Setup the import module
Every time you have to customize Shinken, you have to do it in the /etc/shinken-user folder.
Somes templates files are already available in this folder. You should keep them unmodified and create your source in copying them.
Creation of your own configuration files
To create your own import source, do the following :
| Code Block | ||
|---|---|---|
| ||
cd /etc/shinken-user/source-data cp -r source-data-active-directory-sample source-data-active-directory |
| Tip | ||
|---|---|---|
| ||
We consider that the folder in which you will have the Active Directory source is : /etc/shinken-user/source-data/source-data-active-directory/_configuration |
Your import source configuration files are now ready to be modified according to your Active Directory Infrastructure.
Enable the activ-dir-import source
- Edit the file /etc/shinken/sources/activ-dir-import.cfg
- Set Enabled to 1
You can find the following parameters in the source file :
| Property | Example | Description |
|---|---|---|
| source_name | active-dir | Name of this source. Must be unique. |
| order | 2 | Order in the merge algorithm of this source data. Look in the Synchronizer page for more information about it. |
| import_interval | 5 | Launch this source every import_inverval minutes. |
| modules | active-dir | |
| enabled | 0 | |
| description | This source is about loading hosts from active directories |
Configure the Active Directory module
- Edit the file /etc/shinken/modules/activ-dir-import.cfg
- Uncomment and change the following parameters to point to the file located in /etc/shinken-user/source-data/source-data-active-directory
| Property | Value |
|---|---|
| connection_configuration_file | /etc/shinken-user/source-data/source-data-active-directory/_configuration/active-directory-connection.json |
| rules_configuration_file | /etc/shinken-user/source-data/source-data-active-directory/_configuration/active-directory-rules.json |
| mapping_configuration_file | /etc/shinken-user/source-data/source-data-active-directory/_configuration/active-directory-mapping.json |
Connection configuration
Import rules configuration
Mapping rules configuration
* Test the connection
* How to
- Import host with specific names
- Import user of multiple groups
- Import user with specific names
- Tag hosts and users to add more properties before import
To define a Active Directory source:
Configure the module inEdit the file /etc/shinken
/modules/activ-dir-import.cfgto define the behaviour of the module
to enable the source and call the module configured in step 1.
| title | Note |
|---|
-user/source-data/source-data-active-directory/_configuration/active-directory-connection.json
During the Shinken Enterprise installation process, an Active Directory source called active-diris defined but set to inactive.
It is mainly to provide Administrator with an example.
sources/activ-dir-import.cfg
| Property | Example | Description |
|---|---|---|
| source_name | active-dir | Name of this source. Must be unique. |
| order | 2 | Order in the merge algorithm of this source data. Look in the Synchronizer page for more information about it. |
| import_interval | 5 | Launch this source every import_inverval minutes. |
| modules | active-dir | |
| enabled | 0 | |
| description | This source is about loading hosts from active directories |
modules/activ-dir-import.cfg
Update these parameters in the cfg file:| Property | Default | Description | |
|---|---|---|---|
| url | ldap:// | YOURDCFQDNYOUR-DC-FQDN/ | URL of your Active Directory server. |
| base | dc=YOUR,dc=DOMAIN,dc=com | Base OU for your objects discovery. | |
| hosts_base | OU=DataCenter Servers,dc=YOUR,dc=DOMAIN,dc=com | Base OU for the hosts discovery. | |
| contacts_base | dc=YOUR,dc=DOMAIN,dc=com | Base OU for the contacts discovery. | |
| username | SHINKEN@YOURDOMAIN.com | Username used to connect to the Ldap server. | |
| password | PASSWORD | Password used by the user to connect to the Ldap server. |
Example
| Code Block | ||
|---|---|---|
| ||
{
"url": "ldap://vm-w2k8r2.shinkendom.local/",
"base": "dc=shinkendom,dc=local",
"hosts_base": "OU=serveurs,dc=shinkendom,dc=local",
"hostgroups_base": "OU=serveurs,dc=shinkendom,dc=local",
"contacts_base": " OU=utilisateurs,DC=shinkendom,DC=local",
"username": "administrateur@shinkendom.local",
