zabbix sync AD users

1. #!/usr/bin/env python
2. #coding:utf-8
4. import ldap,ldif3,sys,re
5. importMySQLdb
8. ldap_host="ldap://xx.xx.xx.xx"
9. ldap_user="xx@xx.xx"#abc@domain.com
10. ldap_pass="xxxx"
11. basedn ="OU=group,DC=domain,DC=com"
13. db_host="10.1.180.166"
14. db_port=3306
15. db_user="zabbix"
16. db_pass="zabbixpwd"
17. db_Name="zabbix"
19. #insert user to zabbix
20. #insert into users (userid,alias,passwd,autologin,type) (select max(userid)+1 as userid,'test','5fce1b3e34b520afeffb37ce08c7cd66',1,3 from users);
22. #select users
23. #select alias from zabbix.users where alias not regexp 'AR|Admin|guest' ;
25. def __mysql_operation(sql):
26. try:
27. conn =MySQLdb.connect(host=db_host,user=db_user,passwd=db_pass,port=db_port,db=db_Name)
28. cur = conn.cursor()
29. count = cur.execute(sql)
30. if count ==0:
31. zbx_result =0
32. else:
33. zbx_result = cur.fetchall()
34. conn.commit()
35. cur.close()
36. conn.close()
37. #print zbx_result
38. return zbx_result
39. exceptMySQLdb.Error,e:
40. print"Mysql Error:",e
42. def __ldap_query():
43. conn = ldap.initialize(ldap_host)
44. # set domain protocol version
45. conn.protocol_version =3
46. conn.set_option(ldap.OPT_REFERRALS,0)
47. # bind domain user
48. conn.simple_bind_s(ldap_user,ldap_pass)
49. ldif_writer = ldif3.LDIFWriter(sys.stdout)
50. retrieveAttributes =None
51. results = conn.search_s(basedn,ldap.SCOPE_SUBTREE,"(cn=*)",retrieveAttributes)
52. # for dn,entry in results:
53. # ldif_writer.unparse(dn,entry)
54. cn_list =[]
55. for result in results:
56. result_dn = result[0]
57. result_attrs = result[1]
58. if"member"in result_attrs:
59. for member in result_attrs["member"]:
60. re_result = re.search(r'\w+\s\w+',member)
61. if re_result:
62. cn_list.append(re_result.group().replace(' ','').lower())
64. #print member
66. user_list = sorted(set(cn_list))
67. return user_list
69. def main():
70. select_sql ='''select alias from users where alias not regexp 'AR|Admin|guest' ;'''
71. select_result = __mysql_operation(select_sql)
72. ldap_result = __ldap_query()
73. zabbix_user_list =[]
74. for s_row in select_result:
75. zabbix_user_list.append(s_row[0])
76. #print zabbix_user_list
77. # add domain user to zabbix
78. for l_row in ldap_result:
79. if l_row in zabbix_user_list:
80. print"The %s user alrady exist ! "%(l_row)
81. else:
82. insert_sql ='''insert into users (userid,alias,passwd,autologin,autologout,type) (select max(userid)+1 as userid,'%s','5fce1b3e34b520afeffb37ce08c7cd66',1,0,1 from users);'''%(l_row)
83. __mysql_operation(insert_sql)
84. print"Add %s user successed !"%(l_row)
86. # if zabbix user not exist for domain , delete this user.
87. for s_row in zabbix_user_list:
88. if s_row notin ldap_result:
89. delete_sql ='''delete from users where alias = "%s" ;'''%(s_row)
90. __mysql_operation(delete_sql)
91. print"Delete invalid %s user succeesed !"%(s_row)
92. else:
93. print"Not have invalid users !"
95. if __name__ =='__main__':
96. main()

首先：在windows AD创建一个zabbix用户， 最好和zabbix默认账号一致

然后配置ldap

 

 

执行脚本后，将AD所有用户都同步过来了，定期执行脚本，会自动添加删除用户， 同步AD

 

 

来自为知笔记(Wiz)