [ "$b_Unknown_Parameter" = "true" ]; then
# ToDo: Create Help text # ToDo: Create Help text
echo "Parameter error - print help"
echo "In Future here will be some helping text"
exit 1 exit 1
fi fi
############################################################################################################# #############################################################################################################
@ -266,53 +268,21 @@ fi
#################################################################################################### ####################################################################################################
if ! [ -z ${LDAP_SearchBase+x} ]; then Print_Verbose_Text "LDAP_SearchBase" "${LDAP_SearchBase}"; else Print_Error "Missing LDAP_SearchBase"; fi if ! [ -z ${LDAP_SearchBase+x} ]; then Print_Verbose_Text "LDAP_SearchBase" "${LDAP_SearchBase}"; else Print_Error "Missing LDAP_SearchBase"; fi
#################################################################################################### ####################################################################################################
if ! [ -z ${LDAP_Groupname_ZabbixSuperAdmin_for_Sync+x} ]; then if ! [ -z ${LDAP_Groupname_for_Sync+x} ]; then
Print_Verbose_Text "LDAP_Groupname_ZabbixSuperAdmin_for_Sync" "${LDAP_Groupname_ZabbixSuperAdmin_for_Sync}" Print_Verbose_Text "LDAP_Groupname_for_Sync" "${LDAP_Groupname_for_Sync}"
else else
LDAP_Groupname_ZabbixSuperAdmin_for_Sync="skip" LDAP_Groupname_for_Sync="skip"
Print_Verbose_Text "LDAP_Groupname_ZabbixSuperAdmin_for_Sync" "skip sync" Print_Verbose_Text "LDAP_Groupname_for_Sync" "skip sync"
fi fi
if [ "$LDAP_Groupname_ZabbixSuperAdmin_for_Sync" = "skip" ]; then Print_Verbose_Text "LDAP_Groupname_ZabbixSuperAdmin_for_Sync" "skip sync"; fi if [ "$LDAP_Groupname_for_Sync" = "skip" ]; then Print_Verbose_Text "LDAP_Groupname_for_Sync" "skip sync"; fi
#################################################################################################### ####################################################################################################
if ! [ -z ${ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync+x} ]; then if ! [ -z ${ZABBIX_Groupname_for_Sync+x} ]; then
Print_Verbose_Text "ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync" "${ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync}" Print_Verbose_Text "ZABBIX_Groupname_for_Sync" "${ZABBIX_Groupname_for_Sync}"
else else
ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync="skip" ZABBIX_Groupname_for_Sync="skip"
Print_Verbose_Text "ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync" "skip sync" Print_Verbose_Text "ZABBIX_Groupname_for_Sync" "skip sync"
fi fi
if [ "$ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync" = "skip" ]; then Print_Verbose_Text "ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync" "skip sync"; fi if [ "$ZABBIX_Groupname_for_Sync" = "skip" ]; then Print_Verbose_Text "ZABBIX_Groupname_for_Sync" "skip sync"; fi
####################################################################################################
if ! [ -z ${LDAP_Groupname_ZabbixAdmin_for_Sync+x} ]; then
Print_Verbose_Text "LDAP_Groupname_ZabbixAdmin_for_Sync" "${LDAP_Groupname_ZabbixAdmin_for_Sync}"
else
LDAP_Groupname_ZabbixAdmin_for_Sync="skip"
Print_Verbose_Text "LDAP_Groupname_ZabbixAdmin_for_Sync" "skip sync"
fi
if [ "$LDAP_Groupname_ZabbixAdmin_for_Sync" = "skip" ]; then Print_Verbose_Text "LDAP_Groupname_ZabbixAdmin_for_Sync" "skip sync"; fi
####################################################################################################
if ! [ -z ${ZABBIX_Groupname_ZabbixAdmin_for_Sync+x} ]; then
Print_Verbose_Text "ZABBIX_Groupname_ZabbixAdmin_for_Sync" "${ZABBIX_Groupname_ZabbixAdmin_for_Sync}"
else
ZABBIX_Groupname_ZabbixAdmin_for_Sync="skip"
Print_Verbose_Text "ZABBIX_Groupname_ZabbixAdmin_for_Sync" "skip sync"
fi
