Page History

Source definitions:

Enable the activ-dir-import Source:

In the Automatic Detection Modules panel, clic on the button to enable the module.

Image Modified

You can find the following parameters in the source file /etc/shinken/sources/active-dir-hosts.cfg :

Configure the Active Directory Module

The source If Modify if necessary, the file /etc/shinken/modules/activ-dir-import.cfg

Connection configuration

This file is used to make the connexion connection to your Active Directory server.

Image Modified

Edit the file /etc/shinken-user/source-data/source-data-active-directory-sample/_configuration/active-directory-connection.json

Example

{
  "url": "ldap://vm-w2k8r2.shinkendom.local/",
  "base": "dc=shinkendom,dc=local",
  "hosts_base": "OU=serveurs,dc=shinkendom,dc=local",
  "hostgroups_base": "OU=serveurs,dc=shinkendom,dc=local",
  "contacts_base": " OU=utilisateurs,DC=shinkendom,DC=local",
  "username": "administrateur@shinkendom.local",
  "password": "P@ssword1"
}

Mapping rules configuration

This file allow you to do the mapping between Active Directory and Shinken properties.

You can find some customization in the How to HOW TO section.

File /etc/shinken-user/source-data/source-data-active-directory/_configuration/active-directory-mapping.json

# IMPORTANT: Do not edit this file.
# To have your own mapping, copy it under the /etc/shinken-users directory and edit /source-data/YOU_SOURCE_FOLDER/_configuration/ directory and edit your copy instead.
# Note: comments should be with a # starting the line, NOT after a value
{
# first hosts propertyes (computer object in Active Directory)
   "host.name": "name",
   "host.dNSHostName": "dNSHostName",
   "host.operatingSystem": "operatingSystem",
   "host.operatingSystemServicePack":"operatingSystemServicePack",
   "host.distinguishedName": "distinguishedName",
   "host.filter": "(objectClass=computer)",

# Now contact properties
    "contact.name": "name",
    "contact.categoryFilter":"Person",
    "contact.namemail": "namemail",
    "contact.telephoneNumbermember":"telephoneNumbermember",
    "contact.mobiletelephoneNumber":"mobiletelephoneNumber",
    "contact.membermobile":"membermobile",
# Co: for country
    "contact.co":"co",
# l: for city
    "contact.l":"l",
    "contact;company":"company",
    "contact.filter":"(&(objectCategory=person)(objectClass=user))",
# By default hostgroup are not requested. Setup a filter to enabled it
    "hostgroup.filter":""
}

Import rules configuration

This file is used to apply host template, contact template and tags to the hosts and contacts while the import.

Image Modified

Edit the file /etc/shinken-user/source-data/source-data-active-directory-sample/_configuration/active-directory-rules.json

The mandatories properties to modify are in green.

Example :

Example :

{
  "hosts_tag": "windows",
  "contacts_tag": "generic-contact",
  "contacts_group_filter": "CN=paris_shinken_users,OU=utilisateurs,DC=shinkendom,DC=local | CN=bordeaux_shinken_users,OU=utilisateurs,DC=shinkendom,DC

