zabbix-ldap-sync-bash/zabbix-ldap-sync.sh
root@zabbix.znil.net cd128aee46 Final Version 1.1
2020-04-14 14:28:17 +02:00

1152 lines
66 KiB
Bash
Executable File

#!/bin/bash
#############################################################################################################
# Script Name ...: zabbix-ldap-sync.sh
# Version .......: V1.1
# Date ..........: 14.04.2020
# Description....: Synchronise Members of a Actice Directory Group with Zabbix via API
# User wich are removed will be deactivated
# Args ..........:
# Author ........: Bernhard Linz
# Email Business : Bernhard.Linz@datagroup.de
# Email Private : Bernhard@znil.de
#############################################################################################################
# Variables
Script_Version="V1.1 (2020-04-14)"
# Colors for printf and echo
DEFAULT_FOREGROUND=39
RED=31
GREEN=32
YELLOW=33
BLUE=34
MAGENTA=35
CYAN=36
LIGHTRED=91
LIGHTGREEN=92
LIGHTYELLOW=93
LIGHTBLUE=94
LIGHTMAGENTA=95
LIGHTCYAN=96
#############################################################################################################
# ______ _ _
# | ____| | | (_)
# | |__ _ _ _ __ ___| |_ _ ___ _ __ ___
# | __| | | | '_ \ / __| __| |/ _ \| '_ \/ __|
# | | | |_| | | | | (__| |_| | (_) | | | \__ \
# |_| \__,_|_| |_|\___|\__|_|\___/|_| |_|___/
#
#############################################################################################################
# Print_Error ### START Function #####################################################################
Print_Error () {
# $1 = Message
echo
echo -e "+- \e[91mERROR: \e[39m------------------------------------------------------------"
printf "$1"
echo
echo "+---------------------------------------------------------------------"
}
# Print_Error ### END Function #####################################################################
# Print_Status_Text ### START Function #####################################################################
Print_Status_Text () {
if [ "$b_silent" = "false" ]; then
printf "%-.70s" "${1} ......................................................................"
fi
}
# Print_Status_Text ### ENDE Function #####################################################################
# Print_Status_Done ### START Function #####################################################################
Print_Status_Done () {
# RED = 31
# GREEN = 32
if [ "$b_silent" = "false" ]; then
local status_text="${1:-done}"
local status_color="${2:-32}"
printf " \x1b["$status_color"m%s\e[m" "$status_text"
echo
fi
}
# Print_Status_Done ### ENDE Function #####################################################################
# Print_Verbose_Text ### START Function #####################################################################
Print_Verbose_Text () {
if [ "$b_verbose" = "true" ]; then
printf "%-.69s: %s\n" "${1} ......................................................................" "${2}"
fi
}
# Print_Verbose_Text ### ENDE Function #####################################################################
# Check_Prerequisites ### START Function #####################################################################
Check_Prerequisites () {
# $1 = name of command
# $2 = name of Package for Ubuntu/Debian
# $3 = name of Package for CentOS/Red Hat
if ! type "$1" >/dev/null 2>&1; then
echo
echo -e "+- \e[91mERROR: Missing Command \e[39m--------------------------------------------"
echo -e "| \e[36m$1\e[39m is not installed!"
echo "| try:"
echo "| apt install $2"
echo "| yum install $3"
echo "+---------------------------------------------------------------------"
exit 1
fi
}
# Check_Prerequisites ### END Function #####################################################################
# Translate_ldapsearch_exitcode ### START Function #####################################################################
Translate_ldapsearch_exitcode () {
case $1 in
0) printf "0: SUCCESS";;
1) printf "1: LDAP_OPERATIONS_ERROR";;
2) printf "2: LDAP_PROTOCOL_ERROR";;
3) printf "3: LDAP_TIMELIMIT_EXCEEDED";;
4) printf "4: LDAP_SIZELIMIT_EXCEEDED";;
7) printf "7: LDAP_AUTH_METHOD_NOT_SUPPORTED";;
8) printf "8: LDAP_STRONG_AUTH_REQUIRED";;
11) printf "11: LDAP_ADMINLIMIT_EXCEEDED";;
13) printf "13: LDAP_CONFIDENTIALITY_REQUIRED";;
16) printf "14: LDAP_NO_SUCH_ATTRIBUTE";;
17) printf "18: LDAP_INAPPROPRIATE_MATCHING";;
32) printf "32: LDAP_NO_SUCH_OBJECT";;
34) printf "34: LDAP_INVALID_DN_SYNTAX";;
48) printf "48: LDAP_INAPPROPRIATE_AUTH";;
49) printf "49: LDAP_INVALID_CREDENTIALS";;
50) printf "50: LDAP_INSUFFICIENT_ACCESS";;
51) printf "51: LDAP_BUSY";;
52) printf "52: LDAP_UNAVAILABLE";;
255) printf "255: LDAP Can't contact LDAP server";;
*) printf "$1: unkown error";;
esac
echo " (for more details: https://ldapwiki.com/wiki/LDAP%20Result%20Codes)"
}
# Translate_ldapsearch_exitcode ### END Function #####################################################################
# Zabbix_Logout ### START Function #####################################################################
Zabbix_Logout () {
Print_Status_Text "Logout Zabbix API"
if [ "$b_verbose" = "true" ]; then
Print_Status_Done "checking" $LIGHTCYAN
printf 'curl -k -s -X POST -H "Content-Type:application/json" -d '
printf "'"
printf '{"jsonrpc": "2.0","method":"user.logout","params":[],"id":42,"'"$ZABBIX_authentication_token"'"}'
printf "'"
echo " $ZABBIX_API_URL"
fi
myJSON=$(curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"user.logout","params":[],"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL)
if [ "$b_verbose" = "true" ]; then echo "Answer from API: $myJSON"; fi
if [ "$b_verbose" = "true" ]; then Print_Status_Text "Logout Zabbix API"; fi
Print_Status_Done "done" $GREEN
b_Zabbix_is_logged_in="false"
}
# Zabbix_Logout ### START Function ##################################################################################################################################################################################
# _____ _ _
# / ____| | | |
# | (___ | |_ __ _ _ __| |_ _ _ _ __
# \___ \| __/ _` | '__| __| | | | '_ \
# ____) | || (_| | | | |_| |_| | |_) |
# |_____/ \__\__,_|_| \__|\__,_| .__/
# | |
# |_|
#############################################################################################################
# Check Commandline Arguments
Config_File="<notset>"
b_Unknown_Parameter="false"
b_showpasswords="false"
b_silent="false"
b_verbose="false"
while [[ $# -gt 0 ]]; do
current_parameter="$1"
case $current_parameter in
-c|-C|--config)
Config_File="$2"
shift # past -c / --config
shift # past value
;;
-p|-P|--ShowPassword)
# Passwords will be displayed in Errors and in Verbose mode
b_showpasswords="true"
shift # past argument
;;
-s|-S|--silent)
# be quiet! only errors will be displayed
b_silent="true"
shift # past argument
;;
-v|-V|--verbose)
# show some extra information
b_verbose="true"
shift # past argument
;;
*) # Catch all other
echo -e "\e[91mUnknown Parameter:\e[39m $1"
# next parameter will display help and exit script after the loop
b_Unknown_Parameter="true"
shift # past argument
;;
esac
done
if [ "$b_Unknown_Parameter" = "true" ]; then
# ToDo: Create Help text
echo "Parameter error - print help"
echo "In Future here will be some helping text"
exit 1
fi
#############################################################################################################
# Clear Screen
clear
#############################################################################################################
if [ "$b_silent" = "false" ]; then
echo "---------------------------------------------------------------------------"
echo "zabbix-ldap-sync.sh (Version $Script_Version) startup"
fi
#############################################################################################################
# Testing for all needed commands (normaly only ldapsearch have to be installed manualy)
Print_Status_Text "Checking prerequisites"
Check_Prerequisites "ldapsearch" "ldap-utils" "openldap-clients"
Check_Prerequisites "curl" "curl" "curl"
Check_Prerequisites "sed" "sed" "sed"
Check_Prerequisites "dirname" "coreutils" "coreutils"
Check_Prerequisites "readlink" "coreutils" "coreutils"
Print_Status_Done "done" $GREEN
#############################################################################################################
