BernhardLinz / zabbix-ldap-sync-bash

Sync Zabbix User with Active Directory Group via LDAP with a pure Bash script
11 stars 11 forks source link

Allow Zabbix users to be created with email address instead of SAM #5

Open AlexSamad opened 2 years ago

AlexSamad commented 2 years ago

Would be nice to allow this to happen

AlexSamad commented 2 years ago
diff --git a/site/role/files/ybzabbix/server/zabbix-ldap-sync.sh b/site/role/files/ybzabbix/server/zabbix-ldap-sync.sh
index 18bcc3d2..e2366975 100644
--- a/site/role/files/ybzabbix/server/zabbix-ldap-sync.sh
+++ b/site/role/files/ybzabbix/server/zabbix-ldap-sync.sh
@@ -423,33 +423,33 @@ if [ LDAP_Ignore_SSL_Certificate = "false" ]; then
     # normal ldapsearch call
     if [ "$b_verbose" = "true" ]; then
         if [ "$b_showpasswords" = "true" ]; then
-            echo 'ldapsearch -x -o ldif-wrap=no -H '$LDAP_Source_URL' -D "'$LDAP_Bind_User_DN'" -w "'$LDAP_Bind_User_Password'" -b "'$LDAP_SearchBase'" "(&(objectClass=group)(cn="'$LDAP_Groupname_for_Sync'"))"'
+            echo 'ldapsearch -x -o ldif-wrap=no -H '$LDAP_Source_URL' -D "'$LDAP_Bind_User_DN'" -w "'$LDAP_Bind_User_Password'" -b "'$LDAP_SearchBase'" "(&(objectCategory=user)(memberOf:1.2.840.113556.1.4.1941:='$LDAP_Groupname_for_Sync'))"'
         else
-            echo 'ldapsearch -x -o ldif-wrap=no -H '$LDAP_Source_URL' -D "'$LDAP_Bind_User_DN'" -w "***********" -b "'$LDAP_SearchBase'" "(&(objectClass=group)(cn="'$LDAP_Groupname_for_Sync'"))"'
+            echo 'ldapsearch -x -o ldif-wrap=no -H '$LDAP_Source_URL' -D "'$LDAP_Bind_User_DN'" -w "***********" -b "'$LDAP_SearchBase'" "(&(objectCategory=user)(memberOf:1.2.840.113556.1.4.1941:='$LDAP_Groupname_for_Sync'))"'
         fi
     fi
     # yes, ldapsearch is called twice - first time without grep to catch the exitcode, 2. time to catch the content
-    tempvar=`ldapsearch -x -o ldif-wrap=no -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "$LDAP_SearchBase" "(&(objectClass=group)(cn=$LDAP_Groupname_for_Sync))" o member`
+    tempvar=`ldapsearch -x -o ldif-wrap=no -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "$LDAP_SearchBase" "(&(objectCategory=user)(memberOf:1.2.840.113556.1.4.1941:=$LDAP_Groupname_for_Sync))" -LLL dn`
     ldapsearch_exitcode="$?"
     if [ "$b_verbose" = "true" ]; then echo "ldapsearch_exitcode: $ldapsearch_exitcode"; fi
-    tempvar=`ldapsearch -x -o ldif-wrap=no -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "$LDAP_SearchBase" "(&(objectClass=group)(cn=$LDAP_Groupname_for_Sync))" o member | grep member:`
+    tempvar=`ldapsearch -x -o ldif-wrap=no -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "$LDAP_SearchBase" "(&(objectCategory=user)(memberOf:1.2.840.113556.1.4.1941:=$LDAP_Groupname_for_Sync))" -LLL dn | tr '[:upper:]' '[:lower:]' |grep dn:`
 else
     # ignore SSL ldapsearch
     if [ "$b_verbose" = "true" ]; then
         if [ "$b_showpasswords" = "true" ]; then
-            echo 'LDAPTLS_REQCERT=never ldapsearch -x -o ldif-wrap=no -H '$LDAP_Source_URL' -D "'$LDAP_Bind_User_DN'" -w "'$LDAP_Bind_User_Password'" -b "'$LDAP_SearchBase'" "(&(objectClass=group)(cn='$LDAP_Groupname_for_Sync'))" o member'