{
  "hosts_tag": "windows",
  "contacts_tag": "generic-contact",
  "contacts_group_filter": "CN=paris_shinken_users,OU=utilisateurs,DC=shinkendom,DC=local | CN=bordeaux_shinken_users,OU=utilisateurs,DC=shinkendom,DC=local",
  "hosts_tag_citrix": "OU=citrix,OU=serveurs,dc=shinken,dc=local",
  "hosts_tag_database": "OU=database,OU=serveurs,dc=shinken,dc=local",
  "hosts_tag_exchange": "OU=exchange,OU=serveurs,dc=shinken,dc=local",
  "hosts_tag_fileprint": "OU=fileprint,OU=serveurs,dc=shinken,dc=local",
  "hosts_tag_windows": "OU=infra,OU=serveurs,dc=shinken,dc=local",
  "hosts_matchtag_operatingSystem_windowscitrix": "windowsOU=citrix,OU=serveurs,dc=shinken,dc=local",
  "hosts_matchtag_operatingSystem_windows2008database": "windows*.*2008(?!.*.(?:r2))OU=database,OU=serveurs,dc=shinken,dc=local",
  "hosts_matchtag_operatingSystem_windows2008r2exchange": "windows*.*2008*.*r2OU=exchange,OU=serveurs,dc=shinken,dc=local",
  "hosts_matchtag_operatingSystem_windows2003fileprint": "windows*.*2003",
OU=fileprint,OU=serveurs,dc=shinken,dc=local",
  "hosts_tag_windows": "OU=infra,OU=serveurs,dc=shinken,dc=local",
  "hosts_match_operatingSystem_windows2012windows": "windows",
  "hosts_match_operatingSystem_windows2008": "windows*.*20122008(?!.*.(?:r2))",
  "hosts_match_operatingSystem_windows2012r2windows2008r2": "windows*.*20122008*.*r2",
  "hosts_match_operatingSystem_windows2000windows2003": "windows*.*20002003",
  "hosts_match_operatingSystem_windowsxpwindows2012": "windows*.*xp2012(?!.*.(?:r2))",
  "hosts_match_operatingSystem_enterprisewindows2012r2": "Enterprisewindows*.*2012*.*r2",
  "hosts_match_operatingSystemServicePackoperatingSystem_sp1windows2000": "Service Pack 1windows*.*2000",
  "hosts_match_operatingSystem_windowsxp": "windows*.*xp",
  "hosts_match_operatingSystemServicePackoperatingSystem_sp2enterprise": "Service Pack 2Enterprise",
  "hosts_match_operatingSystemServicePack_sp3sp1": "Service Pack 31",
  "contactshosts_match_memberOf_domain-adminsoperatingSystemServicePack_sp2": "Service Pack 2",
  "hosts_match_operatingSystemServicePack_sp3": "Service Pack 3",
  "AddFirst_template_(domain-admins)_to_contact_matching_[memberOf]": "OU=shinken_admins,OU=utilisateursCN=Domain Admins,CN=Users,DC=shinkendomYOUR,DC=local"
}

Import the objects

Go in the Administration website, if your configuration is ok you should have an ouput "OK: Import clean."

Now do a "Force import" in clicking on Image Removed

In the "Elements >" panel you will see new elements appearing (Hosts and Contacts).

Image Removed

The next step will be to import those new objects.

HOW TO

Image Removed

dc=DOMAIN,dc=com",
  "AddLast_template_(users)_to_contact_matching_[memberOf]": "CN=Users,DC=YOUR,dc=DOMAIN,dc=com",
  "Force_template_(specific)_to_contact_matching_[memberOf]": "CN=SpecificUsers,DC=YOUR,dc=DOMAIN,dc=com"}

Import the objects

Go to the UI Configuration home page, if your configuration is ok you should have an ouput "OK: Import clean."

Now do a "Force import" in clicking on Image Added

In the "Elements >" panel you will see new elements appearing (Hosts and Contacts).

Image Added

The next step will be to import those new objects.

HOW TO

Import computers with a specific name

Image Added

Edit the file /etc/shinken-user/source-data/source-data-active-directory-sample/_configuration/active-directory-mapping.json

# IMPORTANT: Do not edit this file.
# To have your own mapping, copy it under the /etc/shinken-users/source-data/YOU_SOURCE_FOLDER/_configuration/ directory and edit your copy instead.
# Note: comments should be with 

# IMPORTANT: Do not edit this file.
# To have your own mapping, copy it under the /etc/shinken-users directory and edit your copy instead.
# Note: comments should be with a # starting the line, NOT after a value
{
# first hosts propertyes (computer object in Active Directory)
   "host.name": "name",
   "host.dNSHostName": "dNSHostName",
   "host.operatingSystem": "operatingSystem",
   "host.operatingSystemServicePack":"operatingSystemServicePack",
   "host.distinguishedName": "distinguishedName",
   "host.filter": "(objectClass=computer)",

