Final Version 1.1
This commit is contained in:
parent
318b19a5ff
commit
cd128aee46
20
config.sh
20
config.sh
@ -24,21 +24,13 @@ LDAP_Ignore_SSL_Certificate="true"
|
|||||||
LDAP_Bind_User_DN="CN=ldapSearch,OU=MyUsers,DC=mydomain,DC=local"
|
LDAP_Bind_User_DN="CN=ldapSearch,OU=MyUsers,DC=mydomain,DC=local"
|
||||||
# the passwort og the user (should be marked as never changed)
|
# the passwort og the user (should be marked as never changed)
|
||||||
# Please avoid special chars which were use in bash like $`´'"\/<>()[]^
|
# Please avoid special chars which were use in bash like $`´'"\/<>()[]^
|
||||||
LDAP_Bind_User_Password="9qA3XB1r.##Xr2+7c1HP--!pq"
|
LDAP_Bind_User_Password="9qA3XB1r##Xr27c1HPpq"
|
||||||
# Searchbase - your Domain name or specify OU
|
# Searchbase - your Domain name or specify OU
|
||||||
LDAP_SearchBase="DC=znil,DC=local"
|
LDAP_SearchBase="DC=exampledomain,DC=local"
|
||||||
|
|
||||||
# Name of Groups in LDAP (Active-Directory) and in Zabbix for Sync with Zabbix
|
# Name of Groups in LDAP (Active-Directory) and in Zabbix for Sync with Zabbix
|
||||||
# if you do not want do use one of these groups set both groupnames to "skip" or comment out these lines
|
ZABBIX_Groupname_for_Sync="Zabbix-Super-Admin"
|
||||||
# Will be created as User Type "Zabbix Super Admin" (default)
|
ZABBIX_Groupname_for_Sync="LDAP-SuperAdmin"
|
||||||
LDAP_Groupname_ZabbixSuperAdmin_for_Sync="Zabbix-Super-Admin"
|
|
||||||
ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync="LDAP-SuperAdmin"
|
|
||||||
# Will be created as User Type "Zabbix Admin" (default)
|
|
||||||
LDAP_Groupname_ZabbixAdmin_for_Sync="Zabbix-Admin"
|
|
||||||
ZABBIX_Groupname_ZabbixAdmin_for_Sync="LDAP-Admin"
|
|
||||||
# Will be created as User Type "Zabbix User" (default)
|
|
||||||
LDAP_Groupname_ZabbixUser_for_Sync="Zabbix-User"
|
|
||||||
ZABBIX_Groupname_ZabbixUser_for_Sync="LDAP-User"
|
|
||||||
|
|
||||||
# When you remove an user from the LDAP-Group, the user will moved in this group which is "Not enabled" = Disabled and Frontend access is "disabled"
|
# When you remove an user from the LDAP-Group, the user will moved in this group which is "Not enabled" = Disabled and Frontend access is "disabled"
|
||||||
ZABBIX_Disabled_User_Group="Disabled"
|
ZABBIX_Disabled_User_Group="Disabled"
|
||||||
@ -55,9 +47,7 @@ ZABBIX_API_Password="strongpassword73#"
|
|||||||
# 1 - (default) Zabbix user;
|
# 1 - (default) Zabbix user;
|
||||||
# 2 - Zabbix admin;
|
# 2 - Zabbix admin;
|
||||||
# 3 - Zabbix super admin.
|
# 3 - Zabbix super admin.
|
||||||
ZABBIX_UserType_User=1
|
ZABBIX_UserType_User=3
|
||||||
ZABBIX_UserType_Admin=2
|
|
||||||
ZABBIX_UserType_SuperAdmin=3
|
|
||||||
|
|
||||||
# Zabbix Media Type Id
|
# Zabbix Media Type Id
|
||||||
# At new Installation:
|
# At new Installation:
|
||||||
|
@ -1,8 +1,8 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
#############################################################################################################
|
#############################################################################################################
|
||||||
# Script Name ...: zabbix-ldap-sync.sh
|
# Script Name ...: zabbix-ldap-sync.sh
|
||||||
# Version .......: V1.0
|
# Version .......: V1.1
|
||||||
# Date ..........: 09.04.2020
|
# Date ..........: 14.04.2020
|
||||||
# Description....: Synchronise Members of a Actice Directory Group with Zabbix via API
|
# Description....: Synchronise Members of a Actice Directory Group with Zabbix via API
|
||||||
# User wich are removed will be deactivated
|
# User wich are removed will be deactivated
|
||||||
# Args ..........:
|
# Args ..........:
|
||||||
@ -11,7 +11,7 @@
|
|||||||
# Email Private : Bernhard@znil.de
|
# Email Private : Bernhard@znil.de
|
||||||
#############################################################################################################
|
#############################################################################################################
|
||||||
# Variables
|
# Variables
|
||||||
Script_Version="V1.0 (2020-04-01)"
|
Script_Version="V1.1 (2020-04-14)"
|
||||||
# Colors for printf and echo
|
# Colors for printf and echo
|
||||||
DEFAULT_FOREGROUND=39
|
DEFAULT_FOREGROUND=39
|
||||||
RED=31
|
RED=31
|
||||||
@ -182,6 +182,8 @@ while [[ $# -gt 0 ]]; do
|
|||||||
done
|
done
|
||||||