# _____ _ _____ __ _ _ _
# | __ \ | | / ____| / _(_) | | (_)
# | |__) |___ __ _ __| | | | ___ _ __ | |_ _ __ _ _ _ _ __ __ _| |_ _ ___ _ __
# | _ // _ \/ _` |/ _` | | | / _ \| '_ \| _| |/ _` | | | | '__/ _` | __| |/ _ \| '_ \
# | | \ \ __/ (_| | (_| | | |___| (_) | | | | | | | (_| | |_| | | | (_| | |_| | (_) | | | |
# |_| \_\___|\__,_|\__,_| \_____\___/|_| |_|_| |_|\__, |\__,_|_| \__,_|\__|_|\___/|_| |_|
# __/ |
# |___/
Print_Status_Text "Searching config file"
if [ "$Config_File" = "<notset>" ]; then
# Get the current path of this running script - long solution wich is also working with symlinks
This_Script_Bash_Source="${BASH_SOURCE[0]}"
while [ -h "$This_Script_Bash_Source" ]; do # resolve $This_Script_Bash_Source until the file is no longer a symlink
This_Script_Path="$( cd -P "$( dirname "$This_Script_Bash_Source" )" >/dev/null 2>&1 && pwd )"
This_Script_Bash_Source="$(readlink "$This_Script_Bash_Source")"
[[ $This_Script_Bash_Source != /* ]] && This_Script_Bash_Source="$This_Script_Path/$This_Script_Bash_Source" # if $This_Script_Bash_Source was a relative symlink, we need to resolve it relative to the path where the symlink file was located
done
This_Script_Path="$( cd -P "$( dirname "$This_Script_Bash_Source" )" >/dev/null 2>&1 && pwd )"
# Special case for programming - my own config file, excluded from .git
if test -f "$This_Script_Path/config-znil.sh"; then
Config_File="$This_Script_Path/config-znil.sh"
else
Config_File="$This_Script_Path/config.sh"
fi
fi
# Normal test for the file now
if ! test -f "$Config_File"; then
Print_Status_Done "Error" $RED
Print_Error "$Config_File not found"
exit 1
else
Print_Status_Done "done" $GREEN
fi
# File exist, read it now
Print_Status_Text 'Reading "'$Config_File'"'
source $Config_File
Print_Status_Done "done" $GREEN
Print_Status_Text "Check all needed Settings"
# if [ -z ${var+x} ]; then echo "var is unset"; else echo "var is set to '$var'"; fi
if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
####################################################################################################
if ! [ -z ${LDAP_Source_URL+x} ]; then Print_Verbose_Text "LDAP_Source_URL" "${LDAP_Source_URL}"; else Print_Error "Missing LDAP_Source_URL"; fi
####################################################################################################
if ! [ -z ${LDAP_Ignore_SSL_Certificate+x} ]; then
Print_Verbose_Text "LDAP_Ignore_SSL_Certificate" "${LDAP_Ignore_SSL_Certificate}"
else
LDAP_Ignore_SSL_Certificate="true"
Print_Verbose_Text "LDAP_Ignore_SSL_Certificate (using Default Value)" "${LDAP_Ignore_SSL_Certificate}"
fi
####################################################################################################
if ! [ -z ${LDAP_Bind_User_DN+x} ]; then Print_Verbose_Text "LDAP_Bind_User_DN" "${LDAP_Bind_User_DN}"; else Print_Error "Missing LDAP_Bind_User_DN"; fi
####################################################################################################
if [ -z ${LDAP_Bind_User_Password+x} ]; then
Print_Error "Missing LDAP_Bind_User_Password"
else
if [ "$b_showpasswords" = "true" ]; then
Print_Verbose_Text "LDAP_Bind_User_Password" "${LDAP_Bind_User_Password}";
else
Print_Verbose_Text "LDAP_Bind_User_Password" "${LDAP_Bind_User_Password:0:3}***************"
fi
fi
####################################################################################################
if ! [ -z ${LDAP_SearchBase+x} ]; then Print_Verbose_Text "LDAP_SearchBase" "${LDAP_SearchBase}"; else Print_Error "Missing LDAP_SearchBase"; fi
####################################################################################################
if ! [ -z ${LDAP_Groupname_for_Sync+x} ]; then
Print_Verbose_Text "LDAP_Groupname_for_Sync" "${LDAP_Groupname_for_Sync}"
else
LDAP_Groupname_for_Sync="skip"
Print_Verbose_Text "LDAP_Groupname_for_Sync" "skip sync"
fi
if [ "$LDAP_Groupname_for_Sync" = "skip" ]; then Print_Verbose_Text "LDAP_Groupname_for_Sync" "skip sync"; fi
####################################################################################################
if ! [ -z ${ZABBIX_Groupname_for_Sync+x} ]; then
Print_Verbose_Text "ZABBIX_Groupname_for_Sync" "${ZABBIX_Groupname_for_Sync}"
else
ZABBIX_Groupname_for_Sync="skip"
Print_Verbose_Text "ZABBIX_Groupname_for_Sync" "skip sync"
fi
if [ "$ZABBIX_Groupname_for_Sync" = "skip" ]; then Print_Verbose_Text "ZABBIX_Groupname_for_Sync" "skip sync"; fi
####################################################################################################
if ! [ -z ${ZABBIX_Disabled_User_Group+x} ]; then
Print_Verbose_Text "ZABBIX_Disabled_User_Group" "${ZABBIX_Disabled_User_Group}"
else
ZABBIX_Disabled_User_Group="Disabled"
Print_Verbose_Text "ZABBIX_Disabled_User_Group (using Default Value)" "${ZABBIX_Disabled_User_Group}"
fi
####################################################################################################
if ! [ -z ${ZABBIX_API_URL+x} ]; then Print_Verbose_Text "ZABBIX_API_URL" "${ZABBIX_API_URL}"; else Print_Error "Missing ZABBIX_API_URL"; fi
####################################################################################################
if ! [ -z ${ZABBIX_API_User+x} ]; then Print_Verbose_Text "ZABBIX_API_User" "${ZABBIX_API_User}"; else Print_Error "Missing ZABBIX_API_User"; fi
####################################################################################################
####################################################################################################
if [ -z ${ZABBIX_API_Password+x} ]; then
Print_Error "Missing ZABBIX_API_Password"
else
if [ "$b_showpasswords" = "true" ]; then
Print_Verbose_Text "ZABBIX_API_Password" "${ZABBIX_API_Password}";
else
Print_Verbose_Text "ZABBIX_API_Password" "${ZABBIX_API_Password:0:3}***************";
fi
fi
####################################################################################################
if ! [ -z ${ZABBIX_UserType_User+x} ]; then
Print_Verbose_Text "ZABBIX_UserType_User" "${ZABBIX_UserType_User}"
else
ZABBIX_UserType_User=1
Print_Verbose_Text "ZABBIX_UserType_User (using Default Value)" "${ZABBIX_UserType_User}"
fi
####################################################################################################
if ! [ -z ${ZABBIX_MediaTypeID+x} ]; then
Print_Verbose_Text "ZABBIX_MediaTypeID" "${ZABBIX_MediaTypeID}"
else
ZABBIX_MediaTypeID=1
Print_Verbose_Text "ZABBIX_MediaTypeID (using Default Value)" "${ZABBIX_MediaTypeID}"
fi
####################################################################################################
if [ "$b_verbose" = "false" ]; then
Print_Status_Done "done" $GREEN
else
Print_Status_Text "Check all needed Settings"
Print_Status_Done "done" $GREEN
fi
#############################################################################################################
# ____ _ _____ _____
# / __ \ | | | __ \ /\ | __ \
# | | | |_ _ ___ _ __ _ _ | | | | | | / \ | |__) |
# | | | | | | |/ _ \ '__| | | | | | | | | |/ /\ \ | ___/
# | |__| | |_| | __/ | | |_| | | |____| |__| / ____ \| |
# \___\_\\__,_|\___|_| \__, | |______|_____/_/ \_\_|
# __/ |
# |___/
#
declare -a LDAP_ARRAY_Members_RAW # Raw Data from ldapsearch
declare -a LDAP_ARRAY_Members_DN # Distinguished names extracted from LDAP_ARRAY_Members_RAW
Print_Status_Text "STEP 1: Getting all Members from Active Directory / LDAP Group"
if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
if [ "$b_verbose" = "true" ]; then
echo
echo "STEP 1: Getting all Members from Active Directory / LDAP Group"
echo "--------------------------------------------------------------"
echo "Group Name SuperAdmin : $LDAP_Groupname_for_Sync"
echo "LDAP Server ..........: $LDAP_Source_URL"
echo "LDAP User ............: $LDAP_Bind_User_DN"
echo "LDAP Search Base .....: $LDAP_SearchBase"
echo "--------------------------------------------------------------"
echo "running ldapsearch:"
fi
if [ LDAP_Ignore_SSL_Certificate = "false" ]; then
# normal ldapsearch call
if [ "$b_verbose" = "true" ]; then
if [ "$b_showpasswords" = "true" ]; then
echo 'ldapsearch -x -H '$LDAP_Source_URL' -D "'$LDAP_Bind_User_DN'" -w "'$LDAP_Bind_User_Password'" -b "'$LDAP_SearchBase'" "(&(objectClass=group)(cn="'$LDAP_Groupname_for_Sync'"))"'
else
echo 'ldapsearch -x -H '$LDAP_Source_URL' -D "'$LDAP_Bind_User_DN'" -w "***********" -b "'$LDAP_SearchBase'" "(&(objectClass=group)(cn="'$LDAP_Groupname_for_Sync'"))"'
fi
fi
# yes, ldapsearch is called twice - first time without grep to catch the exitcode, 2. time to catch the content
tempvar=`ldapsearch -x -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "$LDAP_SearchBase" "(&(objectClass=group)(cn=$LDAP_Groupname_for_Sync))" o member`
ldapsearch_exitcode="$?"
