forked from zabbix-tooling/zabbix-ldap-sync
-
Notifications
You must be signed in to change notification settings - Fork 0
/
zabbix-ldap-sync
executable file
·112 lines (88 loc) · 3.88 KB
/
zabbix-ldap-sync
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
#!/usr/bin/env python3
#
# Copyright (c) 2017-now Marc Schöchlin <ms@256bit.org>
# Copyright (c) 2013-2014 Marin Atanasov Nikolov <dnaeon@gmail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer
# in this position and unchanged.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
# IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
"""
The zabbix-ldap-sync script is used for syncing LDAP users with Zabbix.
"""
import warnings
import traceback
import logging
import sys
import os
from docopt import docopt
rundir = os.path.realpath(os.path.dirname(sys.argv[0]))
sys.path.append(rundir + "/lib/")
from zabbixldapconf import ZabbixLDAPConf
from zabbixconn import ZabbixConn
from ldapconn import LDAPConn
def main():
usage = """
Usage: zabbix-ldap-sync [-lsrwdn] [--verbose] [--dryrun] -f <config>
zabbix-ldap-sync -v
zabbix-ldap-sync -h
Options:
-h, --help Display this usage info
-v, --version Display version and exit
-l, --lowercase Create AD user names as lowercase
-s, --skip-disabled Skip disabled AD users
-r, --recursive Resolves AD group members recursively (i.e. nested groups)
-w, --wildcard-search Search AD group with wildcard (e.g. R.*.Zabbix.*) - TESTED ONLY with Active Directory
-d, --delete-orphans Delete Zabbix users that don't exist in a LDAP group
-n, --no-check-certificate Don't check Zabbix server certificate
--verbose Print debug message from ZabbixAPI
--dryrun Just simulate zabbix interaction
-f <config>, --file <config> Configuration file to use
"""
args = docopt(usage, version="0.1.1")
# Use logger to log information
logger = logging.getLogger()
if args["--verbose"]:
logger.setLevel(logging.DEBUG)
else:
logger.setLevel(logging.INFO)
formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')
# Log to stdout
ch = logging.StreamHandler()
if args["--verbose"]:
ch.setLevel(logging.DEBUG)
ch.setFormatter(formatter)
logger.addHandler(ch) # Use logger to log information
config = ZabbixLDAPConf(args['--file'])
config.zbx_lowercase = args['--lowercase']
config.zbx_skipdisabled = args['--skip-disabled']
config.zbx_deleteorphans = args['--delete-orphans']
config.zbx_nocheckcertificate = args['--no-check-certificate']
config.ldap_recursive = args['--recursive']
config.ldap_wildcard_search = args['--wildcard-search']
config.verbose = args['--verbose']
config.dryrun = args['--dryrun']
ldap_conn = LDAPConn(config)
zabbix_conn = ZabbixConn(config, ldap_conn)
zabbix_conn.connect()
zabbix_conn.create_missing_groups()
zabbix_conn.sync_users()
if __name__ == '__main__':
main()