if [ "$b_Unknown_Parameter" = "true" ]; then
|
if [ "$b_Unknown_Parameter" = "true" ]; then
|
||||||
# ToDo: Create Help text
|
# ToDo: Create Help text
|
||||||
|
echo "Parameter error - print help"
|
||||||
|
echo "In Future here will be some helping text"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
#############################################################################################################
|
#############################################################################################################
|
||||||
@ -266,53 +268,21 @@ fi
|
|||||||
####################################################################################################
|
####################################################################################################
|
||||||
if ! [ -z ${LDAP_SearchBase+x} ]; then Print_Verbose_Text "LDAP_SearchBase" "${LDAP_SearchBase}"; else Print_Error "Missing LDAP_SearchBase"; fi
|
if ! [ -z ${LDAP_SearchBase+x} ]; then Print_Verbose_Text "LDAP_SearchBase" "${LDAP_SearchBase}"; else Print_Error "Missing LDAP_SearchBase"; fi
|
||||||
####################################################################################################
|
####################################################################################################
|
||||||
if ! [ -z ${LDAP_Groupname_ZabbixSuperAdmin_for_Sync+x} ]; then
|
if ! [ -z ${LDAP_Groupname_for_Sync+x} ]; then
|
||||||
Print_Verbose_Text "LDAP_Groupname_ZabbixSuperAdmin_for_Sync" "${LDAP_Groupname_ZabbixSuperAdmin_for_Sync}"
|
Print_Verbose_Text "LDAP_Groupname_for_Sync" "${LDAP_Groupname_for_Sync}"
|
||||||
else
|
else
|
||||||
LDAP_Groupname_ZabbixSuperAdmin_for_Sync="skip"
|
LDAP_Groupname_for_Sync="skip"
|
||||||
Print_Verbose_Text "LDAP_Groupname_ZabbixSuperAdmin_for_Sync" "skip sync"
|
Print_Verbose_Text "LDAP_Groupname_for_Sync" "skip sync"
|
||||||
fi
|
fi
|
||||||
if [ "$LDAP_Groupname_ZabbixSuperAdmin_for_Sync" = "skip" ]; then Print_Verbose_Text "LDAP_Groupname_ZabbixSuperAdmin_for_Sync" "skip sync"; fi
|
if [ "$LDAP_Groupname_for_Sync" = "skip" ]; then Print_Verbose_Text "LDAP_Groupname_for_Sync" "skip sync"; fi
|
||||||
####################################################################################################
|
####################################################################################################
|
||||||
if ! [ -z ${ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync+x} ]; then
|
if ! [ -z ${ZABBIX_Groupname_for_Sync+x} ]; then
|
||||||
Print_Verbose_Text "ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync" "${ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync}"
|
Print_Verbose_Text "ZABBIX_Groupname_for_Sync" "${ZABBIX_Groupname_for_Sync}"
|
||||||
else
|
else
|
||||||
ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync="skip"
|
ZABBIX_Groupname_for_Sync="skip"
|
||||||
Print_Verbose_Text "ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync" "skip sync"
|
Print_Verbose_Text "ZABBIX_Groupname_for_Sync" "skip sync"
|
||||||
fi
|
fi
|
||||||
if [ "$ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync" = "skip" ]; then Print_Verbose_Text "ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync" "skip sync"; fi
|
if [ "$ZABBIX_Groupname_for_Sync" = "skip" ]; then Print_Verbose_Text "ZABBIX_Groupname_for_Sync" "skip sync"; fi
|
||||||
####################################################################################################
|
|
||||||
if ! [ -z ${LDAP_Groupname_ZabbixAdmin_for_Sync+x} ]; then
|
|
||||||
Print_Verbose_Text "LDAP_Groupname_ZabbixAdmin_for_Sync" "${LDAP_Groupname_ZabbixAdmin_for_Sync}"
|
|
||||||
else
|
|
||||||
LDAP_Groupname_ZabbixAdmin_for_Sync="skip"
|
|
||||||
Print_Verbose_Text "LDAP_Groupname_ZabbixAdmin_for_Sync" "skip sync"
|
|
||||||
fi
|
|
||||||
if [ "$LDAP_Groupname_ZabbixAdmin_for_Sync" = "skip" ]; then Print_Verbose_Text "LDAP_Groupname_ZabbixAdmin_for_Sync" "skip sync"; fi
|
|
||||||
####################################################################################################
|
|
||||||
if ! [ -z ${ZABBIX_Groupname_ZabbixAdmin_for_Sync+x} ]; then
|
|
||||||
Print_Verbose_Text "ZABBIX_Groupname_ZabbixAdmin_for_Sync" "${ZABBIX_Groupname_ZabbixAdmin_for_Sync}"
|
|
||||||
else
|
|
||||||
ZABBIX_Groupname_ZabbixAdmin_for_Sync="skip"
|
|
||||||
Print_Verbose_Text "ZABBIX_Groupname_ZabbixAdmin_for_Sync" "skip sync"
