zabbix-tooling / zabbix-ldap-sync

Sync Zabbix with LDAP directory server
BSD 3-Clause "New" or "Revised" License
50 stars 36 forks source link

wildcard groups and zabbix 4.4 #44

Closed kkmaslowski closed 2 years ago

kkmaslowski commented 2 years ago

My configuration:

[ldap]
groups = DEV*

[user]
role = Zabbix user

Hi. I'm getting the following error when I try to use wildcard-search option with activedirectory based on samba:

Traceback (most recent call last): File "./zabbix-ldap-sync", line 115, in main() File "./zabbix-ldap-sync", line 110, in main zabbix_conn.create_missing_groups() File "/opt/zabbix-ldap-sync-0.13/lib/zabbixconn.py", line 396, in create_missinggroups name, = self._get_group_spec(group_spec) File "/opt/zabbix-ldap-sync-0.13/lib/zabbixconn.py", line 602, in _get_group_spec role_id = int(self._get_role_id(self.user_opt['role'])) File "/opt/zabbix-ldap-sync-0.13/lib/zabbixconn.py", line 68, in _get_role_id for g in self._get_roles(): File "/opt/zabbix-ldap-sync-0.13/lib/zabbixconn.py", line 192, in _get_roles result = self.conn.role.get(output='extend') File "/opt/zabbix-ldap-sync-0.13/venv/lib64/python3.6/site-packages/pyzabbix/init.py", line 219, in fn args or kwargs File "/opt/zabbix-ldap-sync-0.13/venv/lib64/python3.6/site-packages/pyzabbix/init.py", line 196, in do_request raise ZabbixAPIException(msg, response_json['error']['code'], error=response_json['error']) pyzabbix.ZabbixAPIException: ('Error -32602: Invalid params., Incorrect API "role".', -32602)

kkmaslowski commented 2 years ago

I found, there is no something like 'role' in zabbix 4. There are only groups. How can I add users and groups on zabbix 4 without role?

scoopex commented 2 years ago

Yes, this change after release 5.2. I improved the documentation for your https://github.com/zabbix-tooling/zabbix-ldap-sync/commit/f1748a41645af51819bd723f4ddd815199f001b0

kkmaslowski commented 2 years ago

Hi. I removed role in user section and added type = 1. Still problem with missing default role on Zabbbix 4.4:

[root@zabbix zabbix-ldap-sync-master]# ./zabbix-ldap-sync --wildcard-search --delete-orphans --remove-absent --skip-disabled -f zabbix-ldap.conf
2022-04-22 10:10:20 - INFO    - ZabbixLDAPConf:41 - configuration for zabbix-ldap-sync release [unknown, no sourcecode checkout]
2022-04-22 10:10:20 - INFO    - LDAPConn:295 - Search groups with wildcard: Support*
2022-04-22 10:10:20 - INFO    - LDAPConn:295 - Search groups with wildcard: DEV*
2022-04-22 10:10:20 - INFO    - LDAPConn:312 - Found group Support HW
2022-04-22 10:10:20 - INFO    - pyzabbix:68 - JSON-RPC Server Endpoint: https://zabbix-int.loc.cgmpolska.pl/zabbix/api_jsonrpc.php
2022-04-22 10:10:21 - INFO    - pyzabbix:75 - Zabbix API version is: 4.4.10
2022-04-22 10:10:21 - INFO    - ZabbixConn:104 - Connected to Zabbix API Version 4.4.10
2022-04-22 10:10:21 - CRITICAL - ZabbixConn:607 - No default role specified

Config:

[ldap]
groups = Support*,DEV*
...

[user]
type = 1
...

Also can I set different type for certain groups when using regex? For example: groups = Support*:3,DEV*:1

I tried it and it treats :1, :3 as part of group name.

2022-04-22 10:18:09 - INFO    - LDAPConn:295 - Search groups with wildcard: Support*:3
2022-04-22 10:18:09 - INFO    - LDAPConn:295 - Search groups with wildcard: DEV*:1
2022-04-22 10:18:09 - INFO    - LDAPConn:316 - Unable to find group "['Support*:3', 'DEV*:1']", skipping group wildcard
scoopex commented 2 years ago

No, you cannot define regexps. Pull requests are very welcome :-)

kkmaslowski commented 2 years ago

Still can't get it working with 4.4. Config like above (type = 1).

2022-05-14 21:49:55 - INFO    - pyzabbix:75 - Zabbix API version is: 4.4.10
2022-05-14 21:49:55 - INFO    - ZabbixConn:112 - Connected to Zabbix API Version 4.4.10
2022-05-14 21:49:55 - CRITICAL - ZabbixConn:619 - No default role specified