Open source in companies - Active Directory integration into check mk
-
Upload
torsten-maus -
Category
Technology
-
view
863 -
download
3
description
Transcript of Open source in companies - Active Directory integration into check mk
Open Source in companies
Integration of an Active Directory into check_mk
Purpose of the project• Integrating IT employees into the
mentoring solution
• Integration based on existing directory service (AD)
• Reduce the number of passwords and logins that need to be remembered
• The information must also be available in case the directory service fails
Quelle: CC by David el Nomo – http://www.fotopedia.com/items/flickr-3191470593
The environment• For all users the attribute field mail has to have a value
• An Active Directory Domain with the name foo.bar
• All users objects are located at ou=Users,dc=foo,dc=bar
• All IT employees are member of the group cn=edv-it,ou=Groups,dc=foo,dc=bar an
• An existing monitoring server based on check_mk (version 1.2.2 or newer)
• WATO is used to configure the Nagios or Icinga service
• The Contact group IT Abteilung contains all contacts to notify
Configuration for AD connection
• Enter in WATO the Global configuration section
• Open the sub-section User Management and choose LDAP (Active Directory, OpenLDAP) connector
• Adjust the LDAP Connection Settings as follows:LDAP Server directoryserver1.foo.barDirectory Type Active Directory
Bind dn cn=ldapsearch_user,ou=Users,dc=foo,dc=bar
Bind Passwort $YOUR_SECRET_PASSWORD$
Configuration for AD connection
• The LDAP User Settings contain the following values
• The LDAP Group Settings contain these values
User Base DN ou=Users,dc=foo,dc=bar
Search Filter (&(objectclass=user)(objectcategory=person)(memberOf=cn=edv-it,ou=Groups,dc=foo,dc=bar))
Group Base DN ou=Groups,dc=foo,dc=bar
Search Filter (objectclass=group)
Implementation
• Through the Default User Profile the default values for AD users are specified for example
• If all information are entered correctly, the AD users can be seen in WATO in the section Users & Contacts. For these users the connector type LDAP is set.
• Any changes to attributes or groups and roles are saved separately by check_mk
User Roles Normal monitoring user
Contact groups IT Abteilung
Summary of configuration items
Overview of the configured items in check_mk
Exemplary imported users into check_mk
Be aware….!
• Users are imported into check_mk.
• User attributes are checked for up-to-dateness.
• To add a new user, the section Users & Contacts in WATO need to be called
• If employees leave the companies, they must be manually removed
Quelle: CC by thethreesisters – http://www.flickr.com/photos/tripletsisters/7643953482/
Conclusion
• The integration into an existing Active Directory simplifies the administration significantly
• It avoids the double maintenance of contacts, passwords and users
• Even if the AD fails, the information of the users like mail address are stored. Thus a well-running of the system can be ensured
Quelle: CC-BY-SA Bundesarchiv – http://commons.wikimedia.org/wiki/File:Bundesarchiv_Bild_183-48084-0031,_Leipzig,_Turn-_und_Sporttreffen,_800m-Lauf,_Ziel.jpg