Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow Zabbix users to be created with email address instead of SAM #5

Open
AlexSamad opened this issue Jan 5, 2022 · 2 comments
Open

Allow Zabbix users to be created with email address instead of SAM #5

AlexSamad opened this issue Jan 5, 2022 · 2 comments

Comments

@AlexSamad
Copy link

Would be nice to allow this to happen
@AlexSamad
Copy link
Author 

diff --git a/site/role/files/ybzabbix/server/zabbix-ldap-sync.sh b/site/role/files/ybzabbix/server/zabbix-ldap-sync.sh
index 18bcc3d2..e2366975 100644
--- a/site/role/files/ybzabbix/server/zabbix-ldap-sync.sh
+++ b/site/role/files/ybzabbix/server/zabbix-ldap-sync.sh
@@ -423,33 +423,33 @@ if [ LDAP_Ignore_SSL_Certificate = "false" ]; then
     # normal ldapsearch call
     if [ "$b_verbose" = "true" ]; then
         if [ "$b_showpasswords" = "true" ]; then
-            echo 'ldapsearch -x -o ldif-wrap=no -H '$LDAP_Source_URL' -D "'$LDAP_Bind_User_DN'" -w "'$LDAP_Bind_User_Password'" -b "'$LDAP_SearchBase'" "(&(objectClass=group)(cn="'$LDAP_Groupname_for_Sync'"))"'
+            echo 'ldapsearch -x -o ldif-wrap=no -H '$LDAP_Source_URL' -D "'$LDAP_Bind_User_DN'" -w "'$LDAP_Bind_User_Password'" -b "'$LDAP_SearchBase'" "(&(objectCategory=user)(memberOf:1.2.840.113556.1.4.1941:='$LDAP_Groupname_for_Sync'))"'
         else
-            echo 'ldapsearch -x -o ldif-wrap=no -H '$LDAP_Source_URL' -D "'$LDAP_Bind_User_DN'" -w "***********" -b "'$LDAP_SearchBase'" "(&(objectClass=group)(cn="'$LDAP_Groupname_for_Sync'"))"'
+            echo 'ldapsearch -x -o ldif-wrap=no -H '$LDAP_Source_URL' -D "'$LDAP_Bind_User_DN'" -w "***********" -b "'$LDAP_SearchBase'" "(&(objectCategory=user)(memberOf:1.2.840.113556.1.4.1941:='$LDAP_Groupname_for_Sync'))"'
         fi
     fi
     # yes, ldapsearch is called twice - first time without grep to catch the exitcode, 2. time to catch the content
-    tempvar=`ldapsearch -x -o ldif-wrap=no -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "$LDAP_SearchBase" "(&(objectClass=group)(cn=$LDAP_Groupname_for_Sync))" o member`
+    tempvar=`ldapsearch -x -o ldif-wrap=no -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "$LDAP_SearchBase" "(&(objectCategory=user)(memberOf:1.2.840.113556.1.4.1941:=$LDAP_Groupname_for_Sync))" -LLL dn`
     ldapsearch_exitcode="$?"
     if [ "$b_verbose" = "true" ]; then echo "ldapsearch_exitcode: $ldapsearch_exitcode"; fi
-    tempvar=`ldapsearch -x -o ldif-wrap=no -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "$LDAP_SearchBase" "(&(objectClass=group)(cn=$LDAP_Groupname_for_Sync))" o member | grep member:`
+    tempvar=`ldapsearch -x -o ldif-wrap=no -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "$LDAP_SearchBase" "(&(objectCategory=user)(memberOf:1.2.840.113556.1.4.1941:=$LDAP_Groupname_for_Sync))" -LLL dn | tr '[:upper:]' '[:lower:]' |grep dn:`
 else
     # ignore SSL ldapsearch
     if [ "$b_verbose" = "true" ]; then
         if [ "$b_showpasswords" = "true" ]; then
-            echo 'LDAPTLS_REQCERT=never ldapsearch -x -o ldif-wrap=no -H '$LDAP_Source_URL' -D "'$LDAP_Bind_User_DN'" -w "'$LDAP_Bind_User_Password'" -b "'$LDAP_SearchBase'" "(&(objectClass=group)(cn='$LDAP_Groupname_for_Sync'))" o member'