if [ "$b_verbose" = "true" ]; then echo "ldapsearch_exitcode: $ldapsearch_exitcode"; fi
tempvar=`ldapsearch -x -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "$LDAP_SearchBase" "(&(objectClass=group)(cn=$LDAP_Groupname_for_Sync))" o member | grep member:`
else
# ignore SSL ldapsearch
if [ "$b_verbose" = "true" ]; then
if [ "$b_showpasswords" = "true" ]; then
echo 'LDAPTLS_REQCERT=never ldapsearch -x -H '$LDAP_Source_URL' -D "'$LDAP_Bind_User_DN'" -w "'$LDAP_Bind_User_Password'" -b "'$LDAP_SearchBase'" "(&(objectClass=group)(cn='$LDAP_Groupname_for_Sync'))" o member'
else
echo 'LDAPTLS_REQCERT=never ldapsearch -x -H '$LDAP_Source_URL' -D "'$LDAP_Bind_User_DN'" -w "***********" -b "'$LDAP_SearchBase'" "(&(objectClass=group)(cn='$LDAP_Groupname_for_Sync'))" o member'
fi
fi
# yes, ldapsearch is called twice - first time without grep to catch the exitcode, 2. time to catch the content
tempvar=`LDAPTLS_REQCERT=never ldapsearch -x -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "$LDAP_SearchBase" "(&(objectClass=group)(cn=$LDAP_Groupname_for_Sync))" o member`
ldapsearch_exitcode="$?"
if [ "$b_verbose" = "true" ]; then echo "ldapsearch_exitcode: $ldapsearch_exitcode"; fi
tempvar=`LDAPTLS_REQCERT=never ldapsearch -x -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "$LDAP_SearchBase" "(&(objectClass=group)(cn=$LDAP_Groupname_for_Sync))" o member | grep member:`
fi
if [ "$b_verbose" = "true" ]; then
echo 'Result ldapsearch (with "grep member:" : '"$tempvar"
echo "Exitcode ldapsearch: $(Translate_ldapsearch_exitcode $ldapsearch_exitcode)"
fi
# only continue if ldapsearch was succesfull
if [ "$ldapsearch_exitcode" -eq 0 ];then
LDAP_ARRAY_Members_RAW=($tempvar) # Split the raw output into an array
LDAP_ARRAY_Members_DN=()
for (( i=0; i < ${#LDAP_ARRAY_Members_RAW[*]}; i++ )); do
# Search for the word "member:" in Array - the next value is the DN of a Member
if [ "${LDAP_ARRAY_Members_RAW[$i]:0:7}" = "member:" ]; then
i=$(($i + 1))
LDAP_ARRAY_Members_DN+=("${LDAP_ARRAY_Members_RAW[$i]}") # add new Item to the end of the array
else
# Ok, no "member:" found and the Item was not skipped by i=i+1 - must still belong to the previous Item, which was separated by a space
last_item_of_array=${#LDAP_ARRAY_Members_DN[*]} # get the Number of Items in the array
last_item_of_array=$(($last_item_of_array - 1)) # get the Index of the last one (0 is the first index but the number of Items would be 1)
LDAP_ARRAY_Members_DN[$last_item_of_array]+=" ${LDAP_ARRAY_Members_RAW[$i]}" # without ( ) -> replace the Item-Value, add no new Item to the array
fi
done
else
Print_Error "Exitcode ldapsearch not zero: $(Translate_ldapsearch_exitcode $ldapsearch_exitcode)\nTry -v -p and test command by hand"
exit 1
fi
if [ "$b_verbose" = "true" ]; then Print_Status_Text "STEP 1: Getting all Members from Active Directory / LDAP Group"; fi
Print_Status_Done "done" $GREEN
if [ "$b_verbose" = "true" ]; then
echo 'Got "Distinguished Name" for '${#LDAP_ARRAY_Members_DN[*]}' members:'
for (( i=0; i < ${#LDAP_ARRAY_Members_DN[*]}; i++ )); do
echo "$i: ${LDAP_ARRAY_Members_DN[$i]}"
done
echo "--------------------------------------------------------------"
fi
# Needed additional arrays
declare -a LDAP_ARRAY_Members_sAMAccountName
declare -a LDAP_ARRAY_Members_Surname
declare -a LDAP_ARRAY_Members_Givenname
declare -a LDAP_ARRAY_Members_Email
LDAP_ARRAY_Members_sAMAccountName=()
LDAP_ARRAY_Members_Surname=()
LDAP_ARRAY_Members_Givenname=()
LDAP_ARRAY_Members_Email=()
# Only catch the rest if there members in the group
if [ "${#LDAP_ARRAY_Members_DN[*]}" -gt 0 ]; then
Print_Status_Text "Query sAMAccountName, sn, givenName and primary Email-Address"
# Maybe a User have no Surname, Givenname and/or Email - but the will be always a sAMAccountName
# the checks are used for testing this. Set to false for the first run of the loop
b_check_sAMAccountName="false"
b_check_Surname="false"
b_check_Givenname="false"
b_check_Email="false"
