Page History

Source definitions:

Let's consider that the folder in which you will have your new Active Directory source is : /etc/shinken-user/source-data/source-data-MY-active-directory/
inside it, the folder _configuration contain all configuration file to customize the source behavior.

Enable the activ-dir-import

Source:

In the Automatic Detection Modules panel, clic on the button to enable the module.

Image Added

You can find the following parameters in the source file /etc/shinken/sources/

active-dir-

hosts.cfg

 :

Configure the Active Directory

Module

Modify if necessary,

the file /etc/shinken/modules/activ-dir-import.cfg

Connection configuration

Connection configuration

This file is used to make the connection This file is used to make the connexion to your Active Directory server.

Image Added

Edit the file /etc/shinken-user/source-data/source-data-active-directory-sample/_configuration/active-directory-connection.json

Example

{
  "url": "ldap://vm-w2k8r2.shinkendom.local/",
  "base": "dc=shinkendom,dc=local",
  "hosts_base": "OU=serveurs,dc=shinkendom,dc=local",
  "hostgroups_base": "OU=serveurs,dc=shinkendom,dc=local",
  "contacts_base": " OU=utilisateurs,DC=shinkendom,DC=local",
  "username": "administrateur@shinkendom.local",
  "password": "P@ssword1"
}

Mapping rules configuration

This file is used to apply host template, contact template and tags to the hosts and contacts while the import.allow you to do the mapping between Active Directory and Shinken properties.

You can find some customization in the HOW TO section.

File /etc/shinkenEdit the file /etc/shinken-user/source-data/source-data-active-directory/_configuration/active-directory-rulesmapping.json 

# IMPORTANT: Do not edit this file.
# To have your own mapping, copy it under the /etc/shinken-users/source-data/YOU_SOURCE_FOLDER/_configuration/ directory and edit your copy instead.
# Note: comments should be with a # starting the line, NOT after a value
{
# first hosts propertyes (computer object in Active Directory)
   "host.name": "name",
   "host.dNSHostName": "dNSHostName",
   "host.operatingSystem": "operatingSystem",
   "host.operatingSystemServicePack":"operatingSystemServicePack",
   "host.distinguishedName": "distinguishedName",
   "host.filter": "(objectClass=computer)",

# Now contact properties
    "contact.name": "name",
    "contact.categoryFilter":"Person",
    "contact.mail": "mail",
    "contact.member":"member",
    "contact.telephoneNumber":"telephoneNumber",
    "contact.mobile":"mobile",
# Co: for country
    "contact.co":"co",
# l: for city
    "contact.l":"l",
    "contact;company":"company",
    "contact.filter":"(&(objectCategory=person)(objectClass=user))",
# By default hostgroup are not requested. Setup a filter to enabled it
    "hostgroup.filter":""
}

Import rules configuration

This file is used to apply host template, contact template and tags to the hosts and contacts while the import.

Image Added

Edit the file /etc/shinken-user/source-data/source-data-active-directory-sample/_configuration/active-directory-rules.json

The mandatories properties to modify are in green.

The mandatories properties to modify are in green.

Example :

Example :