|
|
||||||
fi
|
|
||||||
if [ "$ZABBIX_Groupname_ZabbixAdmin_for_Sync" = "skip" ]; then Print_Verbose_Text "ZABBIX_Groupname_ZabbixAdmin_for_Sync" "skip sync"; fi
|
|
||||||
####################################################################################################
|
|
||||||
if ! [ -z ${LDAP_Groupname_ZabbixUser_for_Sync+x} ]; then
|
|
||||||
Print_Verbose_Text "LDAP_Groupname_ZabbixUser_for_Sync" "${LDAP_Groupname_ZabbixUser_for_Sync}"
|
|
||||||
else
|
|
||||||
LDAP_Groupname_ZabbixUser_for_Sync="skip"
|
|
||||||
Print_Verbose_Text "LDAP_Groupname_ZabbixUser_for_Sync" "skip sync"
|
|
||||||
fi
|
|
||||||
if [ "$LDAP_Groupname_ZabbixUser_for_Sync" = "skip" ]; then Print_Verbose_Text "LDAP_Groupname_ZabbixUser_for_Sync" "skip sync"; fi
|
|
||||||
####################################################################################################
|
|
||||||
if ! [ -z ${ZABBIX_Groupname_ZabbixUser_for_Sync+x} ]; then
|
|
||||||
Print_Verbose_Text "ZABBIX_Groupname_ZabbixUser_for_Sync" "${ZABBIX_Groupname_ZabbixUser_for_Sync}"
|
|
||||||
else
|
|
||||||
ZABBIX_Groupname_ZabbixUser_for_Sync="skip"
|
|
||||||
Print_Verbose_Text "ZABBIX_Groupname_ZabbixUser_for_Sync" "skip sync"
|
|
||||||
fi
|
|
||||||
if [ "$ZABBIX_Groupname_ZabbixUser_for_Sync" = "skip" ]; then Print_Verbose_Text "ZABBIX_Groupname_ZabbixUser_for_Sync" "skip sync"; fi
|
|
||||||
####################################################################################################
|
####################################################################################################
|
||||||
if ! [ -z ${ZABBIX_Disabled_User_Group+x} ]; then
|
if ! [ -z ${ZABBIX_Disabled_User_Group+x} ]; then
|
||||||
Print_Verbose_Text "ZABBIX_Disabled_User_Group" "${ZABBIX_Disabled_User_Group}"
|
Print_Verbose_Text "ZABBIX_Disabled_User_Group" "${ZABBIX_Disabled_User_Group}"
|
||||||
@ -343,20 +313,6 @@ else
|
|||||||
Print_Verbose_Text "ZABBIX_UserType_User (using Default Value)" "${ZABBIX_UserType_User}"
|
Print_Verbose_Text "ZABBIX_UserType_User (using Default Value)" "${ZABBIX_UserType_User}"
|
||||||
fi
|
fi
|
||||||
####################################################################################################
|
####################################################################################################
|
||||||
if ! [ -z ${ZABBIX_UserType_Admin+x} ]; then
|
|
||||||
Print_Verbose_Text "ZABBIX_UserType_Admin" "${ZABBIX_UserType_Admin}"
|
|
||||||
else
|
|
||||||
ZABBIX_UserType_Admin=1
|
|
||||||
Print_Verbose_Text "ZABBIX_UserType_Admin (using Default Value)" "${ZABBIX_UserType_Admin}"
|
|
||||||
fi
|
|
||||||
####################################################################################################
|
|
||||||
if ! [ -z ${ZABBIX_UserType_SuperAdmin+x} ]; then
|
|
||||||
Print_Verbose_Text "ZABBIX_UserType_SuperAdmin" "${ZABBIX_UserType_SuperAdmin}"
|
|
||||||
else
|
|
||||||
ZABBIX_UserType_SuperAdmin=1
|
|
||||||
Print_Verbose_Text "ZABBIX_UserType_SuperAdmin (using Default Value)" "${ZABBIX_UserType_SuperAdmin}"
|
|
||||||
fi
|
|
||||||
####################################################################################################
|
|
||||||
if ! [ -z ${ZABBIX_MediaTypeID+x} ]; then
|
if ! [ -z ${ZABBIX_MediaTypeID+x} ]; then
|
||||||
Print_Verbose_Text "ZABBIX_MediaTypeID" "${ZABBIX_MediaTypeID}"
|
Print_Verbose_Text "ZABBIX_MediaTypeID" "${ZABBIX_MediaTypeID}"
|
||||||
else
|
else
|
||||||
@ -389,10 +345,10 @@ if [ "$b_verbose" = "true" ]; then
|
|||||||
echo
|
echo
|
||||||
echo "STEP 1: Getting all Members from Active Directory / LDAP Group"
|
echo "STEP 1: Getting all Members from Active Directory / LDAP Group"
|
||||||
echo "--------------------------------------------------------------"
|
echo "--------------------------------------------------------------"
|
||||||
echo "Group Name ......: $LDAP_Groupname_ZabbixSuperAdmin_for_Sync"
|
echo "Group Name SuperAdmin : $LDAP_Groupname_for_Sync"
|
||||||
echo "LDAP Server .....: $LDAP_Source_URL"
|
echo "LDAP Server ..........: $LDAP_Source_URL"
|
||||||
echo "LDAP User .......: $LDAP_Bind_User_DN"
|
echo "LDAP User ............: $LDAP_Bind_User_DN"
|
||||||
echo "LDAP Search Base : $LDAP_SearchBase"
|
echo "LDAP Search Base .....: $LDAP_SearchBase"
|
||||||
echo "--------------------------------------------------------------"