# Now contact properties
    "contact.name": "name",
 	"contact.categoryFilter":"Person",
	"contact.member":"member",
    "contact.telephoneNumber":"telephoneNumber",
    "contact.mobile":"mobile",
# Co: for country
    "contact.co":"co",
# l: for city
    "contact.l":"l",
    "contact;company":"company",
    "contact.filter":"(&(objectCategory=person)(objectClass=user))",
# By default hostgroup are not requested. Setup a filter to enabled it
    "hostgroup.filter":""
}

Modify the host.filter

   "host.filter": "(&(objectClass=computer)(sAMAccountName=*SERVER_NAME*))",

Change SERVER_NAME by the server name pattern you want to import.

Import users of multiple groups

With the Active Directory source, it's possible to import users that are in different groups.

Image Modified

Edit the file /etc/shinken-user/source-data/source-data-active-directory-sample/_configuration/active-directory-rules.json

In contact_group_filters, add the Distinguished Name (DN) to the different user groups separated by a pipe.

  "contacts_filtersgroup_filter": "CN=shinken_admins,OU=utilisateurs,DC=shinkendom,DC=local | CN=shinken_users,OU=utilisateurs,DC=shinkendom,DC=local",

In contact_filters, add the LDAP path to the different user groups separated by a pipe.

Tag hosts

to add more properties before import

This source also includes other parameters that will allow you to automatically “tag” your servers based on your active directory information:

• hosts_tag: each loaded hosts will have at least this tag
• contacts_tag: each loaded contacts will have at least this tag

Contacts to load can be easily filtered with the contacts_filters parameter.

Tagging hosts based on their OU (Organization Unit) is possible. This is done with the hosts_tag_* parameters.

For example, if you want to add the exchange tag to all the servers which are below

the OU=Email Collaboration Servers,OU=DataCenter Servers,DC=YOUR,dc=DOMAIN,dc=com OU,

you can set this parameter:

hosts_tag_exchange  OU=Email Collaboration Servers,OU=DataCenter Servers,DC=YOUR,dc=DOMAIN,dc=com 

Setting up ldap object matching with the hosts_match_* parameters is also possible.

For example, if you want to add the enterprise tag to all the ldap object that match the string Enterprise in their operatingSystemproperty,

you only need to setup :

hosts_match_operatingSystem_enterprise        Enterprise 

 This also works with groups.

 For example, if you want to add the domain-admins tag to the users that are in the CN=Domain Admins,CN=Users,DC=YOUR,dc=DOMAIN,dc=com OU,

setup :

contacts_match_memberOf_domain-admins         CN=Domain Admins,CN=Users,DC=YOUR,dc=DOMAIN,dc=com

Creation of your own sources

Having multiple sources can help you if you have a huge directory and want to have the control on what to import at any time. As an example, you have an OU containing Paris users and another OU containing Bordeaux users. At a given time, you want to import only Bordeaux users. If you create two sources, you can activate just the Bordeaux source and import its objects.

You will have to do the following to create your own source :

• Create a module
• Create a source
• Configure the source-data
• Configure the Synchronizer daemon to take the new module in consideration

Create a module

cd /etc/shinken/modules/
cp activ-dir-import.cfg activ-dir-import-Bordeaux.cfg

Image Added

Edit the file activ-dir-import-Bordeaux.cfg Delete the 4 lines beginning from # Shinken Enterprise to  # End of Shinken Enterprise part

Modify 

    module_name           active-dir-example

With 

    module_name           active-dir-Bordeaux

Modify the following lines to point to the new source data (see below for the source data configuration)

connection_configuration_file
rules_configuration_file
mapping_configuration_file

Example :

    # Configuration file for your Active Directory connection (server, user, password, ...)
    connection_configuration_file   /etc/shinken-user/source-data/source-data-active-directory-Bordeaux/_configuration/active-directory-connection.json

    # Configuration file for your import rules (like OU=>template rules)
    rules_configuration_file       /etc/shinken-user/source-data/source-data-active-directory-Bordeaux/_configuration/active-directory-rules.json
    
	

Creation of your own sources

Having multiple sources can help you if you have a huge directory and want to have the control on what to import at any time. As an example, you have an OU containing Paris users and another OU containing Bordeaux users. At a given time, you want to import only Bordeaux users. If you create two sources, you can activate just the Bordeaux source and import its objects.