+            echo 'LDAPTLS_REQCERT=never ldapsearch -x -o ldif-wrap=no -H '$LDAP_Source_URL' -D "'$LDAP_Bind_User_DN'" -w "'$LDAP_Bind_User_Password'" -b "'$LDAP_SearchBase'" "(&(objectCategory=user)(memberOf:1.2.840.113556.1.4.1941:='$LDAP_Groupname_for_Sync'))" -LLL dn'
         else
-            echo 'LDAPTLS_REQCERT=never ldapsearch -x -o ldif-wrap=no -H '$LDAP_Source_URL' -D "'$LDAP_Bind_User_DN'" -w "***********" -b "'$LDAP_SearchBase'" "(&(objectClass=group)(cn='$LDAP_Groupname_for_Sync'))" o member'
+            echo 'LDAPTLS_REQCERT=never ldapsearch -x -o ldif-wrap=no -H '$LDAP_Source_URL' -D "'$LDAP_Bind_User_DN'" -w "***********" -b "'$LDAP_SearchBase'" "(&(objectCategory=user)(memberOf:1.2.840.113556.1.4.1941:='$LDAP_Groupname_for_Sync'))" -LLL dn'
         fi
     fi
     # yes, ldapsearch is called twice - first time without grep to catch the exitcode, 2. time to catch the content
-    tempvar=`LDAPTLS_REQCERT=never ldapsearch -x -o ldif-wrap=no -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "$LDAP_SearchBase" "(&(objectClass=group)(cn=$LDAP_Groupname_for_Sync))" o member`
+    tempvar=`LDAPTLS_REQCERT=never ldapsearch -x -o ldif-wrap=no -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "$LDAP_SearchBase" "(&(objectCategory=user)(memberOf:1.2.840.113556.1.4.1941:=$LDAP_Groupname_for_Sync))" -LLL dn`
     ldapsearch_exitcode="$?"
     if [ "$b_verbose" = "true" ]; then echo "ldapsearch_exitcode: $ldapsearch_exitcode"; fi
-    tempvar=`LDAPTLS_REQCERT=never ldapsearch -x -o ldif-wrap=no -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "$LDAP_SearchBase" "(&(objectClass=group)(cn=$LDAP_Groupname_for_Sync))" o member | grep member:`
+    tempvar=`LDAPTLS_REQCERT=never ldapsearch -x -o ldif-wrap=no -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "$LDAP_SearchBase" "(&(objectCategory=user)(memberOf:1.2.840.113556.1.4.1941:=$LDAP_Groupname_for_Sync))" -LLL dn | tr '[:upper:]' '[:
lower:]' | grep dn:`
 fi
 if [ "$b_verbose" = "true" ]; then
-    echo 'Result ldapsearch (with "grep member:" : '"$tempvar"
+    echo 'Result ldapsearch (with "grep dn:" : '"$tempvar"
     echo "Exitcode ldapsearch: $(Translate_ldapsearch_exitcode $ldapsearch_exitcode)"
 fi
 # only continue if ldapsearch was succesfull
@@ -458,7 +458,7 @@ if [ "$ldapsearch_exitcode" -eq 0 ];then
     LDAP_ARRAY_Members_DN=()
     for (( i=0; i < ${#LDAP_ARRAY_Members_RAW[*]}; i++ )); do
         # Search for the word "member:" in Array - the next value is the DN of a Member
-        if [ "${LDAP_ARRAY_Members_RAW[$i]:0:7}" = "member:" ]; then
+        if [ "${LDAP_ARRAY_Members_RAW[$i]:0:3}" = "dn:" ]; then
             i=$(($i + 1))
             LDAP_ARRAY_Members_DN+=("${LDAP_ARRAY_Members_RAW[$i]}") # add new Item to the end of the array
         else
@@ -534,7 +534,7 @@ if [ "${#LDAP_ARRAY_Members_DN[*]}" -gt 0 ]; then
                 echo "'s/$/|/' | sed 's/: /|/'"
             fi
             # sed replace all ": " and "new line" to "|"
-            tempvar=`ldapsearch -x -o ldif-wrap=no -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "${LDAP_ARRAY_Members_DN[$i]}" o sAMAccountName o sn o givenName o mail | grep "^sn: \|^givenName: \|^sAMAccountName: \|^mail:" | sed 's/$/|/' | sed
 's/: /|/'`
+            tempvar=`ldapsearch -x -o ldif-wrap=no -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "${LDAP_ARRAY_Members_DN[$i]}" o sAMAccountName o sn o givenName o mail | grep "^sn: \|^givenName: \|^sAMAccountName: \|^mail:" | sed 's/$/|/' | sed