|
echo "--------------------------------------------------------------"
|
||||||
echo "running ldapsearch:"
|
echo "running ldapsearch:"
|
||||||
fi
|
fi
|
||||||
@ -400,30 +356,30 @@ if [ LDAP_Ignore_SSL_Certificate = "false" ]; then
|
|||||||
# normal ldapsearch call
|
# normal ldapsearch call
|
||||||
if [ "$b_verbose" = "true" ]; then
|
if [ "$b_verbose" = "true" ]; then
|
||||||
if [ "$b_showpasswords" = "true" ]; then
|
if [ "$b_showpasswords" = "true" ]; then
|
||||||
echo 'ldapsearch -x -H '$LDAP_Source_URL' -D "'$LDAP_Bind_User_DN'" -w "'$LDAP_Bind_User_Password'" -b "'$LDAP_SearchBase'" "(&(objectClass=group)(cn="'$LDAP_Groupname_ZabbixSuperAdmin_for_Sync'"))"'
|
echo 'ldapsearch -x -H '$LDAP_Source_URL' -D "'$LDAP_Bind_User_DN'" -w "'$LDAP_Bind_User_Password'" -b "'$LDAP_SearchBase'" "(&(objectClass=group)(cn="'$LDAP_Groupname_for_Sync'"))"'
|
||||||
else
|
else
|
||||||
echo 'ldapsearch -x -H '$LDAP_Source_URL' -D "'$LDAP_Bind_User_DN'" -w "***********" -b "'$LDAP_SearchBase'" "(&(objectClass=group)(cn="'$LDAP_Groupname_ZabbixSuperAdmin_for_Sync'"))"'
|
echo 'ldapsearch -x -H '$LDAP_Source_URL' -D "'$LDAP_Bind_User_DN'" -w "***********" -b "'$LDAP_SearchBase'" "(&(objectClass=group)(cn="'$LDAP_Groupname_for_Sync'"))"'
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
# yes, ldapsearch is called twice - first time without grep to catch the exitcode, 2. time to catch the content
|
# yes, ldapsearch is called twice - first time without grep to catch the exitcode, 2. time to catch the content
|
||||||
tempvar=`ldapsearch -x -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "$LDAP_SearchBase" "(&(objectClass=group)(cn=$LDAP_Groupname_ZabbixSuperAdmin_for_Sync))" o member`
|
tempvar=`ldapsearch -x -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "$LDAP_SearchBase" "(&(objectClass=group)(cn=$LDAP_Groupname_for_Sync))" o member`
|
||||||
ldapsearch_exitcode="$?"
|
ldapsearch_exitcode="$?"
|
||||||
if [ "$b_verbose" = "true" ]; then echo "ldapsearch_exitcode: $ldapsearch_exitcode"; fi
|
if [ "$b_verbose" = "true" ]; then echo "ldapsearch_exitcode: $ldapsearch_exitcode"; fi
|
||||||
tempvar=`ldapsearch -x -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "$LDAP_SearchBase" "(&(objectClass=group)(cn=$LDAP_Groupname_ZabbixSuperAdmin_for_Sync))" o member | grep member:`
|
tempvar=`ldapsearch -x -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "$LDAP_SearchBase" "(&(objectClass=group)(cn=$LDAP_Groupname_for_Sync))" o member | grep member:`
|
||||||
else
|
else
|
||||||
# ignore SSL ldapsearch
|
# ignore SSL ldapsearch
|
||||||
if [ "$b_verbose" = "true" ]; then
|
if [ "$b_verbose" = "true" ]; then
|
||||||
if [ "$b_showpasswords" = "true" ]; then
|
if [ "$b_showpasswords" = "true" ]; then
|
||||||
echo 'LDAPTLS_REQCERT=never ldapsearch -x -H '$LDAP_Source_URL' -D "'$LDAP_Bind_User_DN'" -w "'$LDAP_Bind_User_Password'" -b "'$LDAP_SearchBase'" "(&(objectClass=group)(cn='$LDAP_Groupname_ZabbixSuperAdmin_for_Sync'))" o member'
|
echo 'LDAPTLS_REQCERT=never ldapsearch -x -H '$LDAP_Source_URL' -D "'$LDAP_Bind_User_DN'" -w "'$LDAP_Bind_User_Password'" -b "'$LDAP_SearchBase'" "(&(objectClass=group)(cn='$LDAP_Groupname_for_Sync'))" o member'
|
||||||
else
|
else
|
||||||
echo 'LDAPTLS_REQCERT=never ldapsearch -x -H '$LDAP_Source_URL' -D "'$LDAP_Bind_User_DN'" -w "***********" -b "'$LDAP_SearchBase'" "(&(objectClass=group)(cn='$LDAP_Groupname_ZabbixSuperAdmin_for_Sync'))" o member'
|
echo 'LDAPTLS_REQCERT=never ldapsearch -x -H '$LDAP_Source_URL' -D "'$LDAP_Bind_User_DN'" -w "***********" -b "'$LDAP_SearchBase'" "(&(objectClass=group)(cn='$LDAP_Groupname_for_Sync'))" o member'
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
# yes, ldapsearch is called twice - first time without grep to catch the exitcode, 2. time to catch the content
|
# yes, ldapsearch is called twice - first time without grep to catch the exitcode, 2. time to catch the content
|
||||||
tempvar=`LDAPTLS_REQCERT=never ldapsearch -x -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "$LDAP_SearchBase" "(&(objectClass=group)(cn=$LDAP_Groupname_ZabbixSuperAdmin_for_Sync))" o member`
|
tempvar=`LDAPTLS_REQCERT=never ldapsearch -x -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "$LDAP_SearchBase" "(&(objectClass=group)(cn=$LDAP_Groupname_for_Sync))" o member`
|
||||||
ldapsearch_exitcode="$?"