for (( i=0; i < ${#LDAP_ARRAY_Members_DN[*]}; i++ )); do
# When the Loop start again we have to for all values. All arrays-size must be equal!
# First run of loop will be skipped because b_check_sAMAccountName is false
if [ "$b_check_sAMAccountName" = "true" ]; then
if [ "$b_check_Surname" = "false" ]; then
LDAP_ARRAY_Members_Surname+=(" - ")
fi
if [ "$b_check_Givenname" = "false" ]; then
LDAP_ARRAY_Members_Givenname+=(" - ")
fi
if [ "$b_check_Email" = "false" ]; then
LDAP_ARRAY_Members_Email+=(" - ")
fi
fi
if [ LDAP_Ignore_SSL_Certificate = "false" ]; then
# sed replace all ": " and "new line" to "|"
tempvar=`ldapsearch -x -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "${LDAP_ARRAY_Members_DN[$i]}" o sAMAccountName o sn o givenName o mail | grep "^sn: \|^givenName: \|^sAMAccountName: \|^mail:" | sed 's/$/|/' | sed 's/: /|/'`
else
# sed replace all ": " and "new line" to "|"
tempvar=`LDAPTLS_REQCERT=never ldapsearch -x -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "${LDAP_ARRAY_Members_DN[$i]}" o sAMAccountName o sn o givenName o mail | grep "^sn: \|^givenName: \|^sAMAccountName: \|^mail:" | sed 's/$/|/' | sed 's/: /|/'`
fi
# Remove all "New Line" (yes, again,) but keep all Spaces
tempvar=$(echo "|${tempvar//[$'\t\r\n']}|")
IFS=$'|' # | is set as delimiter
LDAP_ARRAY_Members_RAW=($tempvar)
IFS=' ' # space is set as delimiter
b_check_sAMAccountName="false"
b_check_Surname="false"
b_check_Givenname="false"
b_check_Email="false"
for (( k=0; k < ${#LDAP_ARRAY_Members_RAW[*]}; k++ )); do
# Check sAMAccountName
if [ "${LDAP_ARRAY_Members_RAW[$k]}" = "sAMAccountName" ]; then
k=$(($k + 1))
# echo "add SAM: ${LDAP_ARRAY_Members_RAW[$k]}"
LDAP_ARRAY_Members_sAMAccountName+=("${LDAP_ARRAY_Members_RAW[$k]}")
b_check_sAMAccountName="true"
fi
if [ "${LDAP_ARRAY_Members_RAW[$k]}" = "sn" ]; then
k=$(($k + 1))
# echo "add SN: ${LDAP_ARRAY_Members_RAW[$k]}"
LDAP_ARRAY_Members_Surname+=("${LDAP_ARRAY_Members_RAW[$k]}")
b_check_Surname="true"
fi
if [ "${LDAP_ARRAY_Members_RAW[$k]}" = "givenName" ]; then
k=$(($k + 1))
# echo "add givenName: ${LDAP_ARRAY_Members_RAW[$k]}"
LDAP_ARRAY_Members_Givenname+=("${LDAP_ARRAY_Members_RAW[$k]}")
b_check_Givenname="true"
fi
if [ "${LDAP_ARRAY_Members_RAW[$k]}" = "mail" ]; then
k=$(($k + 1))
# echo "add Email: ${LDAP_ARRAY_Members_RAW[$k]}"
LDAP_ARRAY_Members_Email+=("${LDAP_ARRAY_Members_RAW[$k]}")
b_check_Email="true"
fi
done
done
# If only one user is in group and some Values are missing ... we need a special treatment for this:
if [ "$b_check_sAMAccountName" = "true" ]; then
if [ "$b_check_Surname" = "false" ]; then
LDAP_ARRAY_Members_Surname+=(" - ")
fi
if [ "$b_check_Givenname" = "false" ]; then
LDAP_ARRAY_Members_Givenname+=(" - ")
fi
if [ "$b_check_Email" = "false" ]; then
LDAP_ARRAY_Members_Email+=(" - ")
fi
fi
Print_Status_Done "done" $GREEN
fi
unset LDAP_ARRAY_Members_RAW
if [ "$b_verbose" = "true" ]; then
echo "------------------------------------------------------------------------------------------------"
echo "Result from STEP 1: Getting all Members from Active Directory / LDAP Group $LDAP_Groupname_for_Sync"
echo "----+----------------------+----------------------+----------------------+----------------------"
printf "%-3s | %-20s | %-20s | %-20s | %-20s" "No." "sAMAccountName" "Surname" "Givenname" "Email"
printf "\n"
echo "----+----------------------+----------------------+----------------------+----------------------"
for (( i=0; i < ${#LDAP_ARRAY_Members_sAMAccountName[*]}; i++ )); do
printf "%-3s | %-20s | %-20s | %-20s | %-20s" "$i" "${LDAP_ARRAY_Members_sAMAccountName[$i]}" "${LDAP_ARRAY_Members_Surname[$i]}" "${LDAP_ARRAY_Members_Givenname[$i]}" "${LDAP_ARRAY_Members_Email[$i]}"
printf "\n"
done
echo "------------------------------------------------------------------------------------------------"
echo
echo
fi
#############################################################################################################
# ______ _ _ _ _ _
# |___ / | | | | (_) | | (_)
# / / __ _| |__ | |__ ___ __ | | ___ __ _ _ _ __
# / / / _` | '_ \| '_ \| \ \/ / | | / _ \ / _` | | '_ \
# / /_| (_| | |_) | |_) | |> < | |___| (_) | (_| | | | | |
# /_____\__,_|_.__/|_.__/|_/_/\_\ |______\___/ \__, |_|_| |_|
# __/ |
# |___/
# Login Zabbix API and catch the authentication token
b_Zabbix_is_logged_in="false"
Print_Status_Text "Login at Zabbix API"
if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
if [ "$b_verbose" = "true" ]; then
printf 'curl -k -s -X POST -H "Content-Type:application/json" -d '
printf "'"
if [ "$b_showpasswords" = "true" ]; then
printf '{"jsonrpc": "2.0","method":"user.login","params":{"user":"'$ZABBIX_API_User'","password":"'$ZABBIX_API_Password'"},"id":42}'
else
printf '{"jsonrpc": "2.0","method":"user.login","params":{"user":"'$ZABBIX_API_User'","password":"********"},"id":42}'
fi
printf "'"
echo " $ZABBIX_API_URL"
fi
ZABBIX_authentication_token=$(curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"user.login","params":{"user":"'$ZABBIX_API_User'","password":"'$ZABBIX_API_Password'"},"id":42}' $ZABBIX_API_URL | cut -d'"' -f8)
Print_Verbose_Text "Authentification token" "$ZABBIX_authentication_token"
if [ "${#ZABBIX_authentication_token}" -ne 32 ]; then
# Token must have 32 Chars - something went wrong
Print_Status_Done "failed" $RED
Print_Error "Login Zabbix API failed\nTry -v -p and test command by hand"
exit 1
else
b_Zabbix_is_logged_in="true"
fi
Print_Verbose_Text "b_Zabbix_is_logged_in" "$b_Zabbix_is_logged_in"
if [ "$b_verbose" = "true" ]; then
Print_Status_Text "Login at Zabbix API"
fi
Print_Status_Done "done" $GREEN
#############################################################################################################
# ____ ______ _ _ _ _____
# / __ \ |___ / | | | | (_) / ____|
# | | | |_ _ ___ _ __ _ _ / / __ _| |__ | |__ ___ __ | | __ _ __ ___ _ _ _ __
# | | | | | | |/ _ \ '__| | | | / / / _` | '_ \| '_ \| \ \/ / | | |_ | '__/ _ \| | | | '_ \
# | |__| | |_| | __/ | | |_| | / /_| (_| | |_) | |_) | |> < | |__| | | | (_) | |_| | |_) |
# \___\_\\__,_|\___|_| \__, | /_____\__,_|_.__/|_.__/|_/_/\_\ \_____|_| \___/ \__,_| .__/
# __/ | | |
# |___/ |_|
# Get UserGrpIds and Members of existing LDAP-User Group in Zabbix
Print_Status_Text "STEP 2: Get Members of Zabbix-LDAP Groups"
Print_Status_Done "checking" $LIGHTCYAN
if [ "$b_verbose" = "true" ]; then
echo
echo "STEP 2: Get Members of Zabbix-LDAP Group"
echo "--------------------------------------------------------------"
echo "Zabbix LDAP Group Name .........: $ZABBIX_Groupname_for_Sync"
echo "Zabbix Disabled User Group Name : $ZABBIX_Disabled_User_Group"
echo "Zabbix API URL .................: $ZABBIX_API_User"
echo "Zabbix API User ................: $LDAP_Bind_User_DN"
echo "--------------------------------------------------------------"
fi
#############################################################################################################
# Get UsrGrpIds
Print_Status_Text 'determine UsrGrpID of "'$ZABBIX_Groupname_for_Sync'"'
if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
declare -a ZABBIX_ARRAY_usrgrpid_RAW
if [ "$b_verbose" = "true" ]; then
printf 'curl -k -s -X POST -H "Content-Type:application/json" -d '
printf "'"
printf '{"jsonrpc":"2.0","method":"usergroup.get","params":{"filter":{"name":"'$ZABBIX_Groupname_for_Sync'"},"output":"extend","status":0},"id":42,"auth":"'$ZABBIX_authentication_token'"}'