 's/: /|/' | tr '[:upper:]' '[:lower:]'`
         else
             if [ "$b_verbose" = "true" ]; then
                 printf "LDAPTLS_REQCERT=never ldapsearch -x -o ldif-wrap=no -H "
@@ -554,7 +554,7 @@ if [ "${#LDAP_ARRAY_Members_DN[*]}" -gt 0 ]; then
                 echo "'s/$/|/' | sed 's/: /|/'"
             fi
             # sed replace all ": " and "new line" to "|"
-            tempvar=`LDAPTLS_REQCERT=never ldapsearch -x -o ldif-wrap=no -H "$LDAP_Source_URL" -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "${LDAP_ARRAY_Members_DN[$i]}" o sAMAccountName o sn o givenName o mail | grep "^sn: \|^givenName: \|^sAMAccountName: \|^mail:" | sed 's/$/|/' | sed 's/: /|/'`
+            tempvar=`LDAPTLS_REQCERT=never ldapsearch -x -o ldif-wrap=no -H "$LDAP_Source_URL" -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "${LDAP_ARRAY_Members_DN[$i]}" o sAMAccountName o sn o givenName o mail | grep "^sn: \|^givenName: \|^sAMAccountName: \|^mail:" | sed 's/$/|/' | sed 's/: /|/' | tr '[:upper:]' '[:lower:]'`
             if [ "$b_verbose" = "true" ]; then
                 echo $tempvar
             fi
@@ -800,7 +800,7 @@ if [ "$b_verbose" = "true" ]; then
     printf " $ZABBIX_API_URL"
 fi
 tempvar=`curl -k -s -X POST -H "Content-Type:application/json"  -d '{"jsonrpc": "2.0","method":"user.get","params":{"usrgrpids":"'$ZABBIX_LDAP_Group_UsrGrpId'","output":["alias","userid"]},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
-if [ "$b_verbose" = "true" ]; then echo $tempvar; fi
+if [ "$b_verbose" = "true" ]; then echo ; echo $tempvar; echo ;fi
 IFS='"' # " is set as delimiter
 ZABBIX_ARRAY_LDAP_GroupMember_RAW=($tempvar)
 IFS=' ' # space is set as delimiter
@@ -813,10 +813,12 @@ for (( i=0; i < ${#ZABBIX_ARRAY_LDAP_GroupMember_RAW[*]}; i++ )); do
         Print_Verbose_Text "Found UserId" "${ZABBIX_ARRAY_LDAP_GroupMember_RAW[$i]}"
         #printf "."
     fi
-    if [ "${ZABBIX_ARRAY_LDAP_GroupMember_RAW[$i]}" = "alias" ]; then
+    #if [ "${ZABBIX_ARRAY_LDAP_GroupMember_RAW[$i]}" = "alias" ]; then
+    if [ "${ZABBIX_ARRAY_LDAP_GroupMember_RAW[$i]}" = "username" ]; then
         i=$(($i + 2))
         ZABBIX_ARRAY_LDAP_GroupMember_alias+=("${ZABBIX_ARRAY_LDAP_GroupMember_RAW[$i]}")
-        Print_Verbose_Text "Found Alias" "${ZABBIX_ARRAY_LDAP_GroupMember_RAW[$i]}"
+        #Print_Verbose_Text "Found Alias" "${ZABBIX_ARRAY_LDAP_GroupMember_RAW[$i]}"
+        Print_Verbose_Text "Found Username" "${ZABBIX_ARRAY_LDAP_GroupMember_RAW[$i]}"
         #printf "."
     fi
 done
@@ -830,7 +832,8 @@ if [ "$b_verbose" = "true" ]; then
     printf "%-3s | %-20s | %-20s | %-20s | %-20s" "No." "Alias" "UserId" " " " "
     printf "\n"
     echo "----+----------------------+----------------------+----------------------+----------------------"
-    for (( i=0; i < ${#ZABBIX_ARRAY_LDAP_GroupMember_alias[*]}; i++ )); do
+    #for (( i=0; i < ${#ZABBIX_ARRAY_LDAP_GroupMember_alias[*]}; i++ )); do
+    for (( i=0; i < ${#ZABBIX_ARRAY_LDAP_GroupMember_userid[*]}; i++ )); do
         printf "%-3s | %-20s | %-20s | %-20s | %-20s" "$i" "${ZABBIX_ARRAY_LDAP_GroupMember_alias[$i]}" "${ZABBIX_ARRAY_LDAP_GroupMember_userid[$i]}" " " " "
         printf "\n"
     done
@@ -859,11 +862,15 @@ fi
 b_Must_Sync_Users="false"
 # Check 1:
 Print_Status_Text "Check 1: Number of Users LDAP"