|
ldapsearch_exitcode="$?"
|
||||||
if [ "$b_verbose" = "true" ]; then echo "ldapsearch_exitcode: $ldapsearch_exitcode"; fi
|
if [ "$b_verbose" = "true" ]; then echo "ldapsearch_exitcode: $ldapsearch_exitcode"; fi
|
||||||
tempvar=`LDAPTLS_REQCERT=never ldapsearch -x -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "$LDAP_SearchBase" "(&(objectClass=group)(cn=$LDAP_Groupname_ZabbixSuperAdmin_for_Sync))" o member | grep member:`
|
tempvar=`LDAPTLS_REQCERT=never ldapsearch -x -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "$LDAP_SearchBase" "(&(objectClass=group)(cn=$LDAP_Groupname_for_Sync))" o member | grep member:`
|
||||||
fi
|
fi
|
||||||
if [ "$b_verbose" = "true" ]; then
|
if [ "$b_verbose" = "true" ]; then
|
||||||
echo 'Result ldapsearch (with "grep member:" : '"$tempvar"
|
echo 'Result ldapsearch (with "grep member:" : '"$tempvar"
|
||||||
@ -553,7 +509,7 @@ fi
|
|||||||
unset LDAP_ARRAY_Members_RAW
|
unset LDAP_ARRAY_Members_RAW
|
||||||
if [ "$b_verbose" = "true" ]; then
|
if [ "$b_verbose" = "true" ]; then
|
||||||
echo "------------------------------------------------------------------------------------------------"
|
echo "------------------------------------------------------------------------------------------------"
|
||||||
echo "Result from STEP 1: Getting all Members from Active Directory / LDAP Group $LDAP_Groupname_ZabbixSuperAdmin_for_Sync"
|
echo "Result from STEP 1: Getting all Members from Active Directory / LDAP Group $LDAP_Groupname_for_Sync"
|
||||||
echo "----+----------------------+----------------------+----------------------+----------------------"
|
echo "----+----------------------+----------------------+----------------------+----------------------"
|
||||||
printf "%-3s | %-20s | %-20s | %-20s | %-20s" "No." "sAMAccountName" "Surname" "Givenname" "Email"
|
printf "%-3s | %-20s | %-20s | %-20s | %-20s" "No." "sAMAccountName" "Surname" "Givenname" "Email"
|
||||||
printf "\n"
|
printf "\n"
|
||||||
@ -625,7 +581,7 @@ if [ "$b_verbose" = "true" ]; then
|
|||||||
echo
|
echo
|
||||||
echo "STEP 2: Get Members of Zabbix-LDAP Group"
|
echo "STEP 2: Get Members of Zabbix-LDAP Group"
|
||||||
echo "--------------------------------------------------------------"
|
echo "--------------------------------------------------------------"
|
||||||
echo "Zabbix LDAP Group Name .........: $ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync"
|
echo "Zabbix LDAP Group Name .........: $ZABBIX_Groupname_for_Sync"
|
||||||
echo "Zabbix Disabled User Group Name : $ZABBIX_Disabled_User_Group"
|
echo "Zabbix Disabled User Group Name : $ZABBIX_Disabled_User_Group"
|
||||||
echo "Zabbix API URL .................: $ZABBIX_API_User"
|
echo "Zabbix API URL .................: $ZABBIX_API_User"
|
||||||
echo "Zabbix API User ................: $LDAP_Bind_User_DN"
|
echo "Zabbix API User ................: $LDAP_Bind_User_DN"
|
||||||
@ -633,17 +589,17 @@ if [ "$b_verbose" = "true" ]; then
|
|||||||
fi
|
fi
|
||||||
#############################################################################################################
|
#############################################################################################################
|
||||||
# Get UsrGrpIds
|
# Get UsrGrpIds
|
||||||
Print_Status_Text 'determine UsrGrpID of "'$ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync'"'
|
Print_Status_Text 'determine UsrGrpID of "'$ZABBIX_Groupname_for_Sync'"'
|
||||||
if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
|
if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
|
||||||
declare -a ZABBIX_ARRAY_usrgrpid_RAW
|
declare -a ZABBIX_ARRAY_usrgrpid_RAW