+            echo 'LDAPTLS_REQCERT=never ldapsearch -x -o ldif-wrap=no -H '$LDAP_Source_URL' -D "'$LDAP_Bind_User_DN'" -w "'$LDAP_Bind_User_Password'" -b "'$LDAP_SearchBase'" "(&(objectCategory=user)(memberOf:1.2.840.113556.1.4.1941:='$LDAP_Groupname_for_Sync'))" -LLL dn'
         else
-            echo 'LDAPTLS_REQCERT=never ldapsearch -x -o ldif-wrap=no -H '$LDAP_Source_URL' -D "'$LDAP_Bind_User_DN'" -w "***********" -b "'$LDAP_SearchBase'" "(&(objectClass=group)(cn='$LDAP_Groupname_for_Sync'))" o member'
+            echo 'LDAPTLS_REQCERT=never ldapsearch -x -o ldif-wrap=no -H '$LDAP_Source_URL' -D "'$LDAP_Bind_User_DN'" -w "***********" -b "'$LDAP_SearchBase'" "(&(objectCategory=user)(memberOf:1.2.840.113556.1.4.1941:='$LDAP_Groupname_for_Sync'))" -LLL dn'
         fi
     fi
     # yes, ldapsearch is called twice - first time without grep to catch the exitcode, 2. time to catch the content
-    tempvar=`LDAPTLS_REQCERT=never ldapsearch -x -o ldif-wrap=no -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "$LDAP_SearchBase" "(&(objectClass=group)(cn=$LDAP_Groupname_for_Sync))" o member`
+    tempvar=`LDAPTLS_REQCERT=never ldapsearch -x -o ldif-wrap=no -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "$LDAP_SearchBase" "(&(objectCategory=user)(memberOf:1.2.840.113556.1.4.1941:=$LDAP_Groupname_for_Sync))" -LLL dn`
     ldapsearch_exitcode="$?"
     if [ "$b_verbose" = "true" ]; then echo "ldapsearch_exitcode: $ldapsearch_exitcode"; fi
-    tempvar=`LDAPTLS_REQCERT=never ldapsearch -x -o ldif-wrap=no -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "$LDAP_SearchBase" "(&(objectClass=group)(cn=$LDAP_Groupname_for_Sync))" o member | grep member:`
+    tempvar=`LDAPTLS_REQCERT=never ldapsearch -x -o ldif-wrap=no -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "$LDAP_SearchBase" "(&(objectCategory=user)(memberOf:1.2.840.113556.1.4.1941:=$LDAP_Groupname_for_Sync))" -LLL dn | tr '[:upper:]' '[:
lower:]' | grep dn:`
 fi
 if [ "$b_verbose" = "true" ]; then
-    echo 'Result ldapsearch (with "grep member:" : '"$tempvar"
+    echo 'Result ldapsearch (with "grep dn:" : '"$tempvar"
     echo "Exitcode ldapsearch: $(Translate_ldapsearch_exitcode $ldapsearch_exitcode)"
 fi
 # only continue if ldapsearch was succesfull
@@ -458,7 +458,7 @@ if [ "$ldapsearch_exitcode" -eq 0 ];then
     LDAP_ARRAY_Members_DN=()
     for (( i=0; i < ${#LDAP_ARRAY_Members_RAW[*]}; i++ )); do
         # Search for the word "member:" in Array - the next value is the DN of a Member
-        if [ "${LDAP_ARRAY_Members_RAW[$i]:0:7}" = "member:" ]; then
+        if [ "${LDAP_ARRAY_Members_RAW[$i]:0:3}" = "dn:" ]; then
             i=$(($i + 1))
             LDAP_ARRAY_Members_DN+=("${LDAP_ARRAY_Members_RAW[$i]}") # add new Item to the end of the array
         else
@@ -534,7 +534,7 @@ if [ "${#LDAP_ARRAY_Members_DN[*]}" -gt 0 ]; then
                 echo "'s/$/|/' | sed 's/: /|/'"
             fi
             # sed replace all ": " and "new line" to "|"