{
  "hosts_tag": "windows",
  "contacts_tag": "generic-contact",
  "contacts_group_filter": "CN=paris_shinken_users,OU=utilisateurs,DC=shinkendom,DC=local | CN=bordeaux_shinken_users,OU=utilisateurs,DC=shinkendom,DC=local",
  "hosts_tag_citrix": "OU=citrix,OU=serveurs,dc=shinken,dc=local",
  "hosts_tag_database": "OU=database,OU=serveurs,dc=shinken,dc=local",
  "hosts_tag_exchange": "OU=exchange,OU=serveurs,dc=shinken,dc=local",
  "hosts_tag_fileprint": "OU=fileprint,OU=serveurs,dc=shinken,dc=local",
  "hosts_tag_windows": "OU=infra,OU=serveurs,dc=shinken,dc=local",
  "hosts_match_operatingSystem_windows": "windows",
  "hosts_match_operatingSystem_windows2008": "windows*.*2008(?!.*.(?:r2))",
  "hosts_match_operatingSystem_windows2008r2": "windows*.*2008*.*r2",
  "hosts_match_operatingSystem_windows2003": "windows*.*2003",
  "hosts_match_operatingSystem_windows2012": "windows*.*2012(?!.*.(?:r2))",
  "hosts_match_operatingSystem_windows2012r2": "windows*.*2012*.*r2",
  "hosts_match_operatingSystem_windows2000": "windows*.*2000",
  "hosts_match_operatingSystem_windowsxp": "windows*.*xp",
  "hosts_match_operatingSystem_enterprise": "Enterprise",
  "hosts_match_operatingSystemServicePack_sp1": "Service Pack 1",
  "hosts_match_operatingSystemServicePack_sp2": "Service Pack 2",
  "hosts_match_operatingSystemServicePack_sp3": "Service Pack 3",
  "AddFirst_template_(domain-admins)_to_contact_matching_[memberOf]": "CN=Domain Admins,CN=Users,DC=YOUR,dc=DOMAIN,dc=com",
  "AddLast_template_(users)_to_contact_matching_[memberOf]": "CN=Users,DC=YOUR,dc=DOMAIN,dc=com",
  "Force_template_(specific)_to_contact_matching_[memberOf]": "CN=SpecificUsers,DC=YOUR,dc=DOMAIN,dc=com"}

Import the objects

Go to the UI Configuration home page, if your configuration is ok you should have an ouput "OK: Import clean."

Now do a "Force import" in clicking on Image Added

In the "Elements >" panel you will see new elements appearing (Hosts and Contacts).

Image Added

The next step will be to import those new objects.

HOW TO

Import computers with a specific name

Image Added

Edit the file /etc/shinken-user/source-data/source-data-active-directory-sample/_configuration/active-directory-mapping.json

# IMPORTANT: Do not edit this file.
# To have your own mapping, copy it under the /etc/shinken-users/source-data/YOU_SOURCE_FOLDER/_configuration/ directory and edit your copy instead.
# Note: comments should be with a # starting the line, NOT after a value
{
# first hosts propertyes (computer object in Active Directory)
   "host.name": "name",
   "host.dNSHostName": "dNSHostName",
   "host.operatingSystem": "operatingSystem",
   "host.operatingSystemServicePack":"operatingSystemServicePack",
   "host.distinguishedName": "distinguishedName",
   "host.filter": "(objectClass=computer)",

# Now contact properties
    "contact.name": "name",
	"contact.categoryFilter":"Person",
	"contact.member":"member",
    "contact.telephoneNumber":"telephoneNumber",
    "contact.mobile":"mobile",
# Co: for country
    "contact.co":"co",
# l: for city
    "contact.l":"l",
    "contact;company":"company",
    "contact.filter":"(&(objectCategory=person)(objectClass=user))",
# By default hostgroup are not requested. Setup a filter to enabled it
    "hostgroup.filter":""
}

Modify the host.filter

   "host.filter": "(&(objectClass=computer)(sAMAccountName=*SERVER_NAME*))",

Change SERVER_NAME by the server name pattern you want to import.

Import users of multiple groups

With the Active Directory source, it's possible to import users that are in different groups.

Image Added

Edit the file /etc/shinken-user/source-data/source-data-active-directory-sample/_configuration/active-directory-rules.json

In contact_group_filters, add the Distinguished Name (DN) to the different user groups separated by a pipe.

  "contacts_group_filter": "CN=shinken_admins,OU=utilisateurs,DC=shinkendom,DC=local | CN=shinken_users,OU=utilisateurs,DC=shinkendom,DC=local",

Tag hosts to add more properties before import

This source also includes other parameters that will allow you to automatically “tag” your servers based on your active directory information:

• hosts_tag: each loaded hosts will have at least this tag

Tagging hosts based on their OU (Organization Unit) is possible. This is done with the hosts_tag_* parameters.