|
||||||
if [ "$b_verbose" = "true" ]; then
|
if [ "$b_verbose" = "true" ]; then
|
||||||
printf 'curl -k -s -X POST -H "Content-Type:application/json" -d '
|
printf 'curl -k -s -X POST -H "Content-Type:application/json" -d '
|
||||||
printf "'"
|
printf "'"
|
||||||
printf '{"jsonrpc":"2.0","method":"usergroup.get","params":{"filter":{"name":"'$ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync'"},"output":"extend","status":0},"id":42,"auth":"'$ZABBIX_authentication_token'"}'
|
printf '{"jsonrpc":"2.0","method":"usergroup.get","params":{"filter":{"name":"'$ZABBIX_Groupname_for_Sync'"},"output":"extend","status":0},"id":42,"auth":"'$ZABBIX_authentication_token'"}'
|
||||||
printf "'"
|
printf "'"
|
||||||
printf " $ZABBIX_API_URL"
|
printf " $ZABBIX_API_URL"
|
||||||
fi
|
fi
|
||||||
tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc":"2.0","method":"usergroup.get","params":{"filter":{"name":"'$ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync'"},"output":"extend","status":0},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
|
tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc":"2.0","method":"usergroup.get","params":{"filter":{"name":"'$ZABBIX_Groupname_for_Sync'"},"output":"extend","status":0},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
|
||||||
if [ "$b_verbose" = "true" ]; then echo $tempvar; fi
|
if [ "$b_verbose" = "true" ]; then echo $tempvar; fi
|
||||||
# The answer is an JSON - we split by the " into an array and search for the wanted values
|
# The answer is an JSON - we split by the " into an array and search for the wanted values
|
||||||
IFS='"' # " is set as delimiter
|
IFS='"' # " is set as delimiter
|
||||||
@ -658,8 +614,8 @@ for (( i=0; i < ${#ZABBIX_ARRAY_usrgrpid_RAW[*]}; i++ )); do
|
|||||||
break
|
break
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
Print_Verbose_Text "$ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync" "$ZABBIX_LDAP_Group_UsrGrpId"
|
Print_Verbose_Text "$ZABBIX_Groupname_for_Sync" "$ZABBIX_LDAP_Group_UsrGrpId"
|
||||||
if [ "$b_verbose" = "true" ]; then Print_Status_Text 'determine UsrGrpID of "'$ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync'"'; fi
|
if [ "$b_verbose" = "true" ]; then Print_Status_Text 'determine UsrGrpID of "'$ZABBIX_Groupname_for_Sync'"'; fi
|
||||||
Print_Status_Done "done" $GREEN
|
Print_Status_Done "done" $GREEN
|
||||||
tempvar=""
|
tempvar=""
|
||||||
Print_Status_Text 'determine UsrGrpID of "'$ZABBIX_Disabled_User_Group'"'
|
Print_Status_Text 'determine UsrGrpID of "'$ZABBIX_Disabled_User_Group'"'
|
||||||
@ -683,7 +639,7 @@ tempvar=""
|
|||||||
unset ZABBIX_ARRAY_usrgrpid_RAW
|
unset ZABBIX_ARRAY_usrgrpid_RAW
|
||||||
#############################################################################################################
|
#############################################################################################################
|
||||||
# Get alias and userid of the Zabbix Group Members
|
# Get alias and userid of the Zabbix Group Members
|
||||||
Print_Status_Text 'determine alias and userid for Members of "'$ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync'"'
|
Print_Status_Text 'determine alias and userid for Members of "'$ZABBIX_Groupname_for_Sync'"'
|
||||||
if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
|
if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
|
||||||
|
|
||||||
declare -a ZABBIX_ARRAY_LDAP_GroupMember_alias
|
declare -a ZABBIX_ARRAY_LDAP_GroupMember_alias
|
||||||
@ -719,12 +675,12 @@ for (( i=0; i < ${#ZABBIX_ARRAY_LDAP_GroupMember_RAW[*]}; i++ )); do
|
|||||||
#printf "."
|
#printf "."