-            tempvar=`ldapsearch -x -o ldif-wrap=no -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "${LDAP_ARRAY_Members_DN[$i]}" o sAMAccountName o sn o givenName o mail | grep "^sn: \|^givenName: \|^sAMAccountName: \|^mail:" | sed 's/$/|/' | sed
 's/: /|/'`
+            tempvar=`ldapsearch -x -o ldif-wrap=no -H $LDAP_Source_URL -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "${LDAP_ARRAY_Members_DN[$i]}" o sAMAccountName o sn o givenName o mail | grep "^sn: \|^givenName: \|^sAMAccountName: \|^mail:" | sed 's/$/|/' | sed
 's/: /|/' | tr '[:upper:]' '[:lower:]'`
         else
             if [ "$b_verbose" = "true" ]; then
                 printf "LDAPTLS_REQCERT=never ldapsearch -x -o ldif-wrap=no -H "
@@ -554,7 +554,7 @@ if [ "${#LDAP_ARRAY_Members_DN[*]}" -gt 0 ]; then
                 echo "'s/$/|/' | sed 's/: /|/'"
             fi
             # sed replace all ": " and "new line" to "|"
-            tempvar=`LDAPTLS_REQCERT=never ldapsearch -x -o ldif-wrap=no -H "$LDAP_Source_URL" -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "${LDAP_ARRAY_Members_DN[$i]}" o sAMAccountName o sn o givenName o mail | grep "^sn: \|^givenName: \|^sAMAccountName: \|^mail:" | sed 's/$/|/' | sed 's/: /|/'`
+            tempvar=`LDAPTLS_REQCERT=never ldapsearch -x -o ldif-wrap=no -H "$LDAP_Source_URL" -D "$LDAP_Bind_User_DN" -w "$LDAP_Bind_User_Password" -b "${LDAP_ARRAY_Members_DN[$i]}" o sAMAccountName o sn o givenName o mail | grep "^sn: \|^givenName: \|^sAMAccountName: \|^mail:" | sed 's/$/|/' | sed 's/: /|/' | tr '[:upper:]' '[:lower:]'`
             if [ "$b_verbose" = "true" ]; then
                 echo $tempvar
             fi
@@ -800,7 +800,7 @@ if [ "$b_verbose" = "true" ]; then
     printf " $ZABBIX_API_URL"
 fi
 tempvar=`curl -k -s -X POST -H "Content-Type:application/json"  -d '{"jsonrpc": "2.0","method":"user.get","params":{"usrgrpids":"'$ZABBIX_LDAP_Group_UsrGrpId'","output":["alias","userid"]},"id":42,"auth":"'$ZABBIX_authentication_token'"}' $ZABBIX_API_URL`
-if [ "$b_verbose" = "true" ]; then echo $tempvar; fi
+if [ "$b_verbose" = "true" ]; then echo ; echo $tempvar; echo ;fi
 IFS='"' # " is set as delimiter
 ZABBIX_ARRAY_LDAP_GroupMember_RAW=($tempvar)
 IFS=' ' # space is set as delimiter
@@ -813,10 +813,12 @@ for (( i=0; i < ${#ZABBIX_ARRAY_LDAP_GroupMember_RAW[*]}; i++ )); do
         Print_Verbose_Text "Found UserId" "${ZABBIX_ARRAY_LDAP_GroupMember_RAW[$i]}"
         #printf "."
     fi
-    if [ "${ZABBIX_ARRAY_LDAP_GroupMember_RAW[$i]}" = "alias" ]; then
+    #if [ "${ZABBIX_ARRAY_LDAP_GroupMember_RAW[$i]}" = "alias" ]; then
+    if [ "${ZABBIX_ARRAY_LDAP_GroupMember_RAW[$i]}" = "username" ]; then
         i=$(($i + 2))
         ZABBIX_ARRAY_LDAP_GroupMember_alias+=("${ZABBIX_ARRAY_LDAP_GroupMember_RAW[$i]}")
-        Print_Verbose_Text "Found Alias" "${ZABBIX_ARRAY_LDAP_GroupMember_RAW[$i]}"
+        #Print_Verbose_Text "Found Alias" "${ZABBIX_ARRAY_LDAP_GroupMember_RAW[$i]}"
+        Print_Verbose_Text "Found Username" "${ZABBIX_ARRAY_LDAP_GroupMember_RAW[$i]}"
         #printf "."