printf "'"
printf " $ZABBIX_API_URL"
fi
tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc":"2.0","method":"usergroup.get","params":{"filter":{"name":"'$ZABBIX_Groupname_for_Sync'"},"output":"extend","status":0},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
if [ "$b_verbose" = "true" ]; then echo $tempvar; fi
# The answer is an JSON - we split by the " into an array and search for the wanted values
IFS='"' # " is set as delimiter
ZABBIX_ARRAY_usrgrpid_RAW=($tempvar)
IFS=' ' # space is set as delimiter
for (( i=0; i < ${#ZABBIX_ARRAY_usrgrpid_RAW[*]}; i++ )); do
#echo "Wert $i: ${ZABBIX_ARRAY_usrgrpid_RAW[$i]}"
if [ "${ZABBIX_ARRAY_usrgrpid_RAW[$i]}" = "usrgrpid" ]; then
i=$(($i + 2))
ZABBIX_LDAP_Group_UsrGrpId="${ZABBIX_ARRAY_usrgrpid_RAW[$i]}"
# i=${#ZABBIX_ARRAY_usrgrpid_RAW[*]}
break
fi
done
Print_Verbose_Text "$ZABBIX_Groupname_for_Sync" "$ZABBIX_LDAP_Group_UsrGrpId"
if [ "$b_verbose" = "true" ]; then Print_Status_Text 'determine UsrGrpID of "'$ZABBIX_Groupname_for_Sync'"'; fi
Print_Status_Done "done" $GREEN
tempvar=""
Print_Status_Text 'determine UsrGrpID of "'$ZABBIX_Disabled_User_Group'"'
if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc":"2.0","method":"usergroup.get","params":{"filter":{"name":"'$ZABBIX_Disabled_User_Group'"},"output":"extend","status":1},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
if [ "$b_verbose" = "true" ]; then echo $tempvar; fi
IFS='"' # " is set as delimiter
ZABBIX_ARRAY_usrgrpid_RAW=($tempvar)
IFS=' ' # space is set as delimiter
for (( i=0; i < ${#ZABBIX_ARRAY_usrgrpid_RAW[*]}; i++ )); do
if [ "${ZABBIX_ARRAY_usrgrpid_RAW[$i]}" = "usrgrpid" ]; then
i=$(($i + 2))
ZABBIX_Disabled_Group_UsrGrpId="${ZABBIX_ARRAY_usrgrpid_RAW[$i]}"
break
fi
done
Print_Verbose_Text "$ZABBIX_Disabled_User_Group" "$ZABBIX_Disabled_Group_UsrGrpId"
if [ "$b_verbose" = "true" ]; then Print_Status_Text 'determine UsrGrpID of "'$ZABBIX_Disabled_User_Group'"'; fi
Print_Status_Done "done" $GREEN
tempvar=""
unset ZABBIX_ARRAY_usrgrpid_RAW
#############################################################################################################
# Get alias and userid of the Zabbix Group Members
Print_Status_Text 'determine alias and userid for Members of "'$ZABBIX_Groupname_for_Sync'"'
if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
declare -a ZABBIX_ARRAY_LDAP_GroupMember_alias
declare -a ZABBIX_ARRAY_LDAP_GroupMember_userid
declare -a ZABBIX_ARRAY_LDAP_GroupMember_RAW
ZABBIX_ARRAY_LDAP_GroupMember_alias=()
ZABBIX_ARRAY_LDAP_GroupMember_userid=()
if [ "$b_verbose" = "true" ]; then
printf 'curl -k -s -X POST -H "Content-Type:application/json" -d '
printf "'"
printf '{"jsonrpc": "2.0","method":"user.get","params":{"usrgrpids":"'$ZABBIX_LDAP_Group_UsrGrpId'","output":["alias","userid"]},"id":42,"auth":"'$ZABBIX_authentication_token'"}'
printf "'"
printf " $ZABBIX_API_URL"
fi
tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"user.get","params":{"usrgrpids":"'$ZABBIX_LDAP_Group_UsrGrpId'","output":["alias","userid"]},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
if [ "$b_verbose" = "true" ]; then echo $tempvar; fi
IFS='"' # " is set as delimiter
ZABBIX_ARRAY_LDAP_GroupMember_RAW=($tempvar)
IFS=' ' # space is set as delimiter
for (( i=0; i < ${#ZABBIX_ARRAY_LDAP_GroupMember_RAW[*]}; i++ )); do
#echo "Wert $i: ${ZABBIX_ARRAY_LDAP_GroupMember_RAW[$i]}"
# Wir gehen davon aus das UserId und Alias immer - in beliebiger Reihenfolge - hintereinander kommen, der Index der beiden Arrays sollte also zueinander passen
if [ "${ZABBIX_ARRAY_LDAP_GroupMember_RAW[$i]}" = "userid" ]; then
i=$(($i + 2))
ZABBIX_ARRAY_LDAP_GroupMember_userid+=("${ZABBIX_ARRAY_LDAP_GroupMember_RAW[$i]}")
Print_Verbose_Text "Found UserId" "${ZABBIX_ARRAY_LDAP_GroupMember_RAW[$i]}"
#printf "."
fi
if [ "${ZABBIX_ARRAY_LDAP_GroupMember_RAW[$i]}" = "alias" ]; then
i=$(($i + 2))
ZABBIX_ARRAY_LDAP_GroupMember_alias+=("${ZABBIX_ARRAY_LDAP_GroupMember_RAW[$i]}")
Print_Verbose_Text "Found Alias" "${ZABBIX_ARRAY_LDAP_GroupMember_RAW[$i]}"
#printf "."
fi
done
if [ "$b_verbose" = "true" ]; then Print_Status_Text 'determine alias and userid for Members of "'$ZABBIX_Groupname_for_Sync'"'; fi
Print_Status_Done "done" $GREEN
unset ZABBIX_ARRAY_LDAP_GroupMember_RAW
if [ "$b_verbose" = "true" ]; then
echo "------------------------------------------------------------------------------------------------"
echo "Result from STEP 2: Get Members of Zabbix-LDAP Group $ZABBIX_Groupname_for_Sync"
echo "----+----------------------+----------------------+----------------------+----------------------"
printf "%-3s | %-20s | %-20s | %-20s | %-20s" "No." "Alias" "UserId" " " " "
printf "\n"
echo "----+----------------------+----------------------+----------------------+----------------------"
for (( i=0; i < ${#ZABBIX_ARRAY_LDAP_GroupMember_alias[*]}; i++ )); do
printf "%-3s | %-20s | %-20s | %-20s | %-20s" "$i" "${ZABBIX_ARRAY_LDAP_GroupMember_alias[$i]}" "${ZABBIX_ARRAY_LDAP_GroupMember_userid[$i]}" " " " "
printf "\n"
done
echo "------------------------------------------------------------------------------------------------"
echo
fi
#############################################################################################################
# _____ _____
# / ____| / ____|
# | | ___ _ __ ___ _ __ __ _ _ __ ___ | | __ _ __ ___ _ _ _ __ ___
# | | / _ \| '_ ` _ \| '_ \ / _` | '__/ _ \ | | |_ | '__/ _ \| | | | '_ \/ __|
# | |___| (_) | | | | | | |_) | (_| | | | __/ | |__| | | | (_) | |_| | |_) \__ \
# \_____\___/|_| |_| |_| .__/ \__,_|_| \___| \_____|_| \___/ \__,_| .__/|___/
# | | | |
# |_| |_|
Print_Status_Text "STEP 3: Compare Groups for changes"
Print_Status_Done "checking" $LIGHTCYAN
if [ "$b_verbose" = "true" ]; then
echo
echo "STEP 3: Compare Groups for changes"
echo "--------------------------------------------------------------"
echo "AD / LDAP Group Name ...........: $LDAP_Groupname_for_Sync"
echo "Zabbix LDAP Group Name .........: $ZABBIX_Groupname_for_Sync"
echo "--------------------------------------------------------------"
fi
b_Must_Sync_Users="false"
# Check 1:
Print_Status_Text "Check 1: Number of Users LDAP"
Print_Status_Done "${#LDAP_ARRAY_Members_sAMAccountName[*]}" $DEFAULT_FOREGROUND
Print_Status_Text "Check 1: Number of Users Zabbix"
Print_Status_Done "${#ZABBIX_ARRAY_LDAP_GroupMember_alias[*]}" $DEFAULT_FOREGROUND
Print_Status_Text "Check 1: Number of Users"
if [ "${#LDAP_ARRAY_Members_sAMAccountName[*]}" -eq "${#ZABBIX_ARRAY_LDAP_GroupMember_alias[*]}" ]; then
Print_Status_Done "equal" $GREEN
else
Print_Status_Done "not equal" $RED
b_Must_Sync_Users="true"
fi
# Check 2:
if [ "$b_Must_Sync_Users" = "false" ]; then
# make Compare case insensitive, save original settings
orig_nocasematch=$(shopt -p nocasematch)
shopt -s nocasematch
Print_Status_Text "Check 2: Compare Active Directory sAMAccountName with Zabbix Alias"
if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
# Check every sAMAccountName and find a alias for it
for (( i=0; i < ${#LDAP_ARRAY_Members_sAMAccountName[*]}; i++ )); do
b_alias_was_found="false"
for (( k=0; k < ${#ZABBIX_ARRAY_LDAP_GroupMember_alias[*]}; k++ )); do
if [[ "${LDAP_ARRAY_Members_sAMAccountName[$i]}" == "${ZABBIX_ARRAY_LDAP_GroupMember_alias[$k]}" ]]; then