"password": "P@ssword1"
}
|
| Tip | ||
|---|---|---|
| ||
The account used to request LDAP only need read-only access. You should create a user account with read-only access dedicated to the Active Directory import module. |
Import rules configuration
Edit the file /etc/shinken-user/source-data/source-data-active-directory/_configuration/active-directory-rules.json
| Property | Default | Description |
|---|---|---|
| hosts_tag | yourdomain | Shinken host template applied during the import |
| contacts_tag | generic-contact | Shinken contact template applied during the import |
| contacts_filters | CN=Domain Admins,CN=Users,DC=YOUR,dc=DOMAIN,dc=com | CN=OTHERGROUPS,OU=Groups,OU=Users Groups,DC=YOUR,dc=DOMAIN,dc=com | User group to import |
| hosts_tag_citrix | OU=Terminal Servers,OU=DataCenter Servers,DC=YOUR,dc=DOMAIN,dc=com | host tag citrix |
| hosts_tag_database | OU=Database Servers,OU=DataCenter Servers,DC=YOUR,dc=DOMAIN,dc=com | host tag database |
| hosts_tag_exchange | OU=Email Collaboration Servers,OU=DataCenter Servers,DC=YOUR,dc=DOMAIN,dc=com | host tag exchange |
| hosts_tag_fileprint | OU=Files Print Servers,OU=DataCenter Servers,DC=YOUR,dc=DOMAIN,dc=com | host tag fileprint |
| hosts_match_operatingSystem_windows | windows | host tag windows |
| hosts_match_operatingSystem_windows2008 | windows*.*2008(?!.*.(?:r2)) | host tag windows2008 |
| hosts_match_operatingSystem_windows2008r2 | windows*.*2008*.*r2 | host tag windows 2008r2 |
| hosts_match_operatingSystem_windows2003 | windows*.*2003 | host tag windows2003 |
| hosts_match_operatingSystem_windows2012 | windows*.*2012(?!.*.(?:r2)) | host tag windows2012 |
| hosts_match_operatingSystem_windows2012r2 | windows*.*2012*.*r2 | host tag windows2012r2 |
| hosts_match_operatingSystem_windows2000 | windows*.*2000 | host tag windows 2000 |
| hosts_match_operatingSystem_windowsxp | windows*.*xp | host tag windows xp |
| hosts_match_operatingSystem_enterprise | Enterprise | host tag Enterprise |
| hosts_match_operatingSystemServicePack_sp1 | Service Pack 1 | host tag Service Pack 1 |
| hosts_match_operatingSystemServicePack_sp2 | Service Pack 2 | host tag Service Pack 2 |
| hosts_match_operatingSystemServicePack_sp3 | Service Pack 3 | host tag Service Pack 3 |
| contacts_match_memberOf_domain-admins | CN=Domain Admins,CN=Users,DC=YOUR,dc=DOMAIN,dc=com | Contact tag domains-admins |
| Tip | ||
|---|---|---|
| ||
See below about the tag functionnality. |
This connection information will allow the source to connect to your Active Directory. It only needs a « read only » account.
| Info | ||
|---|---|---|
| ||
Shinken Enterprise’s main purpose is monitoring servers, therefore we suggest you DON'T load all your Active Directory elements like computers. |
Example :
| Code Block | ||
|---|---|---|
| ||
{
"hosts_tag": "shinkendomtag",
"contacts_tag": "generic-contact",
"contacts_filters": "CN=shinken_admins,OU=utilisateurs,DC=shinkendom,DC=local | CN=shinken_users,OU=utilisateurs,DC=shinkendom,DC=local",
"hosts_tag_citrix": "OU=citrix,OU=serveurs,dc=shinken,dc=local",
"hosts_tag_database": "OU=database,OU=serveurs,dc=shinken,dc=local",
"hosts_tag_exchange": "OU=exchange,OU=serveurs,dc=shinken,dc=local",
"hosts_tag_fileprint": "OU=fileprint,OU=serveurs,dc=shinken,dc=local",
"hosts_tag_windows": "OU=infra,OU=serveurs,dc=shinken,dc=local",
"hosts_match_operatingSystem_windows": "windows",
"hosts_match_operatingSystem_windows2008": "windows*.*2008(?!.*.(?:r2))",
"hosts_match_operatingSystem_windows2008r2": "windows*.*2008*.*r2",
"hosts_match_operatingSystem_windows2003": "windows*.*2003",
"hosts_match_operatingSystem_windows2012": "windows*.*2012(?!.*.(?:r2))",
"hosts_match_operatingSystem_windows2012r2": "windows*.*2012*.*r2",
"hosts_match_operatingSystem_windows2000": "windows*.*2000",
"hosts_match_operatingSystem_windowsxp": "windows*.*xp",
"hosts_match_operatingSystem_enterprise": "Enterprise",
"hosts_match_operatingSystemServicePack_sp1": "Service Pack 1",
"hosts_match_operatingSystemServicePack_sp2": "Service Pack 2",
"hosts_match_operatingSystemServicePack_sp3": "Service Pack 3",
"contacts_match_memberOf_domain-admins": "OU=shinken_admins,OU=utilisateurs,DC=shinkendom,DC=local"
}
|
Mapping rules configuration
This file allow you to do the mapping between Active Directory and Shinken properties.