You will have to do the following to create your own source :

• Create a module
• Create a source
• Configure the source-data
• Configure the Synchronizer daemon to take the new module in consideration

Create a module

cd /etc/shinken/modules/
cp cp activ-dir-import.cfg activ-dir-import-Bordeaux.cfg

Image Removed

Edit the file activ-dir-import-Bordeaux.cfg Delete the 4 lines beginning from # Shinken Enterprise to  # End of Shinken Enterprise part

Modify 

    module_name           active-dir-example

With 

    module_name           active-dir-Bordeaux

Modify the following lines to point to the new source data (see below for the source data configuration)

connection_configuration_file
rules_configuration_file
mapping_configuration_file

Example :

    # Configuration file for your Activeldap Directoryfields connectionmapping (server,like user,for password, ...openldap users)
    connectionmapping_configuration_file     /etc/shinken-user/source-data/source-data-active-directory-Bordeaux/_configuration/active-directory-connectionmapping.json

Create a source

cd /etc/shinken/sources/
cp active-dir-hosts.cfg active-dir-hosts-Bordeaux.cfg

Image Added

Edit the file activ-dir-import-Bordeaux.cfg Delete the 4 lines beginning from # Shinken Enterprise to  # End of Shinken Enterprise part

Modify 

    source_name			active-dir-example
	modules				active-dir-example

With 

    source_name			active-dir-Bordeaux
    modules			    active-dir-Bordeaux

Configure the source data

To create your own import source, do the following :

cd   # Configuration file for your import rules (like OU=>template rules)
    rules_configuration_file       /etc/shinken-user/source-data/source-data-active-directory-Bordeaux/_configuration/active-directory-rules.json
    
	# Configuration file for your ldap fields mapping (like for openldap users)
    mapping_configuration_file     /etc/shinken-user/source-data/
cp -r source-data-active-directory-Bordeaux/_configuration/sample source-data-active-directory-mapping.json

Create a source

Bordeaux

Image Removed

See above on how to configure the source data

Configure the Synchronizer Daemon

Image Added

Edit the file /etc/shinken/synchronizers/synchronizer-master.cfg At the end of the "sources" lien, add you new source.

Example :

Edit the file activ-dir-import-Bordeaux.cfg

Delete the 4 lines beginning from

# Shinken Enterprise

to

 # End of Shinken Enterprise part

Modify 

    source_namesources             active-dir-example

With 

    modules                 syncui,cfg-file-shinken,active-dir-example,sync-vmware,cfg-file-nagios,discovery,openldap-example,active-dir-Bordeaux

Configure the source data

To create your own import source, do the following :

you can see your now source :

Image Added

Apply contact templates to specific contact groups

During the import process a contact  template is applied on every contacts thanks to the "contacts_tag" property found in the active-directory-rules.json.

However, you have the possibility to apply contact templates to specific contact groups with the following properties (file active-directory-rules.json):

If you want to customize your Active Directory by adding a new property, for example called countryCode and to apply a template to it, you can do it like :

"AddFirst_template_(domain-admins)_to_contact_matching_[countryCode]" : "33"

See above on how to configure the source data

Configure the Synchronizer Daemon

Image Removed

Edit the file /etc/shinken/synchronizers/synchronizer-master.cfg At the end of the "sources" lien, add you new source.

Example :

    sources               syncui,cfg-file-shinken,active-dir-example,sync-vmware,cfg-file-nagios,discovery,openldap-example,active-dir-Bordeaux

Image Removed

Restart the Synchronizer Daemon /etc/init.d/shinken-synchronizer restart

you can see your now source :

Image Removed