if [ "$ZABBIX_Groupname_ZabbixAdmin_for_Sync" = "skip" ]; then Print_Verbose_Text "ZABBIX_Groupname_ZabbixAdmin_for_Sync" "skip sync"; fi
####################################################################################################
if ! [ -z ${LDAP_Groupname_ZabbixUser_for_Sync+x} ]; then
Print_Verbose_Text "LDAP_Groupname_ZabbixUser_for_Sync" "${LDAP_Groupname_ZabbixUser_for_Sync}"
else
LDAP_Groupname_ZabbixUser_for_Sync="skip"
Print_Verbose_Text "LDAP_Groupname_ZabbixUser_for_Sync" "skip sync"
fi
if [ "$LDAP_Groupname_ZabbixUser_for_Sync" = "skip" ]; then Print_Verbose_Text "LDAP_Groupname_ZabbixUser_for_Sync" "skip sync"; fi
####################################################################################################
if ! [ -z ${ZABBIX_Groupname_ZabbixUser_for_Sync+x} ]; then
Print_Verbose_Text "ZABBIX_Groupname_ZabbixUser_for_Sync" "${ZABBIX_Groupname_ZabbixUser_for_Sync}"
else
ZABBIX_Groupname_ZabbixUser_for_Sync="skip"
Print_Verbose_Text "ZABBIX_Groupname_ZabbixUser_for_Sync" "skip sync"
fi
if [ "$ZABBIX_Groupname_ZabbixUser_for_Sync" = "skip" ]; then Print_Verbose_Text "ZABBIX_Groupname_ZabbixUser_for_Sync" "skip sync"; fi
#################################################################################################### ####################################################################################################
if ! [ -z ${ZABBIX_Disabled_User_Group+x} ]; then if ! [ -z ${ZABBIX_Disabled_User_Group+x} ]; then
Print_Verbose_Text "ZABBIX_Disabled_User_Group" "${ZABBIX_Disabled_User_Group}" Print_Verbose_Text "ZABBIX_Disabled_User_Group" "${ZABBIX_Disabled_User_Group}"
@ -343,20 +313,6 @@ else
Print_Verbose_Text "ZABBIX_UserType_User (using Default Value)" "${ZABBIX_UserType_User}" Print_Verbose_Text "ZABBIX_UserType_User (using Default Value)" "${ZABBIX_UserType_User}"
fi fi
#################################################################################################### ####################################################################################################
if ! [ -z ${ZABBIX_UserType_Admin+x} ]; then
Print_Verbose_Text "ZABBIX_UserType_Admin" "${ZABBIX_UserType_Admin}"
else
ZABBIX_UserType_Admin=1
Print_Verbose_Text "ZABBIX_UserType_Admin (using Default Value)" "${ZABBIX_UserType_Admin}"
fi
####################################################################################################
if ! [ -z ${ZABBIX_UserType_SuperAdmin+x} ]; then
Print_Verbose_Text "ZABBIX_UserType_SuperAdmin" "${ZABBIX_UserType_SuperAdmin}"
else
ZABBIX_UserType_SuperAdmin=1
Print_Verbose_Text "ZABBIX_UserType_SuperAdmin (using Default Value)" "${ZABBIX_UserType_SuperAdmin}"
fi
####################################################################################################
if ! [ -z ${ZABBIX_MediaTypeID+x} ]; then if ! [ -z ${ZABBIX_MediaTypeID+x} ]; then
Print_Verbose_Text "ZABBIX_MediaTypeID" "${ZABBIX_MediaTypeID}" Print_Verbose_Text "ZABBIX_MediaTypeID" "${ZABBIX_MediaTypeID}"
else else
@ -389,10 +345,10 @@ if [ "$b_verbose" = "true" ]; then
echo echo
echo "STEP 1: Getting all Members from Active Directory / LDAP Group" echo "STEP 1: Getting all Members from Active Directory / LDAP Group"
echo "--------------------------------------------------------------" echo "--------------------------------------------------------------"
echo "Group Name ......: $LDAP_Groupname_ZabbixSuperAdmin_for_Sync" echo "Group Name SuperAdmin : $LDAP_Groupname_for_Sync"
echo "LDAP Server .....: $LDAP_Source_URL" echo "LDAP Server ..........: $LDAP_Source_URL"
echo "LDAP User .......: $LDAP_Bind_User_DN" echo "LDAP User ............: $LDAP_Bind_User_DN"
echo "LDAP Search Base : $LDAP_SearchBase" echo "LDAP Search Base .....: $LDAP_SearchBase"
echo "--------------------------------------------------------------" echo "--------------------------------------------------------------"
echo "running ldapsearch:" echo "running ldapsearch:"
fi fi