     fi
 done
@@ -830,7 +832,8 @@ if [ "$b_verbose" = "true" ]; then
     printf "%-3s | %-20s | %-20s | %-20s | %-20s" "No." "Alias" "UserId" " " " "
     printf "\n"
     echo "----+----------------------+----------------------+----------------------+----------------------"
-    for (( i=0; i < ${#ZABBIX_ARRAY_LDAP_GroupMember_alias[*]}; i++ )); do
+    #for (( i=0; i < ${#ZABBIX_ARRAY_LDAP_GroupMember_alias[*]}; i++ )); do
+    for (( i=0; i < ${#ZABBIX_ARRAY_LDAP_GroupMember_userid[*]}; i++ )); do
         printf "%-3s | %-20s | %-20s | %-20s | %-20s" "$i" "${ZABBIX_ARRAY_LDAP_GroupMember_alias[$i]}" "${ZABBIX_ARRAY_LDAP_GroupMember_userid[$i]}" " " " "
         printf "\n"
     done
@@ -859,11 +862,15 @@ fi
 b_Must_Sync_Users="false"
 # Check 1:
 Print_Status_Text "Check 1: Number of Users LDAP"
-Print_Status_Done "${#LDAP_ARRAY_Members_sAMAccountName[*]}" $DEFAULT_FOREGROUND
+# I want users to use email address not sam account name to login
+#Print_Status_Done "${#LDAP_ARRAY_Members_sAMAccountName[*]}" $DEFAULT_FOREGROUND
+Print_Status_Done "${#LDAP_ARRAY_Members_Email[*]}" $DEFAULT_FOREGROUND
 Print_Status_Text "Check 1: Number of Users Zabbix"
 Print_Status_Done "${#ZABBIX_ARRAY_LDAP_GroupMember_alias[*]}" $DEFAULT_FOREGROUND
 Print_Status_Text "Check 1: Number of Users"
-if [ "${#LDAP_ARRAY_Members_sAMAccountName[*]}" -eq "${#ZABBIX_ARRAY_LDAP_GroupMember_alias[*]}" ]; then
+# I want users to use email address not sam account name to login
+#if [ "${#LDAP_ARRAY_Members_sAMAccountName[*]}" -eq "${#ZABBIX_ARRAY_LDAP_GroupMember_alias[*]}" ]; then
+if [ "${#LDAP_ARRAY_Members_Email[*]}" -eq "${#ZABBIX_ARRAY_LDAP_GroupMember_alias[*]}" ]; then
     Print_Status_Done "equal" $GREEN
 else
     Print_Status_Done "not equal" $RED
@@ -875,15 +882,22 @@ if [ "$b_Must_Sync_Users" = "false" ]; then
     # make Compare case insensitive, save original settings
     orig_nocasematch=$(shopt -p nocasematch)
     shopt -s nocasematch
-    Print_Status_Text "Check 2: Compare Active Directory sAMAccountName with Zabbix Alias"
+    #Print_Status_Text "Check 2: Compare Active Directory sAMAccountName with Zabbix Alias"
+    Print_Status_Text "Check 2: Compare Active Directory mail with Zabbix username"
     if [ "$b_verbose" = "true" ]; then Print_Status_Done "checking" $LIGHTCYAN; fi
     # Check every sAMAccountName and find a alias for it
-    for (( i=0; i < ${#LDAP_ARRAY_Members_sAMAccountName[*]}; i++ )); do
+    # I want users to use email address not sam account name to login
+    #for (( i=0; i < ${#LDAP_ARRAY_Members_sAMAccountName[*]}; i++ )); do
+    for (( i=0; i < ${#LDAP_ARRAY_Members_Email[*]}; i++ )); do
         b_alias_was_found="false"
         for (( k=0; k < ${#ZABBIX_ARRAY_LDAP_GroupMember_alias[*]}; k++ )); do
-            if [[ "${LDAP_ARRAY_Members_sAMAccountName[$i]}" == "${ZABBIX_ARRAY_LDAP_GroupMember_alias[$k]}" ]]; then
+            # I want users to use email address not sam account name to login
+            #if [[ "${LDAP_ARRAY_Members_sAMAccountName[$i]}" == "${ZABBIX_ARRAY_LDAP_GroupMember_alias[$k]}" ]]; then
+            if [[ "${LDAP_ARRAY_Members_Email[$i]}" == "${ZABBIX_ARRAY_LDAP_GroupMember_alias[$k]}" ]]; then
