Overview

This document describes how you can import hosts and users from Active Directory.

There are some steps you’ll need to follow in order to be able to import hosts and users : 

  • Enable the Active Directory source
  • Configure the Active Directory module
  • Configure the connection to Active Directory
  • Configure the import rules
  • Configure the mapping rules

What is already available in the Shinken Installation

To make your life a bit easier, a few configuration tasks have already been done for you:

  1. Installation of the Active Directory import module
  2. Availability of configuration templates ready to be customized

 

Setup the import module

Every time you have to customize Shinken, you have to do it in the /etc/shinken-user folder.

Somes templates files are already available in this folder. You should keep them unmodified and create your source in copying them.

Creation of your own configuration files

To create your own import source, do the following :

cd /etc/shinken-user/source-data
cp -r source-data-active-directory-sample source-data-active-directory

 

Your import source configuration files are now ready to be modified according to your Active Directory Infrastructure.

Enable the activ-dir-import source

  • Edit the file /etc/shinken/sources/activ-dir-import.cfg
  • Set Enabled to 1

 

 

You can find the following parameters in the source file :

 

 Property Example Description
source_name active-dir Name of this source. Must be unique.
order 2 Order in the merge algorithm of this source data. Look in the Synchronizer page for more information about it.
import_interval 5 Launch this source every import_inverval minutes.
modulesactive-dir 
enabled0 
descriptionThis source is about loading hosts from active directories

Configure the Active Directory module

 


Connection configuration

 

Import rules configuration

 

Mapping rules configuration

 

 

 

 

To define a Active Directory source:

  1. Configure the module in the file /etc/shinken/modules/activ-dir-import.cfg
    to define the behaviour of the module
  2. Then configure the source in the file /etc/shinken/sources/activ-dir-import.cfg
    to enable the source and call the module configured in step 1.
  3. Then you must declare the Active Directory source in the file /etc/shinken/synchronizers/synchronizer-master.cfg.

 

During the Shinken Enterprise installation process, an Active Directory source called active-dir is defined but set to inactive.
It is mainly to provide Administrator with an example.

sources/activ-dir-import.cfg

 Property Example Description
source_name active-dir Name of this source. Must be unique.
order 2 Order in the merge algorithm of this source data. Look in the Synchronizer page for more information about it.
import_interval 5 Launch this source every import_inverval minutes.
modulesactive-dir 
enabled0 
descriptionThis source is about loading hosts from active directories 
 

modules/activ-dir-import.cfg

Update these parameters in the cfg file:

PropertyDefaultDescription
urlldap://YOURDCFQDN/URL of your Active Directory server.
base dc=YOUR,dc=DOMAIN,dc=comBase OU for your objects discovery.
hosts_baseOU=DataCenter Servers,dc=YOUR,dc=DOMAIN,dc=comBase OU for the hosts discovery.
contacts_basedc=YOUR,dc=DOMAIN,dc=comBase OU for the contacts discovery.
usernameSHINKEN@YOURDOMAIN.comUsername used to connect to the Ldap server.
passwordPASSWORDPassword used by the user to connect to the Ldap server.

This connection information will allow the source to connect to your Active Directory. It only needs a « read only » account.

Shinken Enterprise’s main purpose is monitoring servers, therefore we suggest you DON'T load all your Active Directory elements like computers. 

  

Filtering and tagging

This source also includes other parameters that will allow you to automatically “tag” your servers based on your active directory information:

  • hosts_tag: each loaded hosts will have at least this tag
  • contacts_tag: each loaded contacts will have at least this tag

Contacts to load can be easily filtered with the contacts_filters parameter.

Tagging hosts based on their OU (Organization Unit) is possible. This is done with the hosts_tag_* parameters.

For example, if you want to add the exchange tag to all the servers which are below

the OU=Email Collaboration Servers,OU=DataCenter Servers,DC=YOUR,dc=DOMAIN,dc=com OU,

you can set this parameter:

 

hosts_tag_exchange  OU=Email Collaboration Servers,OU=DataCenter Servers,DC=YOUR,dc=DOMAIN,dc=com


 

 

Setting up ldap object matching with the hosts_match_* parameters is also possible.

 

For example, if you want to add the enterprise tag to all the ldap object that match the string Enterprise in their operatingSystem property,

you only need to setup :

 

hosts_match_operatingSystem_enterprise        Enterprise


 

 This also works with groups.

 For example, if you want to add the domain-admins tag to the users that are in the CN=Domain Admins,CN=Users,DC=YOUR,dc=DOMAIN,dc=com OU,

setup :

 

 contacts_match_memberOf_domain-admins         CN=Domain Admins,CN=Users,DC=YOUR,dc=DOMAIN,dc=com


 

  

Custom fields and host templates setting

If presents into the Ldap objects, some fields are automatically set on your host objects:

Host dataLdap field
_OSoperatingSystem
_OS_SPoperatingSystemServicePack
_IPif the server can resolve the PTR dNSHostName entry
_FQDNif the server can resolve the dNSHostName entry

 

 

 

 

PropertyDefaultDescription
urlldap://YOURDCFQDN/URL of your Active Directory server.
base dc=YOUR,dc=DOMAIN,dc=comBase OU for your objects discovery.
hosts_baseOU=DataCenter Servers,dc=YOUR,dc=DOMAIN,dc=comBase OU for the hosts discovery.
contacts_basedc=YOUR,dc=DOMAIN,dc=comBase OU for the contacts discovery.
usernameSHINKEN@YOURDOMAIN.comUsername used to connect to the Ldap server.
passwordPASSWORDPassword used by the user to connect to the Ldap server.