@ -400,30 +356,30 @@ if [ LDAP_Ignore_SSL_Certificate = "false" ]; then
# normal ldapsearch call # normal ldapsearch call
if [ "$b_verbose" = "true" ]; then if [ "$b_verbose" = "true" ]; then
if [ "$b_showpasswords" = "true" ]; then if [ "$b_showpasswords" = "true" ]; then
echo 'ldapsearch -x -H '$LDAP_Source_URL' -D "'$LDAP_Bind_User_DN'" -w "'$LDAP_Bind_User_Password'" -b "'$LDAP_SearchBase'" "(&(objectClass=group)(cn="'$LDAP_Groupname_ZabbixSuperAdmin_for_Sync'"))"' echo 'ldapsearch -x -H '$LDAP_Source_URL' -D "'$LDAP_Bind_User_DN'" -w "'$LDAP_Bind_User_Password'" -b "'$LDAP_SearchBase'" "(&(objectClass=group)(cn="'$LDAP_Groupname_for_Sync'"))"'
else else
echo 'ldapsearch -x -H '$LDAP_Source_URL' -D "'$LDAP_Bind_User_DN'" -w "***********" -b "'$LDAP_SearchBase'" "(&(objectClass=group)(cn="'$LDAP_Groupname_ZabbixSuperAdmin_for_Sync'"))"' echo 'ldapsearch -x -H '$LDAP_Source_URL' -D "'$LDAP_Bind_User_DN'" -w "***********" -b "'$LDAP_SearchBase'" "(&(objectClass=group)(cn="'$LDAP_Groupname_for_Sync'"))"'
fi fi
fi fi
# yes, ldapsearch is called twice - first time without grep to catch the exitcode, 2. time to catch the content # yes, ldapsearch is called twice - first time without grep to catch the exitcode, 2. time to catch the content
tempvar=`ldapsearch -x -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "$LDAP_SearchBase" "(&(objectClass=group)(cn=$LDAP_Groupname_ZabbixSuperAdmin_for_Sync))" o member` tempvar=`ldapsearch -x -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "$LDAP_SearchBase" "(&(objectClass=group)(cn=$LDAP_Groupname_for_Sync))" o member`
ldapsearch_exitcode="$?" ldapsearch_exitcode="$?"
if [ "$b_verbose" = "true" ]; then echo "ldapsearch_exitcode: $ldapsearch_exitcode"; fi if [ "$b_verbose" = "true" ]; then echo "ldapsearch_exitcode: $ldapsearch_exitcode"; fi
tempvar=`ldapsearch -x -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "$LDAP_SearchBase" "(&(objectClass=group)(cn=$LDAP_Groupname_ZabbixSuperAdmin_for_Sync))" o member | grep member:` tempvar=`ldapsearch -x -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "$LDAP_SearchBase" "(&(objectClass=group)(cn=$LDAP_Groupname_for_Sync))" o member | grep member:`
else else
# ignore SSL ldapsearch # ignore SSL ldapsearch
if [ "$b_verbose" = "true" ]; then if [ "$b_verbose" = "true" ]; then
if [ "$b_showpasswords" = "true" ]; then if [ "$b_showpasswords" = "true" ]; then
echo 'LDAPTLS_REQCERT=never ldapsearch -x -H '$LDAP_Source_URL' -D "'$LDAP_Bind_User_DN'" -w "'$LDAP_Bind_User_Password'" -b "'$LDAP_SearchBase'" "(&(objectClass=group)(cn='$LDAP_Groupname_ZabbixSuperAdmin_for_Sync'))" o member' echo 'LDAPTLS_REQCERT=never ldapsearch -x -H '$LDAP_Source_URL' -D "'$LDAP_Bind_User_DN'" -w "'$LDAP_Bind_User_Password'" -b "'$LDAP_SearchBase'" "(&(objectClass=group)(cn='$LDAP_Groupname_for_Sync'))" o member'
else else
echo 'LDAPTLS_REQCERT=never ldapsearch -x -H '$LDAP_Source_URL' -D "'$LDAP_Bind_User_DN'" -w "***********" -b "'$LDAP_SearchBase'" "(&(objectClass=group)(cn='$LDAP_Groupname_ZabbixSuperAdmin_for_Sync'))" o member' echo 'LDAPTLS_REQCERT=never ldapsearch -x -H '$LDAP_Source_URL' -D "'$LDAP_Bind_User_DN'" -w "***********" -b "'$LDAP_SearchBase'" "(&(objectClass=group)(cn='$LDAP_Groupname_for_Sync'))" o member'
fi fi
fi fi
# yes, ldapsearch is called twice - first time without grep to catch the exitcode, 2. time to catch the content # yes, ldapsearch is called twice - first time without grep to catch the exitcode, 2. time to catch the content
tempvar=`LDAPTLS_REQCERT=never ldapsearch -x -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "$LDAP_SearchBase" "(&(objectClass=group)(cn=$LDAP_Groupname_ZabbixSuperAdmin_for_Sync))" o member` tempvar=`LDAPTLS_REQCERT=never ldapsearch -x -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "$LDAP_SearchBase" "(&(objectClass=group)(cn=$LDAP_Groupname_for_Sync))" o member`
ldapsearch_exitcode="$?" ldapsearch_exitcode="$?"