# printf "."
Print_Verbose_Text "${LDAP_ARRAY_Members_sAMAccountName[$i]}" "found"
b_alias_was_found="true"
# if user have found the loop can be finished
break
fi
done
if [ "$b_alias_was_found" = "false" ]; then
b_Must_Sync_Users="true"
Print_Verbose_Text "${LDAP_ARRAY_Members_sAMAccountName[$i]}" "not found"
if [ "$b_verbose" = "true" ]; then Print_Status_Text "Check 2: Compare Active Directory sAMAccountName with Zabbix Alias"; fi
Print_Status_Done "mismatch" $RED
# one user was not found, we can exit the test, we must sync
break
fi
done
# restore original case sensitive/insenstive settings
$orig_nocasematch
if [ "$b_verbose" = "true" ]; then Print_Status_Text "Check 2: Compare Active Directory sAMAccountName with Zabbix Alias"; fi
if [ "$b_Must_Sync_Users" = "false" ]; then Print_Status_Done "done" $GREEN; fi
fi
#############################################################################################################
# _____ _ _ _
# / ____| | | (_) (_)
# | (___ _ _ _ __ ___| |__ _ __ ___ _ __ _ _____ _ __ __ _
# \___ \| | | | '_ \ / __| '_ \| '__/ _ \| '_ \| |_ / | '_ \ / _` |
# ____) | |_| | | | | (__| | | | | | (_) | | | | |/ /| | | | | (_| |
# |_____/ \__, |_| |_|\___|_| |_|_| \___/|_| |_|_/___|_|_| |_|\__, |
# __/ | __/ |
# |___/ |___/
if [ "$b_Must_Sync_Users" = "true" ]; then
Print_Status_Text "STEP 4: Get all Zabbix Users with alias and userid"
if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
if [ "$b_verbose" = "true" ]; then
echo
echo "--------------------------------------------------------------"
echo "STEP 4: Get all Zabbix Users with alias and userid"
fi
# get a List of all Zabbix Users to get the possible UserIds of new Users
tempvar=""
declare -a ZABBIX_ARRAY_AllUser_alias
declare -a ZABBIX_ARRAY_AllUser_userid
declare -a ZABBIX_ARRAY_AllUser_RAW
ZABBIX_ARRAY_AllUser_alias=()
ZABBIX_ARRAY_AllUser_userid=()
if [ "$b_verbose" = "true" ]; then
printf 'curl -k -s -X POST -H "Content-Type:application/json" -d '
printf "'"
printf '{"jsonrpc": "2.0","method":"user.get","params":{"output":["alias","userid"]},"id":42,"auth":"'$ZABBIX_authentication_token'"}'
printf "'"
echo $ZABBIX_API_URL
fi
tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"user.get","params":{"output":["alias","userid"]},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
if [ "$b_verbose" = "true" ]; then
echo $tempvar
fi
IFS='"' # " is set as delimiter
ZABBIX_ARRAY_AllUser_RAW=($tempvar)
IFS=' ' # space is set as delimiter
for (( i=0; i < ${#ZABBIX_ARRAY_AllUser_RAW[*]}; i++ )); do
# We assume that the UserId and Alias always come one after the other in any order, so the index of the two arrays should match
if [ "${ZABBIX_ARRAY_AllUser_RAW[$i]}" = "userid" ]; then
i=$(($i + 2))
ZABBIX_ARRAY_AllUser_userid+=("${ZABBIX_ARRAY_AllUser_RAW[$i]}")
fi
if [ "${ZABBIX_ARRAY_AllUser_RAW[$i]}" = "alias" ]; then
i=$(($i + 2))
ZABBIX_ARRAY_AllUser_alias+=("${ZABBIX_ARRAY_AllUser_RAW[$i]}")
fi
done
unset ZABBIX_ARRAY_AllUser_RAW
if [ "$b_verbose" = "true" ]; then Print_Status_Text "STEP 4: Get all Zabbix Users with alias and userid"; fi
Print_Status_Done "done" $GREEN
if [ "$b_verbose" = "true" ]; then
echo "------------------------------------------------------------------------------------------------"
echo "Result from STEP 4: Get all Zabbix Users with alias and userid"
echo "----+----------------------+----------------------+----------------------+----------------------"
printf "%-3s | %-20s | %-20s | %-20s | %-20s" "No." "Alias" "UserId" " " " "
printf "\n"
echo "----+----------------------+----------------------+----------------------+----------------------"
for (( i=0; i < ${#ZABBIX_ARRAY_AllUser_alias[*]}; i++ )); do
printf "%-3s | %-20s | %-20s | %-20s | %-20s" "$i" "${ZABBIX_ARRAY_AllUser_alias[$i]}" "${ZABBIX_ARRAY_AllUser_userid[$i]}" " " " "
printf "\n"
done
echo "------------------------------------------------------------------------------------------------"
fi
Print_Status_Text "STEP 5: Compare LDAP user with existing Zabbix User"
if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
if [ "$b_verbose" = "true" ]; then
echo
echo "--------------------------------------------------------------"
echo "STEP 5: Compare LDAP user with existing Zabbix User"
fi
# additional Array for Zabbix-UserId
declare -a LDAP_ARRAY_Members_UserId
LDAP_ARRAY_Members_UserId=()
# Merker ob wir neue Benutzer anlegen müssen
b_have_to_create_new_user="false"
# Compare LDAP-User with Zabbix-User
# make Compare case insensitive, save original settings
orig_nocasematch=$(shopt -p nocasematch)
shopt -s nocasematch
i_CounterNewUsers=0
for (( i=0; i < ${#LDAP_ARRAY_Members_sAMAccountName[*]}; i++ )); do
b_we_have_a_winner="false"
for (( k=0; k < ${#ZABBIX_ARRAY_AllUser_alias[*]}; k++ )); do
if [[ "${LDAP_ARRAY_Members_sAMAccountName[$i]}" == "${ZABBIX_ARRAY_AllUser_alias[$k]}" ]]; then
LDAP_ARRAY_Members_UserId+=("${ZABBIX_ARRAY_AllUser_userid[$k]}")
Print_Verbose_Text "Found existing User: ${LDAP_ARRAY_Members_sAMAccountName[$i]}" "${ZABBIX_ARRAY_AllUser_alias[$k]}"
b_we_have_a_winner="true"
break
fi
done
# User was found?
if [ "$b_we_have_a_winner" = "false" ]; then
# User was not found - but we need an array item to have all array index identical and matched to each other
# also mark this User to have to be created
LDAP_ARRAY_Members_UserId+=("create-user")
Print_Verbose_Text "No Zabbix user found: ${LDAP_ARRAY_Members_sAMAccountName[$i]}" "will be created"
b_have_to_create_new_user="true"
i_CounterNewUsers=$(($i_CounterNewUsers + 1))
fi
done
# restore original case sensitive/insenstive settings
$orig_nocasematch
if [ "$b_verbose" = "true" ]; then Print_Status_Text "STEP 5: Compare LDAP user with existing Zabbix User"; fi
if [ "$b_have_to_create_new_user" = "true" ]; then
Print_Status_Done "must create $i_CounterNewUsers new user" $RED
else
Print_Status_Done "done" $GREEN
fi
if [ "$b_verbose" = "true" ]; then
echo "----------------------------------------------------------------------------------------------------------------------"
echo "Result from STEP 5: Compare LDAP user with existing Zabbix User"
echo "----+----------------------+----------------------+----------------------+--------------------------+-----------------"
printf "%-3s | %-20s | %-20s | %-20s | %-24s | %-20s" "No." "sAMAccountName" "Surname" "Givenname" "Zabbix-UserId" "Email-Address"
printf "\n"
echo "----+----------------------+----------------------+----------------------+--------------------------+-----------------"
for (( i=0; i < ${#LDAP_ARRAY_Members_sAMAccountName[*]}; i++ )); do
printf "%-3s | %-20s | %-20s | %-20s | %-24s | %-20s" "$i" "${LDAP_ARRAY_Members_sAMAccountName[$i]}" "${LDAP_ARRAY_Members_Surname[$i]}" "${LDAP_ARRAY_Members_Givenname[$i]}" "${LDAP_ARRAY_Members_UserId[$i]}" "${LDAP_ARRAY_Members_Email[$i]}"
printf "\n"
done
echo "----------------------------------------------------------------------------------------------------------------------"
fi
#############################################################################################################
if [ "$b_have_to_create_new_user" = "true" ]; then
Print_Status_Text "STEP 6: Create needed $i_CounterNewUsers new Zabbix-User"
if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
if [ "$b_verbose" = "true" ]; then
echo "--------------------------------------------------------------"
echo "STEP 6: Create needed $i_CounterNewUsers new Zabbix-User"
fi
declare -a ZABBIX_ARRAY_New_User_RAW
