Open Source in companies

Integration of an Active Directory into check_mk

Purpose of the project• Integrating IT employees into the

mentoring solution

• Integration based on existing directory service (AD)

• Reduce the number of passwords and logins that need to be remembered

• The information must also be available in case the directory service fails

Quelle: CC by David el Nomo – http://www.fotopedia.com/items/flickr-3191470593

The environment• For all users the attribute field mail has to have a value

• An Active Directory Domain with the name foo.bar

• All users objects are located at ou=Users,dc=foo,dc=bar

• All IT employees are member of the group cn=edv-it,ou=Groups,dc=foo,dc=bar an

• An existing monitoring server based on check_mk (version 1.2.2 or newer)

• WATO is used to configure the Nagios or Icinga service

• The Contact group IT Abteilung contains all contacts to notify

Configuration for AD connection

• Enter in WATO the Global configuration section

• Open the sub-section User Management and choose LDAP (Active Directory, OpenLDAP) connector

• Adjust the LDAP Connection Settings as follows:LDAP Server directoryserver1.foo.barDirectory Type Active Directory

Bind dn cn=ldapsearch_user,ou=Users,dc=foo,dc=bar

Bind Passwort $YOUR_SECRET_PASSWORD$

Configuration for AD connection

• The LDAP User Settings contain the following values

• The LDAP Group Settings contain these values

User Base DN ou=Users,dc=foo,dc=bar

Search Filter (&(objectclass=user)(objectcategory=person)(memberOf=cn=edv-it,ou=Groups,dc=foo,dc=bar))

Group Base DN ou=Groups,dc=foo,dc=bar

Search Filter (objectclass=group)

Implementation

• Through the Default User Profile the default values for AD users are specified for example

• If all information are entered correctly, the AD users can be seen in WATO in the section Users & Contacts. For these users the connector type LDAP is set.

• Any changes to attributes or groups and roles are saved separately by check_mk

User Roles Normal monitoring user

Contact groups IT Abteilung

Summary of configuration items

Overview of the configured items in check_mk

Exemplary imported users into check_mk

Be aware….!

• Users are imported into check_mk.

• User attributes are checked for up-to-dateness.

• To add a new user, the section Users & Contacts in WATO need to be called

• If employees leave the companies, they must be manually removed

Quelle: CC by thethreesisters – http://www.flickr.com/photos/tripletsisters/7643953482/

Conclusion

• The integration into an existing Active Directory simplifies the administration significantly

• It avoids the double maintenance of contacts, passwords and users

• Even if the AD fails, the information of the users like mail address are stored. Thus a well-running of the system can be ensured

Quelle: CC-BY-SA Bundesarchiv – http://commons.wikimedia.org/wiki/File:Bundesarchiv_Bild_183-48084-0031,_Leipzig,_Turn-_und_Sporttreffen,_800m-Lauf,_Ziel.jpg