if [ "$b_verbose" = "true" ]; then echo "ldapsearch_exitcode: $ldapsearch_exitcode"; fi if [ "$b_verbose" = "true" ]; then echo "ldapsearch_exitcode: $ldapsearch_exitcode"; fi
tempvar=`LDAPTLS_REQCERT=never ldapsearch -x -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "$LDAP_SearchBase" "(&(objectClass=group)(cn=$LDAP_Groupname_ZabbixSuperAdmin_for_Sync))" o member | grep member:` tempvar=`LDAPTLS_REQCERT=never ldapsearch -x -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "$LDAP_SearchBase" "(&(objectClass=group)(cn=$LDAP_Groupname_for_Sync))" o member | grep member:`
fi fi
if [ "$b_verbose" = "true" ]; then if [ "$b_verbose" = "true" ]; then
echo 'Result ldapsearch (with "grep member:" : '"$tempvar" echo 'Result ldapsearch (with "grep member:" : '"$tempvar"
@ -553,7 +509,7 @@ fi
unset LDAP_ARRAY_Members_RAW unset LDAP_ARRAY_Members_RAW
if [ "$b_verbose" = "true" ]; then if [ "$b_verbose" = "true" ]; then
echo "------------------------------------------------------------------------------------------------" echo "------------------------------------------------------------------------------------------------"
echo "Result from STEP 1: Getting all Members from Active Directory / LDAP Group $LDAP_Groupname_ZabbixSuperAdmin_for_Sync" echo "Result from STEP 1: Getting all Members from Active Directory / LDAP Group $LDAP_Groupname_for_Sync"
echo "----+----------------------+----------------------+----------------------+----------------------" echo "----+----------------------+----------------------+----------------------+----------------------"
printf "%-3s | %-20s | %-20s | %-20s | %-20s" "No." "sAMAccountName" "Surname" "Givenname" "Email" printf "%-3s | %-20s | %-20s | %-20s | %-20s" "No." "sAMAccountName" "Surname" "Givenname" "Email"
printf "\n" printf "\n"
@ -625,7 +581,7 @@ if [ "$b_verbose" = "true" ]; then
echo echo
echo "STEP 2: Get Members of Zabbix-LDAP Group" echo "STEP 2: Get Members of Zabbix-LDAP Group"
echo "--------------------------------------------------------------" echo "--------------------------------------------------------------"
echo "Zabbix LDAP Group Name .........: $ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync" echo "Zabbix LDAP Group Name .........: $ZABBIX_Groupname_for_Sync"
echo "Zabbix Disabled User Group Name : $ZABBIX_Disabled_User_Group" echo "Zabbix Disabled User Group Name : $ZABBIX_Disabled_User_Group"
echo "Zabbix API URL .................: $ZABBIX_API_User" echo "Zabbix API URL .................: $ZABBIX_API_User"
echo "Zabbix API User ................: $LDAP_Bind_User_DN" echo "Zabbix API User ................: $LDAP_Bind_User_DN"
@ -633,17 +589,17 @@ if [ "$b_verbose" = "true" ]; then
fi fi
############################################################################################################# #############################################################################################################
# Get UsrGrpIds # Get UsrGrpIds
Print_Status_Text 'determine UsrGrpID of "'$ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync'"' Print_Status_Text 'determine UsrGrpID of "'$ZABBIX_Groupname_for_Sync'"'
if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
declare -a ZABBIX_ARRAY_usrgrpid_RAW declare -a ZABBIX_ARRAY_usrgrpid_RAW