-Print_Status_Done "${#LDAP_ARRAY_Members_sAMAccountName[*]}" $DEFAULT_FOREGROUND
+# I want users to use email address not sam account name to login
+#Print_Status_Done "${#LDAP_ARRAY_Members_sAMAccountName[*]}" $DEFAULT_FOREGROUND
+Print_Status_Done "${#LDAP_ARRAY_Members_Email[*]}" $DEFAULT_FOREGROUND
 Print_Status_Text "Check 1: Number of Users Zabbix"
 Print_Status_Done "${#ZABBIX_ARRAY_LDAP_GroupMember_alias[*]}" $DEFAULT_FOREGROUND
 Print_Status_Text "Check 1: Number of Users"
-if [ "${#LDAP_ARRAY_Members_sAMAccountName[*]}" -eq "${#ZABBIX_ARRAY_LDAP_GroupMember_alias[*]}" ]; then
+# I want users to use email address not sam account name to login
+#if [ "${#LDAP_ARRAY_Members_sAMAccountName[*]}" -eq "${#ZABBIX_ARRAY_LDAP_GroupMember_alias[*]}" ]; then
+if [ "${#LDAP_ARRAY_Members_Email[*]}" -eq "${#ZABBIX_ARRAY_LDAP_GroupMember_alias[*]}" ]; then
     Print_Status_Done "equal" $GREEN
 else
     Print_Status_Done "not equal" $RED
@@ -875,15 +882,22 @@ if [ "$b_Must_Sync_Users" = "false" ]; then
     # make Compare case insensitive, save original settings
     orig_nocasematch=$(shopt -p nocasematch)
     shopt -s nocasematch
-    Print_Status_Text "Check 2: Compare Active Directory sAMAccountName with Zabbix Alias"
+    #Print_Status_Text "Check 2: Compare Active Directory sAMAccountName with Zabbix Alias"
+    Print_Status_Text "Check 2: Compare Active Directory mail with Zabbix username"
     if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
     # Check every sAMAccountName and find a alias for it
-    for (( i=0; i < ${#LDAP_ARRAY_Members_sAMAccountName[*]}; i++ )); do
+    # I want users to use email address not sam account name to login
+    #for (( i=0; i < ${#LDAP_ARRAY_Members_sAMAccountName[*]}; i++ )); do
+    for (( i=0; i < ${#LDAP_ARRAY_Members_Email[*]}; i++ )); do
         b_alias_was_found="false"
         for (( k=0; k < ${#ZABBIX_ARRAY_LDAP_GroupMember_alias[*]}; k++ )); do
-            if [[ "${LDAP_ARRAY_Members_sAMAccountName[$i]}" == "${ZABBIX_ARRAY_LDAP_GroupMember_alias[$k]}" ]]; then
+            # I want users to use email address not sam account name to login
+            #if [[ "${LDAP_ARRAY_Members_sAMAccountName[$i]}" == "${ZABBIX_ARRAY_LDAP_GroupMember_alias[$k]}" ]]; then
+            if [[ "${LDAP_ARRAY_Members_Email[$i]}" == "${ZABBIX_ARRAY_LDAP_GroupMember_alias[$k]}" ]]; then
                 # printf "."
-                Print_Verbose_Text "${LDAP_ARRAY_Members_sAMAccountName[$i]}" "found"
+                # I want users to use email address not sam account name to login
+                #Print_Verbose_Text "${LDAP_ARRAY_Members_sAMAccountName[$i]}" "found"
+                Print_Verbose_Text "${LDAP_ARRAY_Members_Email[$i]}" "found"
                 b_alias_was_found="true"
                 # if user have found the loop can be finished
                 break
@@ -891,7 +905,9 @@ if [ "$b_Must_Sync_Users" = "false" ]; then
         done
         if [ "$b_alias_was_found" = "false" ]; then
             b_Must_Sync_Users="true"
-            Print_Verbose_Text "${LDAP_ARRAY_Members_sAMAccountName[$i]}" "not found"
+            # I want users to use email address not sam account name to login
+            #Print_Verbose_Text "${LDAP_ARRAY_Members_sAMAccountName[$i]}" "not found"
+            Print_Verbose_Text "${LDAP_ARRAY_Members_Email[$i]}" "not found"