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
if [ "$b_verbose" = "true" ]; then Print_Status_Text 'determine alias and userid for Members of "'$ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync'"'; fi
|
if [ "$b_verbose" = "true" ]; then Print_Status_Text 'determine alias and userid for Members of "'$ZABBIX_Groupname_for_Sync'"'; fi
|
||||||
Print_Status_Done "done" $GREEN
|
Print_Status_Done "done" $GREEN
|
||||||
unset ZABBIX_ARRAY_LDAP_GroupMember_RAW
|
unset ZABBIX_ARRAY_LDAP_GroupMember_RAW
|
||||||
if [ "$b_verbose" = "true" ]; then
|
if [ "$b_verbose" = "true" ]; then
|
||||||
echo "------------------------------------------------------------------------------------------------"
|
echo "------------------------------------------------------------------------------------------------"
|
||||||
echo "Result from STEP 2: Get Members of Zabbix-LDAP Group $ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync"
|
echo "Result from STEP 2: Get Members of Zabbix-LDAP Group $ZABBIX_Groupname_for_Sync"
|
||||||
echo "----+----------------------+----------------------+----------------------+----------------------"
|
echo "----+----------------------+----------------------+----------------------+----------------------"
|
||||||
printf "%-3s | %-20s | %-20s | %-20s | %-20s" "No." "Alias" "UserId" " " " "
|
printf "%-3s | %-20s | %-20s | %-20s | %-20s" "No." "Alias" "UserId" " " " "
|
||||||
printf "\n"
|
printf "\n"
|
||||||
@ -751,8 +707,8 @@ if [ "$b_verbose" = "true" ]; then
|
|||||||
echo
|
echo
|
||||||
echo "STEP 3: Compare Groups for changes"
|
echo "STEP 3: Compare Groups for changes"
|
||||||
echo "--------------------------------------------------------------"
|
echo "--------------------------------------------------------------"
|
||||||
echo "AD / LDAP Group Name ...........: $LDAP_Groupname_ZabbixSuperAdmin_for_Sync"
|
echo "AD / LDAP Group Name ...........: $LDAP_Groupname_for_Sync"
|
||||||
echo "Zabbix LDAP Group Name .........: $ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync"
|
echo "Zabbix LDAP Group Name .........: $ZABBIX_Groupname_for_Sync"
|
||||||
echo "--------------------------------------------------------------"
|
echo "--------------------------------------------------------------"
|
||||||
fi
|
fi
|
||||||
b_Must_Sync_Users="false"
|
b_Must_Sync_Users="false"
|
||||||
@ -846,12 +802,10 @@ if [ "$b_Must_Sync_Users" = "true" ]; then
|
|||||||
if [ "${ZABBIX_ARRAY_AllUser_RAW[$i]}" = "userid" ]; then
|
if [ "${ZABBIX_ARRAY_AllUser_RAW[$i]}" = "userid" ]; then
|
||||||
i=$(($i + 2))
|
i=$(($i + 2))
|
||||||
ZABBIX_ARRAY_AllUser_userid+=("${ZABBIX_ARRAY_AllUser_RAW[$i]}")
|
ZABBIX_ARRAY_AllUser_userid+=("${ZABBIX_ARRAY_AllUser_RAW[$i]}")
|
||||||
printf "."
|
|
||||||
fi
|
fi
|
||||||
if [ "${ZABBIX_ARRAY_AllUser_RAW[$i]}" = "alias" ]; then
|
if [ "${ZABBIX_ARRAY_AllUser_RAW[$i]}" = "alias" ]; then
|
||||||
i=$(($i + 2))
|
i=$(($i + 2))
|
||||||
ZABBIX_ARRAY_AllUser_alias+=("${ZABBIX_ARRAY_AllUser_RAW[$i]}")
|
ZABBIX_ARRAY_AllUser_alias+=("${ZABBIX_ARRAY_AllUser_RAW[$i]}")
|
||||||
printf "."
|
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
unset ZABBIX_ARRAY_AllUser_RAW
|
unset ZABBIX_ARRAY_AllUser_RAW
|
||||||
@ -1024,14 +978,17 @@ if [ "$b_Must_Sync_Users" = "true" ]; then
|
|||||||
done
|
done
|
||||||
echo "----------------------------------------------------------------------------------------------------------------------"
|
echo "----------------------------------------------------------------------------------------------------------------------"
|
||||||
fi
|
fi
|
||||||
|
else
|
||||||
|
Print_Status_Text "STEP 6: Create needed $i_CounterNewUsers new Zabbix-User"
|
||||||
|
Print_Status_Done "skipped" $GREEN
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#############################################################################################################
|
#############################################################################################################
|
||||||
Print_Status_Text "STEP 7: Replace Members of Group $ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync"
|
Print_Status_Text "STEP 7: Replace Members of Group $ZABBIX_Groupname_for_Sync"
|
||||||
if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
|
if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
|
||||||
if [ "$b_verbose" = "true" ]; then
|
if [ "$b_verbose" = "true" ]; then
|
||||||
echo "--------------------------------------------------------------"
|
echo "--------------------------------------------------------------"
|
||||||
echo "STEP 7: Replace Members of Group $ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync"
|
echo "STEP 7: Replace Members of Group $ZABBIX_Groupname_for_Sync"
|
||||||
fi
|
fi
|
||||||
tempvar=""
|
tempvar=""
|
||||||
list_of_userids=""
|
list_of_userids=""
|
||||||
@ -1041,7 +998,7 @@ if [ "$b_Must_Sync_Users" = "true" ]; then
|
|||||||
done
|
done
|
||||||
# maybe the list is empty! So we have to check
|
# maybe the list is empty! So we have to check
|
||||||
if [ "$list_of_userids" != "" ]; then list_of_userids=${list_of_userids::-1}; fi
|