                 # printf "."
-                Print_Verbose_Text "${LDAP_ARRAY_Members_sAMAccountName[$i]}" "found"
+                # I want users to use email address not sam account name to login
+                #Print_Verbose_Text "${LDAP_ARRAY_Members_sAMAccountName[$i]}" "found"
+                Print_Verbose_Text "${LDAP_ARRAY_Members_Email[$i]}" "found"
                 b_alias_was_found="true"
                 # if user have found the loop can be finished
                 break
@@ -891,7 +905,9 @@ if [ "$b_Must_Sync_Users" = "false" ]; then
         done
         if [ "$b_alias_was_found" = "false" ]; then
             b_Must_Sync_Users="true"
-            Print_Verbose_Text "${LDAP_ARRAY_Members_sAMAccountName[$i]}" "not found"
+            # I want users to use email address not sam account name to login
+            #Print_Verbose_Text "${LDAP_ARRAY_Members_sAMAccountName[$i]}" "not found"
+            Print_Verbose_Text "${LDAP_ARRAY_Members_Email[$i]}" "not found"
             if [ "$b_verbose" = "true" ]; then Print_Status_Text "Check 2: Compare Active Directory sAMAccountName with Zabbix Alias"; fi
             Print_Status_Done "mismatch" $RED
             # one user was not found, we can exit the test, we must sync
@@ -948,7 +964,8 @@ if [ "$b_Must_Sync_Users" = "true" ]; then
             i=$(($i + 2))
             ZABBIX_ARRAY_AllUser_userid+=("${ZABBIX_ARRAY_AllUser_RAW[$i]}")
         fi
-        if [ "${ZABBIX_ARRAY_AllUser_RAW[$i]}" = "alias" ]; then
+        #if [ "${ZABBIX_ARRAY_AllUser_RAW[$i]}" = "alias" ]; then
+        if [ "${ZABBIX_ARRAY_AllUser_RAW[$i]}" = "username" ]; then
             i=$(($i + 2))
             ZABBIX_ARRAY_AllUser_alias+=("${ZABBIX_ARRAY_AllUser_RAW[$i]}")
         fi
@@ -986,12 +1003,18 @@ if [ "$b_Must_Sync_Users" = "true" ]; then
     orig_nocasematch=$(shopt -p nocasematch)
     shopt -s nocasematch
     i_CounterNewUsers=0
-    for (( i=0; i < ${#LDAP_ARRAY_Members_sAMAccountName[*]}; i++ )); do
+    # I want users to use email address not sam account name to login
+    #for (( i=0; i < ${#LDAP_ARRAY_Members_sAMAccountName[*]}; i++ )); do
+    for (( i=0; i < ${#LDAP_ARRAY_Members_Email[*]}; i++ )); do
         b_we_have_a_winner="false"
         for (( k=0; k < ${#ZABBIX_ARRAY_AllUser_alias[*]}; k++ )); do
-            if [[ "${LDAP_ARRAY_Members_sAMAccountName[$i]}" == "${ZABBIX_ARRAY_AllUser_alias[$k]}" ]]; then
+            # I want users to use email address not sam account name to login
+            #if [[ "${LDAP_ARRAY_Members_sAMAccountName[$i]}" == "${ZABBIX_ARRAY_AllUser_alias[$k]}" ]]; then
+            if [[ "${LDAP_ARRAY_Members_Email[$i]}" == "${ZABBIX_ARRAY_AllUser_alias[$k]}" ]]; then
                 LDAP_ARRAY_Members_UserId+=("${ZABBIX_ARRAY_AllUser_userid[$k]}")
-                Print_Verbose_Text "Found existing User: ${LDAP_ARRAY_Members_sAMAccountName[$i]}" "${ZABBIX_ARRAY_AllUser_alias[$k]}"
+                # I want users to use email address not sam account name to login
+                #Print_Verbose_Text "Found existing User: ${LDAP_ARRAY_Members_sAMAccountName[$i]}" "${ZABBIX_ARRAY_AllUser_alias[$k]}"
+                Print_Verbose_Text "Found existing User: ${LDAP_ARRAY_Members_Email[$i]}" "${ZABBIX_ARRAY_AllUser_alias[$k]}"
                 b_we_have_a_winner="true"
                 break
             fi
@@ -1001,7 +1024,9 @@ if [ "$b_Must_Sync_Users" = "true" ]; then
             # User was not found - but we need an array item to have all array index identical and matched to each other
             # also mark this User to have to be created
             LDAP_ARRAY_Members_UserId+=("create-user")
-            Print_Verbose_Text "No Zabbix user found: ${LDAP_ARRAY_Members_sAMAccountName[$i]}" "will be created"
+            # I want users to use email address not sam account name to login
