Page History

Overview

This document describes how you can import hosts and users from Active Directory.

There are some steps you’ll need to follow in order to be able to import hosts and users :

Enable the Active Directory source
Configure the Active Directory module
Configure the connection to Active Directory
Configure the import rules
Configure the mapping rules

What is already available in the Shinken Installation

To make your life a bit easier, a few configuration tasks have already been done for you:

Installation of the Active Directory import module
Availability of configuration templates ready to be customized

Panel

title	On this page

Table of Contents

Setup the import module

Every time you have to customize Shinken, you have to do it in the /etc/shinken-user folder.

Somes templates files are already available in this folder. You should keep them unmodified and create your source in copying them.

Creation of your own configuration files

To create your own import source, do the following :

Code Block

language	bash

cd /etc/shinken-user/source-data
cp -r source-data-active-directory-sample source-data-active-directory

Your import source configuration files are now ready to be modified according to your Active Directory Infrastructure.

Enable the activ-dir-import source

Edit the file /etc/shinken/sources/activ-dir-import.cfg
Set Enabled to 1

You can find the following parameters in the source file :

Property	Example	Description
source_name	active-dir	Name of this source. Must be unique.
order	2	Order in the merge algorithm of this source data. Look in the Synchronizer page for more information about it.
import_interval	5	Launch this source every import_inverval minutes.
modules	active-dir
enabled	0
description	This source is about loading hosts from active directories

Configure the Active Directory module

Connection configuration

Import rules configuration

Mapping rules

Configuration

configuration

To define a Active Directory source:

Configure the module in the file /etc/shinken/modules/activ-dir-import.cfg
to define the behaviour of the module
Then configure the source in the file /etc/shinken/sources/activ-dir-import.cfg
to enable the source and call the module configured in step 1.
Then you must declare the Active Directory source in the file /etc/shinken/synchronizers/synchronizer-master.cfg.

Panel

title	On this page

toc

Info

title	Note

During the Shinken Enterprise installation process, an Active Directory source called active-diris defined but set to inactive.
It is mainly to provide Administrator with an example.

***sources/activ-dir-import.cfg***

Property	Example	Description
source_name	active-dir	Name of this source. Must be unique.
order	2	Order in the merge algorithm of this source data. Look in the Synchronizer page for more information about it.
import_interval	5	Launch this source every import_inverval minutes.
modules	active-dir
enabled	0
description	This source is about loading hosts from active directories

***modules/activ-dir-import.cfg***

Update these parameters in the cfg file:

Property	Default	Description
url	ldap://YOURDCFQDN/	URL of your Active Directory server.
base	dc=YOUR,dc=DOMAIN,dc=com	Base OU for your objects discovery.
hosts_base	OU=DataCenter Servers,dc=YOUR,dc=DOMAIN,dc=com	Base OU for the hosts discovery.
contacts_base	dc=YOUR,dc=DOMAIN,dc=com	Base OU for the contacts discovery.
username	SHINKEN@YOURDOMAIN.com	Username used to connect to the Ldap server.
password	PASSWORD	Password used by the user to connect to the Ldap server.

This connection information will allow the source to connect to your Active Directory. It only needs a « read only » account.

Info

title	Note

Shinken Enterprise’s main purpose is monitoring servers, therefore we suggest you DON'T load all your Active Directory elements like computers.

Filtering and tagging

This source also includes other parameters that will allow you to automatically “tag” your servers based on your active directory information:

hosts_tag: each loaded hosts will have at least this tag
contacts_tag: each loaded contacts will have at least this tag

Contacts to load can be easily filtered with the contacts_filters parameter.

Tagging hosts based on their OU (Organization Unit) is possible. This is done with the hosts_tag_* parameters.

For example, if you want to add the exchange tag to all the servers which are below

the OU=Email Collaboration Servers,OU=DataCenter Servers,DC=YOUR,dc=DOMAIN,dc=com OU,

you can set this parameter:

Code Block
hosts_tag_exchange OU=Email Collaboration Servers,OU=DataCenter Servers,DC=YOUR,dc=DOMAIN,dc=com

Setting up ldap object matching with the hosts_match_* parameters is also possible.

For example, if you want to add the enterprise tag to all the ldap object that match the string Enterprise in their operatingSystem property,

you only need to setup :

Code Block
hosts_match_operatingSystem_enterprise Enterprise

This also works with groups.

For example, if you want to add the domain-admins tag to the users that are in the CN=Domain Admins,CN=Users,DC=YOUR,dc=DOMAIN,dc=com OU,

setup :

Code Block
contacts_match_memberOf_domain-admins CN=Domain Admins,CN=Users,DC=YOUR,dc=DOMAIN,dc=com

Custom fields and host templates setting

If presents into the Ldap objects, some fields are automatically set on your host objects:

Host data	Ldap field
_OS	operatingSystem
_OS_SP	operatingSystemServicePack
_IP	if the server can resolve the PTR dNSHostName entry
_FQDN	if the server can resolve the dNSHostName entry

Property	Default	Description
url	ldap://YOURDCFQDN/	URL of your Active Directory server.
base	dc=YOUR,dc=DOMAIN,dc=com	Base OU for your objects discovery.
hosts_base	OU=DataCenter Servers,dc=YOUR,dc=DOMAIN,dc=com	Base OU for the hosts discovery.
contacts_base	dc=YOUR,dc=DOMAIN,dc=com	Base OU for the contacts discovery.
username	SHINKEN@YOURDOMAIN.com	Username used to connect to the Ldap server.
password	PASSWORD	Password used by the user to connect to the Ldap server.

Page tree

Versions Compared

Old Version 24

New Version 25

Key