Successfully reported this slideshow.
Open Source in companiesIntegration of an Active Directoryinto check_mk
Purpose of the project• Integrating IT employees into thementoring solution• Integration based on existingdirectory servic...
The environment• For all users the attribute field mail has to have a value• An Active Directory Domain with the name foo....
Configuration for AD connection• Enter in WATO the Global configuration section• Open the sub-section User Management and ...
Configuration for AD connection• The LDAP User Settings contain the following values• The LDAP Group Settings contain thes...
Implementation• Through the Default User Profile the default valuesfor AD users are specified for example• If all informat...
Summary of configuration itemsOverview of the configured items in check_mk
Exemplary imported users into check_mk
Be aware….!• Users are imported intocheck_mk.• User attributes are checked for up-to-dateness.• To add a new user, the sec...
Conclusion• The integration into an existingActive Directory simplifies theadministration significantly• It avoids the dou...
Upcoming SlideShare
Loading in …5
×

Open source in companies - Active Directory integration into check mk

1,466 views

Published on

Integrating an

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Open source in companies - Active Directory integration into check mk

  1. 1. Open Source in companiesIntegration of an Active Directoryinto check_mk
  2. 2. Purpose of the project• Integrating IT employees into thementoring solution• Integration based on existingdirectory service (AD)• Reduce the number of passwordsand logins that need to beremembered• The information must also beavailable in case the directoryservice failsQuelle: CC by David el Nomo – http://www.fotopedia.com/items/flickr-3191470593
  3. 3. The environment• For all users the attribute field mail has to have a value• An Active Directory Domain with the name foo.bar• All users objects are located at ou=Users,dc=foo,dc=bar• All IT employees are member of the group cn=edv-it,ou=Groups,dc=foo,dc=bar an• An existing monitoring server based on check_mk (version 1.2.2 or newer)• WATO is used to configure the Nagios or Icinga service• The Contact group IT Abteilung contains all contacts to notify
  4. 4. Configuration for AD connection• Enter in WATO the Global configuration section• Open the sub-section User Management and chooseLDAP (Active Directory, OpenLDAP) connector• Adjust the LDAP Connection Settings as follows:LDAP Server directoryserver1.foo.barDirectory Type Active DirectoryBind dn cn=ldapsearch_user,ou=Users,dc=foo,dc=barBind Passwort $YOUR_SECRET_PASSWORD$
  5. 5. Configuration for AD connection• The LDAP User Settings contain the following values• The LDAP Group Settings contain these valuesUser Base DN ou=Users,dc=foo,dc=barSearch Filter (&(objectclass=user)(objectcategory=person)(memberOf=cn=edv-it,ou=Groups,dc=foo,dc=bar))Group Base DN ou=Groups,dc=foo,dc=barSearch Filter (objectclass=group)
  6. 6. Implementation• Through the Default User Profile the default valuesfor AD users are specified for example• If all information are entered correctly, the AD userscan be seen in WATO in the section Users & Contacts.For these users the connector type LDAP is set.• Any changes to attributes or groups and roles aresaved separately by check_mkUser Roles Normal monitoring userContact groups IT Abteilung
  7. 7. Summary of configuration itemsOverview of the configured items in check_mk
  8. 8. Exemplary imported users into check_mk
  9. 9. Be aware….!• Users are imported intocheck_mk.• User attributes are checked for up-to-dateness.• To add a new user, the sectionUsers & Contacts in WATO need tobe called• If employees leave the companies,they must be manually removedQuelle: CC by thethreesisters – http://www.flickr.com/photos/tripletsisters/7643953482/
  10. 10. Conclusion• The integration into an existingActive Directory simplifies theadministration significantly• It avoids the double maintenanceof contacts, passwords and users• Even if the AD fails, theinformation of the users like mailaddress are stored. Thus a well-running of the system can beensuredQuelle: CC-BY-SA Bundesarchiv – http://commons.wikimedia.org/wiki/File:Bundesarchiv_Bild_183-48084-0031,_Leipzig,_Turn-_und_Sporttreffen,_800m-Lauf,_Ziel.jpg

×