# Search for all User with UserId "create-user"
for (( i=0; i < ${#LDAP_ARRAY_Members_sAMAccountName[*]}; i++ )); do
if [ "${LDAP_ARRAY_Members_UserId[$i]}" = "create-user" ]; then
# printf "Create new user ${LDAP_ARRAY_Members_sAMAccountName[$i]} ... "
tempSAM='"'"${LDAP_ARRAY_Members_sAMAccountName[$i]}"'"'
# Check the things we have
create_combination=""
if [ "${LDAP_ARRAY_Members_Surname[$i]}" != " - " ]; then
create_combination+="X"
tempSURNAME='"'"${LDAP_ARRAY_Members_Surname[$i]}"'"'
Print_Verbose_Text "tempSURNAME" "$tempSURNAME"
else
create_combination+="O"
fi
if [ "${LDAP_ARRAY_Members_Givenname[$i]}" != " - " ]; then
create_combination+="X"
tempNAME='"'"${LDAP_ARRAY_Members_Givenname[$i]}"'"'
Print_Verbose_Text "tempNAME" "$tempNAME"
else
create_combination+="O"
fi
if [ "${LDAP_ARRAY_Members_Email[$i]}" != " - " ]; then
create_combination+="X"
tempEmail='"'"${LDAP_ARRAY_Members_Email[$i]}"'"'
Print_Verbose_Text "tempEmail" "$tempEmail"
else
create_combination+="O"
fi
Print_Verbose_Text "Create Combination" "$create_combination"
# create_combination should be OOO, OOX, OXO, OXX, XOO, XOX, XXO or XXX
tempvar=""
case "$create_combination" in
"OOO") # No Surname, Givenname or Email
tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc":"2.0","method":"user.create","params":{"alias":'"$tempSAM"',"usrgrps":[{"usrgrpid":"'$ZABBIX_LDAP_Group_UsrGrpId'"}],"type":'$ZABBIX_UserType_User'},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
;;
"OOX") # Email, but no Surname or Givenname
tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc":"2.0","method":"user.create","params":{"alias":'"$tempSAM"',"user_medias":[{"mediatypeid": "'$ZABBIX_MediaTypeID'","sendto":['"$tempEmail"']}],"usrgrps":[{"usrgrpid":"'$ZABBIX_LDAP_Group_UsrGrpId'"}],"type":'$ZABBIX_UserType_User'},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
;;
"OXO") # Givenname, but no Surname or Email
tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc":"2.0","method":"user.create","params":{"alias":'"$tempSAM"',"name":'"$tempNAME"',"usrgrps":[{"usrgrpid":"'$ZABBIX_LDAP_Group_UsrGrpId'"}],"type":'$ZABBIX_UserType_User'},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
;;
"OXX") # Givenname and Email, no Surname
tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc":"2.0","method":"user.create","params":{"alias":'"$tempSAM"',"user_medias":[{"mediatypeid": "'$ZABBIX_MediaTypeID'","sendto":['"$tempEmail"']}],"name":'"$tempNAME"',"usrgrps":[{"usrgrpid":"'$ZABBIX_LDAP_Group_UsrGrpId'"}],"type":'$ZABBIX_UserType_User'},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
;;
"XOO") # Surname, but no Givenname or Email
tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc":"2.0","method":"user.create","params":{"alias":'"$tempSAM"',"surname":'"$tempSURNAME"',"usrgrps":[{"usrgrpid":"'$ZABBIX_LDAP_Group_UsrGrpId'"}],"type":'$ZABBIX_UserType_User'},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
;;
"XOX") # Surname and Email, but no Givenname
tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"user.create","params":{"alias":'"$tempSAM"',"surname":'"$tempSURNAME"',"user_medias":[{"mediatypeid": "'$ZABBIX_MediaTypeID'","sendto":['"$tempEmail"']}],"usrgrps":[{"usrgrpid":"'$ZABBIX_LDAP_Group_UsrGrpId'"}],"type":'$ZABBIX_UserType_User'},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
;;
"XXO") # Surname and Givenname, but no Email
tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc":"2.0","method":"user.create","params":{"alias":'"$tempSAM"',"name":'"$tempNAME"',"surname":'"$tempSURNAME"',"usrgrps":[{"usrgrpid":"'$ZABBIX_LDAP_Group_UsrGrpId'"}],"type":'$ZABBIX_UserType_User'},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
;;
"XXX") # Surname, Givenname and Email
tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"user.create","params":{"alias":'"$tempSAM"',"name":'"$tempNAME"',"surname":'"$tempSURNAME"',"user_medias":[{"mediatypeid": "'$ZABBIX_MediaTypeID'","sendto":['"$tempEmail"']}],"usrgrps":[{"usrgrpid":"'$ZABBIX_LDAP_Group_UsrGrpId'"}],"type":'$ZABBIX_UserType_User'},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
;;
esac
if [ "$b_verbose" = "true" ]; then echo "$tempvar"; fi
# Catch the new UserId from the answer
IFS='"' # " is set as delimiter
ZABBIX_ARRAY_New_User_RAW=($tempvar)
IFS=' ' # space is set as delimiter
for (( k=0; k < ${#ZABBIX_ARRAY_New_User_RAW[*]}; k++ )); do
if [ "${ZABBIX_ARRAY_New_User_RAW[$k]}" = "userids" ]; then
k=$(($k + 2))
LDAP_ARRAY_Members_UserId[$i]="${ZABBIX_ARRAY_New_User_RAW[$k]}"
fi
done
Print_Verbose_Text "Created: ${LDAP_ARRAY_Members_sAMAccountName[$i]}" "LDAP_ARRAY_Members_UserId[$i]"
fi
done
if [ "$b_verbose" = "true" ]; then Print_Status_Text "STEP 6: Create needed $i_CounterNewUsers new Zabbix-User"; fi
Print_Status_Done "done" $GREEN
if [ "$b_verbose" = "true" ]; then
echo "-------------------------------------------------------------------------------------------------------------"
echo "Result from STEP 6: Create needed new Zabbix-User"
echo "----+----------------------+----------------------+----------------------+--------------------------+-----------------"
printf "%-3s | %-20s | %-20s | %-20s | %-24s | %-20s" "No." "sAMAccountName" "Surname" "Givenname" "Zabbix-UserId" "Email-Address"
printf "\n"
echo "----+----------------------+----------------------+----------------------+--------------------------+-----------------"
for (( i=0; i < ${#LDAP_ARRAY_Members_sAMAccountName[*]}; i++ )); do
printf "%-3s | %-20s | %-20s | %-20s | %-24s | %-20s" "$i" "${LDAP_ARRAY_Members_sAMAccountName[$i]}" "${LDAP_ARRAY_Members_Surname[$i]}" "${LDAP_ARRAY_Members_Givenname[$i]}" "${LDAP_ARRAY_Members_UserId[$i]}" "${LDAP_ARRAY_Members_Email[$i]}"
printf "\n"
done
echo "----------------------------------------------------------------------------------------------------------------------"
fi
else
Print_Status_Text "STEP 6: Create needed $i_CounterNewUsers new Zabbix-User"
Print_Status_Done "skipped" $GREEN
fi
#############################################################################################################
Print_Status_Text "STEP 7: Replace Members of Group $ZABBIX_Groupname_for_Sync"
if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
if [ "$b_verbose" = "true" ]; then
echo "--------------------------------------------------------------"
echo "STEP 7: Replace Members of Group $ZABBIX_Groupname_for_Sync"
fi
tempvar=""
list_of_userids=""
for (( i=0; i < ${#LDAP_ARRAY_Members_sAMAccountName[*]}; i++ )); do
list_of_userids+='"'${LDAP_ARRAY_Members_UserId[$i]}'"'
list_of_userids+=","
done
# maybe the list is empty! So we have to check
if [ "$list_of_userids" != "" ]; then list_of_userids=${list_of_userids::-1}; fi
if [ "$b_verbose" = "true" ]; then printf "Update Zabbix Group $ZABBIX_Groupname_for_Sync via API (Replace)"; fi
if [ "$b_verbose" = "true" ]; then
printf 'curl -k -s -X POST -H "Content-Type:application/json" -d '
printf "'"
printf '{"jsonrpc": "2.0","method":"usergroup.update","params":{"usrgrpid":"'$ZABBIX_LDAP_Group_UsrGrpId'","userids":['$list_of_userids']},"id":42,"auth":"'$ZABBIX_authentication_token'"}'
printf "' "
echo $ZABBIX_API_URL
fi
tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"usergroup.update","params":{"usrgrpid":"'$ZABBIX_LDAP_Group_UsrGrpId'","userids":['$list_of_userids']},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
if [ "$b_verbose" = "true" ]; then echo $tempvar; fi
if [ "$b_verbose" = "true" ]; then Print_Status_Text "STEP 7: Replace Members of Group $ZABBIX_Groupname_for_Sync"; fi