if [ "$b_verbose" = "true" ]; then if [ "$b_verbose" = "true" ]; then
printf 'curl -k -s -X POST -H "Content-Type:application/json" -d ' printf 'curl -k -s -X POST -H "Content-Type:application/json" -d '
printf "'" printf "'"
printf '{"jsonrpc":"2.0","method":"usergroup.get","params":{"filter":{"name":"'$ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync'"},"output":"extend","status":0},"id":42,"auth":"'$ZABBIX_authentication_token'"}' printf '{"jsonrpc":"2.0","method":"usergroup.get","params":{"filter":{"name":"'$ZABBIX_Groupname_for_Sync'"},"output":"extend","status":0},"id":42,"auth":"'$ZABBIX_authentication_token'"}'
printf "'" printf "'"
printf " $ZABBIX_API_URL" printf " $ZABBIX_API_URL"
fi fi
tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc":"2.0","method":"usergroup.get","params":{"filter":{"name":"'$ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync'"},"output":"extend","status":0},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL` tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc":"2.0","method":"usergroup.get","params":{"filter":{"name":"'$ZABBIX_Groupname_for_Sync'"},"output":"extend","status":0},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
if [ "$b_verbose" = "true" ]; then echo $tempvar; fi if [ "$b_verbose" = "true" ]; then echo $tempvar; fi
# The answer is an JSON - we split by the " into an array and search for the wanted values # The answer is an JSON - we split by the " into an array and search for the wanted values
IFS='"' # " is set as delimiter IFS='"' # " is set as delimiter
@ -658,8 +614,8 @@ for (( i=0; i < ${#ZABBIX_ARRAY_usrgrpid_RAW[*]}; i++ )); do
break break
fi fi
done done
Print_Verbose_Text "$ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync" "$ZABBIX_LDAP_Group_UsrGrpId" Print_Verbose_Text "$ZABBIX_Groupname_for_Sync" "$ZABBIX_LDAP_Group_UsrGrpId"
if [ "$b_verbose" = "true" ]; then Print_Status_Text 'determine UsrGrpID of "'$ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync'"'; fi if [ "$b_verbose" = "true" ]; then Print_Status_Text 'determine UsrGrpID of "'$ZABBIX_Groupname_for_Sync'"'; fi
Print_Status_Done "done" $GREEN Print_Status_Done "done" $GREEN
tempvar="" tempvar=""
Print_Status_Text 'determine UsrGrpID of "'$ZABBIX_Disabled_User_Group'"' Print_Status_Text 'determine UsrGrpID of "'$ZABBIX_Disabled_User_Group'"'
@ -683,7 +639,7 @@ tempvar=""
unset ZABBIX_ARRAY_usrgrpid_RAW unset ZABBIX_ARRAY_usrgrpid_RAW
############################################################################################################# #############################################################################################################
# Get alias and userid of the Zabbix Group Members # Get alias and userid of the Zabbix Group Members
Print_Status_Text 'determine alias and userid for Members of "'$ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync'"' Print_Status_Text 'determine alias and userid for Members of "'$ZABBIX_Groupname_for_Sync'"'
if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
declare -a ZABBIX_ARRAY_LDAP_GroupMember_alias declare -a ZABBIX_ARRAY_LDAP_GroupMember_alias
@ -719,12 +675,12 @@ for (( i=0; i < ${#ZABBIX_ARRAY_LDAP_GroupMember_RAW[*]}; i++ )); do
#printf "." #printf "."