             if [ "$b_verbose" = "true" ]; then Print_Status_Text "Check 2: Compare Active Directory sAMAccountName with Zabbix Alias"; fi
             Print_Status_Done "mismatch" $RED
             # one user was not found, we can exit the test, we must sync
@@ -948,7 +964,8 @@ if [ "$b_Must_Sync_Users" = "true" ]; then
             i=$(($i + 2))
             ZABBIX_ARRAY_AllUser_userid+=("${ZABBIX_ARRAY_AllUser_RAW[$i]}")
         fi
-        if [ "${ZABBIX_ARRAY_AllUser_RAW[$i]}" = "alias" ]; then
+        #if [ "${ZABBIX_ARRAY_AllUser_RAW[$i]}" = "alias" ]; then
+        if [ "${ZABBIX_ARRAY_AllUser_RAW[$i]}" = "username" ]; then
             i=$(($i + 2))
             ZABBIX_ARRAY_AllUser_alias+=("${ZABBIX_ARRAY_AllUser_RAW[$i]}")
         fi
@@ -986,12 +1003,18 @@ if [ "$b_Must_Sync_Users" = "true" ]; then
     orig_nocasematch=$(shopt -p nocasematch)
     shopt -s nocasematch
     i_CounterNewUsers=0
-    for (( i=0; i < ${#LDAP_ARRAY_Members_sAMAccountName[*]}; i++ )); do
+    # I want users to use email address not sam account name to login
+    #for (( i=0; i < ${#LDAP_ARRAY_Members_sAMAccountName[*]}; i++ )); do
+    for (( i=0; i < ${#LDAP_ARRAY_Members_Email[*]}; i++ )); do
         b_we_have_a_winner="false"
         for (( k=0; k < ${#ZABBIX_ARRAY_AllUser_alias[*]}; k++ )); do
-            if [[ "${LDAP_ARRAY_Members_sAMAccountName[$i]}" == "${ZABBIX_ARRAY_AllUser_alias[$k]}" ]]; then
+            # I want users to use email address not sam account name to login
+            #if [[ "${LDAP_ARRAY_Members_sAMAccountName[$i]}" == "${ZABBIX_ARRAY_AllUser_alias[$k]}" ]]; then
+            if [[ "${LDAP_ARRAY_Members_Email[$i]}" == "${ZABBIX_ARRAY_AllUser_alias[$k]}" ]]; then
                 LDAP_ARRAY_Members_UserId+=("${ZABBIX_ARRAY_AllUser_userid[$k]}")
-                Print_Verbose_Text "Found existing User: ${LDAP_ARRAY_Members_sAMAccountName[$i]}" "${ZABBIX_ARRAY_AllUser_alias[$k]}"
+                # I want users to use email address not sam account name to login
+                #Print_Verbose_Text "Found existing User: ${LDAP_ARRAY_Members_sAMAccountName[$i]}" "${ZABBIX_ARRAY_AllUser_alias[$k]}"
+                Print_Verbose_Text "Found existing User: ${LDAP_ARRAY_Members_Email[$i]}" "${ZABBIX_ARRAY_AllUser_alias[$k]}"
                 b_we_have_a_winner="true"
                 break
             fi
@@ -1001,7 +1024,9 @@ if [ "$b_Must_Sync_Users" = "true" ]; then
             # User was not found - but we need an array item to have all array index identical and matched to each other
             # also mark this User to have to be created
             LDAP_ARRAY_Members_UserId+=("create-user")
-            Print_Verbose_Text "No Zabbix user found: ${LDAP_ARRAY_Members_sAMAccountName[$i]}" "will be created"
+            # I want users to use email address not sam account name to login
+            #Print_Verbose_Text "No Zabbix user found: ${LDAP_ARRAY_Members_sAMAccountName[$i]}" "will be created"
+            Print_Verbose_Text "No Zabbix user found: ${LDAP_ARRAY_Members_Email[$i]}" "will be created"
             b_have_to_create_new_user="true"
             i_CounterNewUsers=$(($i_CounterNewUsers + 1))
         fi
@@ -1037,10 +1062,14 @@ if [ "$b_Must_Sync_Users" = "true" ]; then
         fi
         declare -a ZABBIX_ARRAY_New_User_RAW
         # Search for all User with UserId "create-user"