For example, if you want to add the exchange tag to all the servers which are below

the OU=Email Collaboration Servers,OU=DataCenter Servers,DC=YOUR,dc=DOMAIN,dc=com OU,

you can set this parameter:

hosts_tag_exchange  OU=Email Collaboration Servers,OU=DataCenter Servers,DC=YOUR,dc=DOMAIN,dc=com 

Setting up ldap object matching with the hosts_match_* parameters is also possible.

For example, if you want to add the enterprise tag to all the ldap object that match the string Enterprise in their operatingSystemproperty,

you only need to setup :

hosts_match_operatingSystem_enterprise        Enterprise 

Creation of your own sources

Having multiple sources can help you if you have a huge directory and want to have the control on what to import at any time. As an example, you have an OU containing Paris users and another OU containing Bordeaux users. At a given time, you want to import only Bordeaux users. If you create two sources, you can activate just the Bordeaux source and import its objects.

You will have to do the following to create your own source :

• Create a module
• Create a source
• Configure the source-data
• Configure the Synchronizer daemon to take the new module in consideration

Create a module

cd /etc/shinken/modules/
cp activ-dir-import.cfg activ-dir-import-Bordeaux.cfg

Image Added

Edit the file activ-dir-import-Bordeaux.cfg Delete the 4 lines beginning from # Shinken Enterprise to  # End of Shinken Enterprise part

Modify 

    module_name           active-dir-example

With 

    module_name           active-dir-Bordeaux

Modify the following lines to point to the new source data (see below for the source data configuration)

connection_configuration_file
rules_configuration_file
mapping_configuration_file

Example :

    # Configuration file for your Active Directory connection (server, user, password, ...)
    connection_configuration_file   

Mapping rules configuration

This file allow you to do the mapping between Active Directory and Shinken properties.

Unless you know what you're doing here, you should keep this file unmodified.

You can find some customization in the How to section.

File /etc/shinken-user/source-data/source-data-active-directory/_configuration/active-directory-mapping.json

# IMPORTANT: Do not edit this file.
# To have your own mapping, copy it under the /etc/shinken-users directory and edit your copy instead.
# Note: comments should be with a # starting the line, NOT after a value
{
# first hosts propertyes (computer object in Active Directory)
   "host.name": "name",
   "host.dNSHostName": "dNSHostName",
   "host.operatingSystem": "operatingSystem",
   "host.operatingSystemServicePack":"operatingSystemServicePack",
   "host.distinguishedName": "distinguishedName",
   "host.filter": "(objectClass=computer)",

# Now contact properties
    "contact.name": "name",
    "contact.telephoneNumber":"telephoneNumber",
    "contact.mobile":"mobile",
# Co: for country
    "contact.co":"co",
# l: for city
    "contact.l":"l",
    "contact;company":"company",
    "contact.filter":"(&(objectCategory=person)(objectClass=user))",
# By default hostgroup are not requested. Setup a filter to enabled it
    "hostgroup.filter":""
}

Import the objects

Go in the Administration website, if your configuration is ok you should have an ouput "OK: Import clean."

Image Removed

Now do a "Force import" in clicking on Image Removed

In the "Elements >" panel you will see new elements appearing (Hosts and Contacts).

The next step will be to import those new objects.

How to

Import host with specific names

Edit the file /etc/shinken-user/source-data/source-data-active-directory/_configuration/active-directory-mapping.json

/etc/shinken-user/source-data/source-data-active-directory-Bordeaux/_configuration/active-directory-

connection.json

# IMPORTANT: Do not edit this file.
# To have your own mapping, copy it under the /etc/shinken-users directory and edit your copy instead.
# Note: comments should be with a # starting the line, NOT after a value
{
# first hosts propertyes (computer object in Active Directory)
   "host.name": "name",
   "host.dNSHostName": "dNSHostName",
   "host.operatingSystem": "operatingSystem",
   "host.operatingSystemServicePack":"operatingSystemServicePack",
   "host.distinguishedName": "distinguishedName",
   "host.filter": "(objectClass=computer)",