if [ "$list_of_userids" != "" ]; then list_of_userids=${list_of_userids::-1}; fi
|
||||||
if [ "$b_verbose" = "true" ]; then printf "Update Zabbix Group $ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync via API (Replace)"; fi
|
if [ "$b_verbose" = "true" ]; then printf "Update Zabbix Group $ZABBIX_Groupname_for_Sync via API (Replace)"; fi
|
||||||
if [ "$b_verbose" = "true" ]; then
|
if [ "$b_verbose" = "true" ]; then
|
||||||
printf 'curl -k -s -X POST -H "Content-Type:application/json" -d '
|
printf 'curl -k -s -X POST -H "Content-Type:application/json" -d '
|
||||||
printf "'"
|
printf "'"
|
||||||
@ -1051,7 +1008,7 @@ if [ "$b_Must_Sync_Users" = "true" ]; then
|
|||||||
fi
|
fi
|
||||||
tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"usergroup.update","params":{"usrgrpid":"'$ZABBIX_LDAP_Group_UsrGrpId'","userids":['$list_of_userids']},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
|
tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"usergroup.update","params":{"usrgrpid":"'$ZABBIX_LDAP_Group_UsrGrpId'","userids":['$list_of_userids']},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
|
||||||
if [ "$b_verbose" = "true" ]; then echo $tempvar; fi
|
if [ "$b_verbose" = "true" ]; then echo $tempvar; fi
|
||||||
if [ "$b_verbose" = "true" ]; then Print_Status_Text "STEP 7: Replace Members of Group $ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync"; fi
|
if [ "$b_verbose" = "true" ]; then Print_Status_Text "STEP 7: Replace Members of Group $ZABBIX_Groupname_for_Sync"; fi
|
||||||
Print_Status_Done "done" $GREEN
|
Print_Status_Done "done" $GREEN
|
||||||
|
|
||||||
#############################################################################################################
|
#############################################################################################################
|
||||||
@ -1154,11 +1111,11 @@ if [ "$b_Must_Sync_Users" = "true" ]; then
|
|||||||
if [ "$b_verbose" = "true" ]; then Print_Status_Text "STEP 10: Replace Members of Group $ZABBIX_Disabled_User_Group"; fi
|
if [ "$b_verbose" = "true" ]; then Print_Status_Text "STEP 10: Replace Members of Group $ZABBIX_Disabled_User_Group"; fi
|
||||||
Print_Status_Done "done" $GREEN
|
Print_Status_Done "done" $GREEN
|
||||||
#############################################################################################################
|
#############################################################################################################
|
||||||
Print_Status_Text "STEP 11: Replace Members of Group $ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync (2. Time)"
|
Print_Status_Text "STEP 11: Replace Members of Group $ZABBIX_Groupname_for_Sync (2. Time)"
|
||||||
if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
|
if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
|
||||||
if [ "$b_verbose" = "true" ]; then
|
if [ "$b_verbose" = "true" ]; then
|
||||||
echo "--------------------------------------------------------------"
|
echo "--------------------------------------------------------------"
|
||||||
echo "STEP 11: Replace Members of Group $ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync (2. Time)"
|
echo "STEP 11: Replace Members of Group $ZABBIX_Groupname_for_Sync (2. Time)"
|
||||||
fi
|
fi
|
||||||
# we have to do this twice if we move user between enabled and disabled and they are only in the Zabbix-LDAP-Group - they must be in one Group!"
|
# we have to do this twice if we move user between enabled and disabled and they are only in the Zabbix-LDAP-Group - they must be in one Group!"
|
||||||
# If a user is a now a member of the deactivated user group we can now remove the user from the Zabbix-LDAP-Group
|
# If a user is a now a member of the deactivated user group we can now remove the user from the Zabbix-LDAP-Group
|
||||||
@ -1171,7 +1128,7 @@ if [ "$b_Must_Sync_Users" = "true" ]; then
|
|||||||
# maybe the list is empty! So we have to check
|
# maybe the list is empty! So we have to check
|
||||||
if [ "$list_of_userids" != "" ]; then list_of_userids=${list_of_userids::-1}; fi
|
if [ "$list_of_userids" != "" ]; then list_of_userids=${list_of_userids::-1}; fi
|
||||||
tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"usergroup.update","params":{"usrgrpid":"'$ZABBIX_LDAP_Group_UsrGrpId'","userids":['$list_of_userids']},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
|
tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"usergroup.update","params":{"usrgrpid":"'$ZABBIX_LDAP_Group_UsrGrpId'","userids":['$list_of_userids']},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
|
||||||
if [ "$b_verbose" = "true" ]; then Print_Status_Text "STEP 11: Replace Members of Group $ZABBIX_Groupname_ZabbixSuperAdmin_for_Sync (2. Time)"; fi
|
if [ "$b_verbose" = "true" ]; then Print_Status_Text "STEP 11: Replace Members of Group $ZABBIX_Groupname_for_Sync (2. Time)"; fi
|
||||||
Print_Status_Done "done" $GREEN
|
Print_Status_Done "done" $GREEN
|
||||||
else
|
else
|
||||||
Print_Status_Text "STEP 3: Compare Groups for changes"
|
Print_Status_Text "STEP 3: Compare Groups for changes"
|
||||||
|
Loading…
Reference in New Issue
Block a user