-        for (( i=0; i < ${#LDAP_ARRAY_Members_sAMAccountName[*]}; i++ )); do
+        # I want users to use email address not sam account name to login
+        #for (( i=0; i < ${#LDAP_ARRAY_Members_sAMAccountName[*]}; i++ )); do
+        for (( i=0; i < ${#LDAP_ARRAY_Members_Email[*]}; i++ )); do
             if [ "${LDAP_ARRAY_Members_UserId[$i]}" = "create-user" ]; then
                 # printf "Create new user ${LDAP_ARRAY_Members_sAMAccountName[$i]} ... "
-                tempSAM='"'"${LDAP_ARRAY_Members_sAMAccountName[$i]}"'"'
+                # I want users to use email address not sam account name to login
+                #tempSAM='"'"${LDAP_ARRAY_Members_sAMAccountName[$i]}"'"'
+                tempSAM='"'"${LDAP_ARRAY_Members_Email[$i]}"'"'
                 # Check the things we have
                 create_combination=""
                 if [ "${LDAP_ARRAY_Members_Surname[$i]}" != " - " ]; then
@@ -1161,7 +1190,9 @@ if [ "$b_Must_Sync_Users" = "true" ]; then
                         LDAP_ARRAY_Members_UserId[$i]="${ZABBIX_ARRAY_New_User_RAW[$k]}"
                     fi
                 done
-                Print_Verbose_Text "Created: ${LDAP_ARRAY_Members_sAMAccountName[$i]}" "LDAP_ARRAY_Members_UserId[$i]"
+                # I want users to use email address not sam account name to login
+                #Print_Verbose_Text "Created: ${LDAP_ARRAY_Members_sAMAccountName[$i]}" "LDAP_ARRAY_Members_UserId[$i]"
+                Print_Verbose_Text "Created: ${LDAP_ARRAY_Members_Email[$i]}" "LDAP_ARRAY_Members_UserId[$i]"
             fi
         done
         if [ "$b_verbose" = "true" ]; then Print_Status_Text "STEP 6: Create needed $i_CounterNewUsers new Zabbix-User"; fi
@@ -1193,7 +1224,9 @@ if [ "$b_Must_Sync_Users" = "true" ]; then
     fi
     tempvar=""
     list_of_userids=""
-    for (( i=0; i < ${#LDAP_ARRAY_Members_sAMAccountName[*]}; i++ )); do
+    # I want users to use email address not sam account name to login
+    #for (( i=0; i < ${#LDAP_ARRAY_Members_sAMAccountName[*]}; i++ )); do
+    for (( i=0; i < ${#LDAP_ARRAY_Members_Email[*]}; i++ )); do
         list_of_userids+='"'${LDAP_ARRAY_Members_UserId[$i]}'"'
         list_of_userids+=","
     done
@@ -1323,7 +1356,9 @@ if [ "$b_Must_Sync_Users" = "true" ]; then
     # If a user is a now a member of the deactivated user group we can now remove the user from the Zabbix-LDAP-Group
     tempvar=""
     list_of_userids=""
-    for (( i=0; i < ${#LDAP_ARRAY_Members_sAMAccountName[*]}; i++ )); do
+    # I want users to use email address not sam account name to login
+    #for (( i=0; i < ${#LDAP_ARRAY_Members_sAMAccountName[*]}; i++ )); do
+    for (( i=0; i < ${#LDAP_ARRAY_Members_Email[*]}; i++ )); do
         list_of_userids+='"'${LDAP_ARRAY_Members_UserId[$i]}'"'
         list_of_userids+=","
     done

this includes the other patch for groups in groups.
also it turns all username to lower case.

I think at some point zabbix changed alias to username - made that change as well

@BernhardLinz
Copy link
Owner

I have used the username instead of the email-address because a user always have an username, but not all users have an email-address.
If a email-adress exist, the address will be imported for notifications

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@AlexSamad @BernhardLinz