fi fi
done done
if [ "$b_verbose" = "true" ]; then Print_Status_Text 'determine alias and userid for Members of "'$ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync'"'; fi if [ "$b_verbose" = "true" ]; then Print_Status_Text 'determine alias and userid for Members of "'$ZABBIX_Groupname_for_Sync'"'; fi
Print_Status_Done "done" $GREEN Print_Status_Done "done" $GREEN
unset ZABBIX_ARRAY_LDAP_GroupMember_RAW unset ZABBIX_ARRAY_LDAP_GroupMember_RAW
if [ "$b_verbose" = "true" ]; then if [ "$b_verbose" = "true" ]; then
echo "------------------------------------------------------------------------------------------------" echo "------------------------------------------------------------------------------------------------"
echo "Result from STEP 2: Get Members of Zabbix-LDAP Group $ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync" echo "Result from STEP 2: Get Members of Zabbix-LDAP Group $ZABBIX_Groupname_for_Sync"
echo "----+----------------------+----------------------+----------------------+----------------------" echo "----+----------------------+----------------------+----------------------+----------------------"
printf "%-3s | %-20s | %-20s | %-20s | %-20s" "No." "Alias" "UserId" " " " " printf "%-3s | %-20s | %-20s | %-20s | %-20s" "No." "Alias" "UserId" " " " "
printf "\n" printf "\n"
@ -751,8 +707,8 @@ if [ "$b_verbose" = "true" ]; then
echo echo
echo "STEP 3: Compare Groups for changes" echo "STEP 3: Compare Groups for changes"
echo "--------------------------------------------------------------" echo "--------------------------------------------------------------"
echo "AD / LDAP Group Name ...........: $LDAP_Groupname_ZabbixSuperAdmin_for_Sync" echo "AD / LDAP Group Name ...........: $LDAP_Groupname_for_Sync"
echo "Zabbix LDAP Group Name .........: $ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync" echo "Zabbix LDAP Group Name .........: $ZABBIX_Groupname_for_Sync"
echo "--------------------------------------------------------------" echo "--------------------------------------------------------------"
fi fi
b_Must_Sync_Users="false" b_Must_Sync_Users="false"
@ -846,12 +802,10 @@ if [ "$b_Must_Sync_Users" = "true" ]; then
if [ "${ZABBIX_ARRAY_AllUser_RAW[$i]}" = "userid" ]; then if [ "${ZABBIX_ARRAY_AllUser_RAW[$i]}" = "userid" ]; then
i=$(($i + 2)) i=$(($i + 2))
ZABBIX_ARRAY_AllUser_userid+=("${ZABBIX_ARRAY_AllUser_RAW[$i]}") ZABBIX_ARRAY_AllUser_userid+=("${ZABBIX_ARRAY_AllUser_RAW[$i]}")
printf "."
fi fi
if [ "${ZABBIX_ARRAY_AllUser_RAW[$i]}" = "alias" ]; then if [ "${ZABBIX_ARRAY_AllUser_RAW[$i]}" = "alias" ]; then
i=$(($i + 2)) i=$(($i + 2))
ZABBIX_ARRAY_AllUser_alias+=("${ZABBIX_ARRAY_AllUser_RAW[$i]}") ZABBIX_ARRAY_AllUser_alias+=("${ZABBIX_ARRAY_AllUser_RAW[$i]}")
printf "."
fi fi
done done
unset ZABBIX_ARRAY_AllUser_RAW unset ZABBIX_ARRAY_AllUser_RAW
@ -1024,14 +978,17 @@ if [ "$b_Must_Sync_Users" = "true" ]; then
done done
echo "----------------------------------------------------------------------------------------------------------------------" echo "----------------------------------------------------------------------------------------------------------------------"
fi fi
else
Print_Status_Text "STEP 6: Create needed $i_CounterNewUsers new Zabbix-User"
Print_Status_Done "skipped" $GREEN
fi fi
############################################################################################################# #############################################################################################################
Print_Status_Text "STEP 7: Replace Members of Group $ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync" Print_Status_Text "STEP 7: Replace Members of Group $ZABBIX_Groupname_for_Sync"
if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
if [ "$b_verbose" = "true" ]; then if [ "$b_verbose" = "true" ]; then
echo "--------------------------------------------------------------" echo "--------------------------------------------------------------"
echo "STEP 7: Replace Members of Group $ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync" echo "STEP 7: Replace Members of Group $ZABBIX_Groupname_for_Sync"
fi fi
tempvar="" tempvar=""
list_of_userids="" list_of_userids=""
@ -1041,7 +998,7 @@ if [ "$b_Must_Sync_Users" = "true" ]; then
done done
# maybe the list is empty! So we have to check # maybe the list is empty! So we have to check
if [ "$list_of_userids" != "" ]; then list_of_userids=${list_of_userids::-1}; fi if [ "$list_of_userids" != "" ]; then list_of_userids=${list_of_userids::-1}; fi