+            #Print_Verbose_Text "No Zabbix user found: ${LDAP_ARRAY_Members_sAMAccountName[$i]}" "will be created"
+            Print_Verbose_Text "No Zabbix user found: ${LDAP_ARRAY_Members_Email[$i]}" "will be created"
             b_have_to_create_new_user="true"
             i_CounterNewUsers=$(($i_CounterNewUsers + 1))
         fi
@@ -1037,10 +1062,14 @@ if [ "$b_Must_Sync_Users" = "true" ]; then
         fi
         declare -a ZABBIX_ARRAY_New_User_RAW
         # Search for all User with UserId "create-user"
-        for (( i=0; i < ${#LDAP_ARRAY_Members_sAMAccountName[*]}; i++ )); do
+        # I want users to use email address not sam account name to login
+        #for (( i=0; i < ${#LDAP_ARRAY_Members_sAMAccountName[*]}; i++ )); do
+        for (( i=0; i < ${#LDAP_ARRAY_Members_Email[*]}; i++ )); do
             if [ "${LDAP_ARRAY_Members_UserId[$i]}" = "create-user" ]; then
                 # printf "Create new user ${LDAP_ARRAY_Members_sAMAccountName[$i]} ... "
-                tempSAM='"'"${LDAP_ARRAY_Members_sAMAccountName[$i]}"'"'
+                # I want users to use email address not sam account name to login
+                #tempSAM='"'"${LDAP_ARRAY_Members_sAMAccountName[$i]}"'"'
+                tempSAM='"'"${LDAP_ARRAY_Members_Email[$i]}"'"'
                 # Check the things we have
                 create_combination=""
                 if [ "${LDAP_ARRAY_Members_Surname[$i]}" != " - " ]; then
@@ -1161,7 +1190,9 @@ if [ "$b_Must_Sync_Users" = "true" ]; then
                         LDAP_ARRAY_Members_UserId[$i]="${ZABBIX_ARRAY_New_User_RAW[$k]}"
                     fi
                 done
-                Print_Verbose_Text "Created: ${LDAP_ARRAY_Members_sAMAccountName[$i]}" "LDAP_ARRAY_Members_UserId[$i]"
+                # I want users to use email address not sam account name to login
+                #Print_Verbose_Text "Created: ${LDAP_ARRAY_Members_sAMAccountName[$i]}" "LDAP_ARRAY_Members_UserId[$i]"
+                Print_Verbose_Text "Created: ${LDAP_ARRAY_Members_Email[$i]}" "LDAP_ARRAY_Members_UserId[$i]"
             fi
         done
         if [ "$b_verbose" = "true" ]; then Print_Status_Text "STEP 6: Create needed $i_CounterNewUsers new Zabbix-User"; fi
@@ -1193,7 +1224,9 @@ if [ "$b_Must_Sync_Users" = "true" ]; then
     fi
     tempvar=""
     list_of_userids=""
-    for (( i=0; i < ${#LDAP_ARRAY_Members_sAMAccountName[*]}; i++ )); do
+    # I want users to use email address not sam account name to login
+    #for (( i=0; i < ${#LDAP_ARRAY_Members_sAMAccountName[*]}; i++ )); do
+    for (( i=0; i < ${#LDAP_ARRAY_Members_Email[*]}; i++ )); do
         list_of_userids+='"'${LDAP_ARRAY_Members_UserId[$i]}'"'
         list_of_userids+=","
     done
@@ -1323,7 +1356,9 @@ if [ "$b_Must_Sync_Users" = "true" ]; then
     # If a user is a now a member of the deactivated user group we can now remove the user from the Zabbix-LDAP-Group
     tempvar=""
     list_of_userids=""
-    for (( i=0; i < ${#LDAP_ARRAY_Members_sAMAccountName[*]}; i++ )); do
+    # I want users to use email address not sam account name to login
+    #for (( i=0; i < ${#LDAP_ARRAY_Members_sAMAccountName[*]}; i++ )); do
+    for (( i=0; i < ${#LDAP_ARRAY_Members_Email[*]}; i++ )); do
         list_of_userids+='"'${LDAP_ARRAY_Members_UserId[$i]}'"'
         list_of_userids+=","
     done

this includes the other patch for groups in groups. also it turns all username to lower case.

I think at some point zabbix changed alias to username - made that change as well

BernhardLinz commented 2 years ago

I have used the username instead of the email-address because a user always have an username, but not all users have an email-address. If a email-adress exist, the address will be imported for notifications