Unless you know what you're doing here, you should keep this file unmodified.
You can find some customization in the How to section.
File /etc/shinken-user/source-data/source-data-active-directory/_configuration/active-directory-mapping.json
| Code Block |
|---|
# IMPORTANT: Do not edit this file.
# To have your own mapping, copy it under the /etc/shinken-users directory and edit your copy instead.
# Note: comments should be with a # starting the line, NOT after a value
{
# first hosts propertyes (computer object in Active Directory)
"host.name": "name",
"host.dNSHostName": "dNSHostName",
"host.operatingSystem": "operatingSystem",
"host.operatingSystemServicePack":"operatingSystemServicePack",
"host.distinguishedName": "distinguishedName",
"host.filter": "(objectClass=computer)",
# Now contact properties
"contact.name": "name",
"contact.telephoneNumber":"telephoneNumber",
"contact.mobile":"mobile",
# Co: for country
"contact.co":"co",
# l: for city
"contact.l":"l",
"contact;company":"company",
"contact.filter":"(&(objectCategory=person)(objectClass=user))",
# By default hostgroup are not requested. Setup a filter to enabled it
"hostgroup.filter":""
}
|
Import the objects
Go in the Administration website, if your configuration is ok you should have an ouput "OK: Import clean."
Now do a "Force import" in clicking on 
In the "Elements >" panel you will see new elements appearing (Hosts and Contacts).
The next step will be to import those new objects.
How to
Import host with specific names
Edit he file /etc/shinken-user/source-data/source-data-active-directory/_configuration/active-directory-mapping.json
| Code Block |
|---|
# IMPORTANT: Do not edit this file.
# To have your own mapping, copy it under the /etc/shinken-users directory and edit your copy instead.
# Note: comments should be with a # starting the line, NOT after a value
{
# first hosts propertyes (computer object in Active Directory)
"host.name": "name",
"host.dNSHostName": "dNSHostName",
"host.operatingSystem": "operatingSystem",
"host.operatingSystemServicePack":"operatingSystemServicePack",
"host.distinguishedName": "distinguishedName",
"host.filter": "(objectClass=computer)",
# Now contact properties
"contact.name": "name",
"contact.telephoneNumber":"telephoneNumber",
"contact.mobile":"mobile",
# Co: for country
"contact.co":"co",
# l: for city
"contact.l":"l",
"contact;company":"company",
"contact.filter":"(&(objectCategory=person)(objectClass=user))",
# By default hostgroup are not requested. Setup a filter to enabled it
"hostgroup.filter":""
}
|
Modify the host.filter
| Code Block |
|---|
"host.filter": "(&(objectClass=computer)(sAMAccountName=*SERVER_NAME*))",
|
Change SERVER_NAME by the server name you want to import.
Import users of multiple groups
Edit the file /etc/shinken-user/source-data/source-data-active-directory/_configuration/active-directory-rules.json
| Code Block |
|---|
"contacts_filters": "CN=shinken_admins,OU=utilisateurs,DC=shinkendom,DC=local | CN=shinken_users,OU=utilisateurs,DC=shinkendom,DC=local",
|
In contact_filters, add the LDAP path to the different user groups separated by a pipe.
Tag hosts and users to add more properties before import
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Custom fields and host templates setting | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
If presents into the Ldap objects, some fields are automatically set on your host objects: | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| /etc/shinken-user/source-data/source-data-active-directory/_configuration/active-directory-rules.json |