Print_Status_Done "done" $GREEN
#############################################################################################################
# 1. get a List of all User in the "Disabled User" group
# 2. Remove all active user from this List
# 3. Add all user wich was removed from LDAP-Group but was in the Zabbix-LDAP-Group found
# 4. Update Members of Group "Disabled User" via Zabbix API
Print_Status_Text "STEP 8: Get List of all disabled user in Group $ZABBIX_Disabled_User_Group"
if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
if [ "$b_verbose" = "true" ]; then
echo "--------------------------------------------------------------"
echo "STEP 8: Get List of all disabled user in Group $ZABBIX_Disabled_User_Group"
fi
# 1. get a List of all User in the "Disabled User" group
declare -a ZABBIX_ARRAY_disabled_User_userid
declare -a ZABBIX_ARRAY_disabled_User_RAW
ZABBIX_ARRAY_disabled_User_userid=()
if [ "$b_verbose" = "true" ]; then
printf 'curl -k -s -X POST -H "Content-Type:application/json" -d '
printf "'"
printf '{"jsonrpc": "2.0","method":"user.get","params":{"usrgrpids":"'$ZABBIX_Disabled_Group_UsrGrpId'","output":["userid"],"status":1},"id":42,"auth":"'$ZABBIX_authentication_token'"}'
printf "'"
echo $ZABBIX_API_URL
fi
tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"user.get","params":{"usrgrpids":"'$ZABBIX_Disabled_Group_UsrGrpId'","output":["userid"],"status":1},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
if [ "$b_verbose" = "true" ]; then echo $tempvar; fi
IFS='"' # " is set as delimiter
ZABBIX_ARRAY_disabled_User_RAW=($tempvar)
IFS=' ' # space is set as delimiter
for (( i=0; i < ${#ZABBIX_ARRAY_disabled_User_RAW[*]}; i++ )); do
if [ "${ZABBIX_ARRAY_disabled_User_RAW[$i]}" = "userid" ]; then
i=$(($i + 2))
ZABBIX_ARRAY_disabled_User_userid+=("${ZABBIX_ARRAY_disabled_User_RAW[$i]}")
fi
done
unset ZABBIX_ARRAY_disabled_User_RAW
if [ "$b_verbose" = "true" ]; then Print_Status_Text "STEP 8: Get List of all disabled user in Group $ZABBIX_Disabled_User_Group"; fi
Print_Status_Done "done" $GREEN
Print_Status_Text "STEP 9: Remove active user, add inactive user"
if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
if [ "$b_verbose" = "true" ]; then
echo "--------------------------------------------------------------"
echo "STEP 9: Remove active user, add inactive user"
fi
# 2. Remove all active user from this List
# 3. Add all user wich was removed from LDAP-Group but was in the Zabbix-LDAP-Group found
declare -a new_ZABBIX_ARRAY_disabled_User_userid
new_ZABBIX_ARRAY_disabled_User_userid=()
if [ "$b_verbose" = "true" ]; then Print_Status_Text "Removing active Users from List"; fi
for (( i=0; i < ${#ZABBIX_ARRAY_disabled_User_userid[*]}; i++ )); do
b_skip_this_user="false"
for (( k=0; k < ${#LDAP_ARRAY_Members_UserId[*]}; k++ )); do
if [ "${ZABBIX_ARRAY_disabled_User_userid[$i]}" = "${LDAP_ARRAY_Members_UserId[$k]}" ]; then
b_skip_this_user="true"
fi
done
if [ "$b_skip_this_user" = "false" ]; then
new_ZABBIX_ARRAY_disabled_User_userid+=("${ZABBIX_ARRAY_disabled_User_userid[$i]}")
fi
done
if [ "$b_verbose" = "true" ]; then Print_Status_Done "done" $GREEN; fi
if [ "$b_verbose" = "true" ]; then Print_Status_Text "Adding inactive Users"; fi
for (( i=0; i < ${#ZABBIX_ARRAY_LDAP_GroupMember_userid[*]}; i++ )); do
b_skip_this_user="false"
for (( k=0; k < ${#LDAP_ARRAY_Members_UserId[*]}; k++ )); do
if [ "${ZABBIX_ARRAY_LDAP_GroupMember_userid[$i]}" = "${LDAP_ARRAY_Members_UserId[$k]}" ]; then
b_skip_this_user="true"
fi
done
if [ "$b_skip_this_user" = "false" ]; then
new_ZABBIX_ARRAY_disabled_User_userid+=("${ZABBIX_ARRAY_LDAP_GroupMember_userid[$i]}")
fi
done
if [ "$b_verbose" = "true" ]; then Print_Status_Done "done" $GREEN; fi
if [ "$b_verbose" = "true" ]; then Print_Status_Text "STEP 9: Remove active user, add inactive user"; fi
Print_Status_Done "done" $GREEN
Print_Status_Text "STEP 10: Replace Members of Group $ZABBIX_Disabled_User_Group"
if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
if [ "$b_verbose" = "true" ]; then
echo "--------------------------------------------------------------"
echo "STEP 10: Replace Members of Group $ZABBIX_Disabled_User_Group"
fi
tempvar=""
# maybe the list is empty! So we have to check
if [ "$list_of_userids" != "" ]; then list_of_userids=${list_of_userids::-1}; fi
for (( i=0; i < ${#new_ZABBIX_ARRAY_disabled_User_userid[*]}; i++ )); do
list_of_userids+='"'${new_ZABBIX_ARRAY_disabled_User_userid[$i]}'"'
list_of_userids+=","
done
list_of_userids=${list_of_userids::-1}
if [ "$b_verbose" = "true" ]; then
printf 'curl -k -s -X POST -H "Content-Type:application/json" -d '
printf "'"
printf '{"jsonrpc": "2.0","method":"usergroup.update","params":{"usrgrpid":"'$ZABBIX_Disabled_Group_UsrGrpId'","userids":['$list_of_userids']},"id":42,"auth":"'$ZABBIX_authentication_token'"}'
printf "' "
echo $ZABBIX_API_URL
fi
tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"usergroup.update","params":{"usrgrpid":"'$ZABBIX_Disabled_Group_UsrGrpId'","userids":['$list_of_userids']},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
if [ "$b_verbose" = "true" ]; then echo $tempvar; fi
if [ "$b_verbose" = "true" ]; then Print_Status_Text "STEP 10: Replace Members of Group $ZABBIX_Disabled_User_Group"; fi
Print_Status_Done "done" $GREEN
#############################################################################################################
Print_Status_Text "STEP 11: Replace Members of Group $ZABBIX_Groupname_for_Sync (2. Time)"
if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
if [ "$b_verbose" = "true" ]; then
echo "--------------------------------------------------------------"
echo "STEP 11: Replace Members of Group $ZABBIX_Groupname_for_Sync (2. Time)"
fi
# we have to do this twice if we move user between enabled and disabled and they are only in the Zabbix-LDAP-Group - they must be in one Group!"
# If a user is a now a member of the deactivated user group we can now remove the user from the Zabbix-LDAP-Group
tempvar=""
list_of_userids=""
for (( i=0; i < ${#LDAP_ARRAY_Members_sAMAccountName[*]}; i++ )); do
list_of_userids+='"'${LDAP_ARRAY_Members_UserId[$i]}'"'
list_of_userids+=","
done
# maybe the list is empty! So we have to check
if [ "$list_of_userids" != "" ]; then list_of_userids=${list_of_userids::-1}; fi
tempvar=`curl -k -s -X POST -H "Content-Type:application/json" -d '{"jsonrpc": "2.0","method":"usergroup.update","params":{"usrgrpid":"'$ZABBIX_LDAP_Group_UsrGrpId'","userids":['$list_of_userids']},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
if [ "$b_verbose" = "true" ]; then Print_Status_Text "STEP 11: Replace Members of Group $ZABBIX_Groupname_for_Sync (2. Time)"; fi
Print_Status_Done "done" $GREEN
else
Print_Status_Text "STEP 3: Compare Groups for changes"
Print_Status_Done "no changes" $GREEN
fi
#############################################################################################################
# ______ _ _ _ _ _
# |___ / | | | | (_) | | | |
# / / __ _| |__ | |__ ___ __ | | ___ __ _ ___ _ _| |_
# / / / _` | '_ \| '_ \| \ \/ / | | / _ \ / _` |/ _ \| | | | __|
# / /_| (_| | |_) | |_) | |> < | |___| (_) | (_| | (_) | |_| | |_
# /_____\__,_|_.__/|_.__/|_/_/\_\ |______\___/ \__, |\___/ \__,_|\__|
# __/ |
# |___/
# Logout before exit
if [ "$b_Zabbix_is_logged_in" = "true" ]; then
Zabbix_Logout
fi
#############################################################################################################
exit 0