# Now contact properties
    "contact.name": "name",
    "contact.telephoneNumber":"telephoneNumber",
    "contact.mobile":"mobile",
# Co: for country
    "contact.co":"co",
# l: for city
    "contact.l":"l",
    "contact;company":"company",
    "contact.filter":"(&(objectCategory=person)(objectClass=user))",
# By default hostgroup are not requested. Setup a filter to enabled it
    "hostgroup.filter":""
}

Modify the host.filter

   "host.filter": "(&(objectClass=computer)(sAMAccountName=*SERVER_NAME*))",

Change SERVER_NAME by the server name pattern you want to import.

Import users of multiple groups

Edit the file /etc/shinken-user/source-data/source-data-active-directory/_configuration/active-directory-rules.json

  "contacts_filters": "CN=shinken_admins,OU=utilisateurs,DC=shinkendom,DC=local | CN=shinken_users,OU=utilisateurs,DC=shinkendom,DC=local",

In contact_filters, add the LDAP path to the different user groups separated by a pipe.

Tag hosts and users to add more properties before import

    # Configuration file for your import rules (like OU=>template rules)
    rules_configuration_file       /etc/shinken-user/source-data/source-data-active-directory-Bordeaux/_configuration/active-directory-rules.json
    
	# Configuration file for your ldap fields mapping (like for openldap users)
    mapping_configuration_file     /etc/shinken-user/source-data/source-data-active-directory-Bordeaux/_configuration/active-directory-mapping.json

Create a source

cd /etc/shinken/sources/
cp active-dir-hosts.cfg active-dir-hosts-Bordeaux.cfg

Image Added

Edit the file activ-dir-import-Bordeaux.cfg Delete the 4 lines beginning from # Shinken Enterprise to  # End of Shinken Enterprise part

Modify 

    source_name			active-dir-example
	modules				active-dir-example

With 

    source_name			active-dir-Bordeaux
    modules			    active-dir-Bordeaux

Configure the source data

To create your own import source, do the following :

cd /etc/shinken-user/source-data
cp -r source-data-active-directory-sample source-data-active-directory-Bordeaux

See above on how to configure the source data

Configure the Synchronizer Daemon

Image Added

Edit the file /etc/shinken/synchronizers/synchronizer-master.cfg At the end of the "sources" lien, add you new source.

Example :

    sources               syncui,cfg-file-shinken,active-dir-example,sync-vmware,cfg-file-nagios,discovery,openldap-example,active-dir-Bordeaux

you can see your now source :

Image Added

Apply contact templates to specific contact groups

During the import process a contact  template is applied on every contacts thanks to the "contacts_tag" property found in the active-directory-rules.json.

However, you have the possibility to apply contact templates to specific contact groups with the following properties (file active-directory-rules.json):

If you want to customize your Active Directory by adding a new property, for example called countryCode and to apply a template to it, you can do it like :

"AddFirst_template_(domain-admins)_to_contact_matching_[countryCode]" : "33"

This source also includes other parameters that will allow you to automatically “tag” your servers based on your active directory information:

• hosts_tag: each loaded hosts will have at least this tag
• contacts_tag: each loaded contacts will have at least this tag

Contacts to load can be easily filtered with the contacts_filters parameter.

Tagging hosts based on their OU (Organization Unit) is possible. This is done with the hosts_tag_* parameters.

For example, if you want to add the exchange tag to all the servers which are below

the OU=Email Collaboration Servers,OU=DataCenter Servers,DC=YOUR,dc=DOMAIN,dc=com OU,

you can set this parameter:

Setting up ldap object matching with the hosts_match_* parameters is also possible.

For example, if you want to add the enterprise tag to all the ldap object that match the string Enterprise in their operatingSystemproperty,

you only need to setup :

 This also works with groups.

setup :