if [ "$b_verbose" = "true" ]; then printf "Update Zabbix Group $ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync via API (Replace)"; fi if [ "$b_verbose" = "true" ]; then printf "Update Zabbix Group $ZABBIX_Groupname_for_Sync via API (Replace)"; fi
if [ "$b_verbose" = "true" ]; then if [ "$b_verbose" = "true" ]; then
printf 'curl -k -s -X POST -H "Content-Type:application/json" -d ' printf 'curl -k -s -X POST -H "Content-Type:application/json" -d '
printf "'" printf "'"
@ -1051,7 +1008,7 @@ if [ "$b_Must_Sync_Users" = "true" ]; then
fi fi
tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"usergroup.update","params":{"usrgrpid":"'$ZABBIX_LDAP_Group_UsrGrpId'","userids":['$list_of_userids']},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL` tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"usergroup.update","params":{"usrgrpid":"'$ZABBIX_LDAP_Group_UsrGrpId'","userids":['$list_of_userids']},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
if [ "$b_verbose" = "true" ]; then echo $tempvar; fi if [ "$b_verbose" = "true" ]; then echo $tempvar; fi
if [ "$b_verbose" = "true" ]; then Print_Status_Text "STEP 7: Replace Members of Group $ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync"; fi if [ "$b_verbose" = "true" ]; then Print_Status_Text "STEP 7: Replace Members of Group $ZABBIX_Groupname_for_Sync"; fi
Print_Status_Done "done" $GREEN Print_Status_Done "done" $GREEN
############################################################################################################# #############################################################################################################
@ -1154,11 +1111,11 @@ if [ "$b_Must_Sync_Users" = "true" ]; then
if [ "$b_verbose" = "true" ]; then Print_Status_Text "STEP 10: Replace Members of Group $ZABBIX_Disabled_User_Group"; fi if [ "$b_verbose" = "true" ]; then Print_Status_Text "STEP 10: Replace Members of Group $ZABBIX_Disabled_User_Group"; fi
Print_Status_Done "done" $GREEN Print_Status_Done "done" $GREEN
############################################################################################################# #############################################################################################################
Print_Status_Text "STEP 11: Replace Members of Group $ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync (2. Time)" Print_Status_Text "STEP 11: Replace Members of Group $ZABBIX_Groupname_for_Sync (2. Time)"
if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
if [ "$b_verbose" = "true" ]; then if [ "$b_verbose" = "true" ]; then
echo "--------------------------------------------------------------" echo "--------------------------------------------------------------"
echo "STEP 11: Replace Members of Group $ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync (2. Time)" echo "STEP 11: Replace Members of Group $ZABBIX_Groupname_for_Sync (2. Time)"
fi fi
# we have to do this twice if we move user between enabled and disabled and they are only in the Zabbix-LDAP-Group - they must be in one Group!" # we have to do this twice if we move user between enabled and disabled and they are only in the Zabbix-LDAP-Group - they must be in one Group!"
# If a user is a now a member of the deactivated user group we can now remove the user from the Zabbix-LDAP-Group # If a user is a now a member of the deactivated user group we can now remove the user from the Zabbix-LDAP-Group
@ -1171,7 +1128,7 @@ if [ "$b_Must_Sync_Users" = "true" ]; then
# maybe the list is empty! So we have to check # maybe the list is empty! So we have to check
if [ "$list_of_userids" != "" ]; then list_of_userids=${list_of_userids::-1}; fi if [ "$list_of_userids" != "" ]; then list_of_userids=${list_of_userids::-1}; fi
tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"usergroup.update","params":{"usrgrpid":"'$ZABBIX_LDAP_Group_UsrGrpId'","userids":['$list_of_userids']},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL` tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"usergroup.update","params":{"usrgrpid":"'$ZABBIX_LDAP_Group_UsrGrpId'","userids":['$list_of_userids']},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
if [ "$b_verbose" = "true" ]; then Print_Status_Text "STEP 11: Replace Members of Group $ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync (2. Time)"; fi if [ "$b_verbose" = "true" ]; then Print_Status_Text "STEP 11: Replace Members of Group $ZABBIX_Groupname_for_Sync (2. Time)"; fi
Print_Status_Done "done" $GREEN Print_Status_Done "done" $GREEN
else else
Print_Status_Text "STEP 3: Compare Groups for changes" Print_Status_Text "STEP 3: Compare Groups for changes"