[Check_mk (english)] OpenLDAP Contact Groups Sync

GarthH · May 30, 2018, 11:03pm

Hello

I have a bunch of monitoring servers running check_mk 1.2.8p28, most of them sync users from AD and have no problems populating contact groups. I have just stood up another server and it is point to an OpenLDAP. User sync is working as
expected but I cant get the contact groups to populate.

One thing I have noticed, the DN for a group in OpenLDAP is different to AD, example

cn=monitoring,cn=groups,cn=accounts,dc=example,dc=co,dc=nz

In AD it would be something like

cn=monitoring,ou=groups,ou=accounts,dc=example,dc=co,dc=nz

Groups and Accounts being OU’s

I have the base search path for groups configured as cn=groups,cn=accounts,dc=example,dc=co,dc=nz and it is set to search whole subtree

Search filter is for (objectclass=groupOfNames) and when I do a test it says it can see 10 groups (expected) but when I create a contact group with the same common name (ie monitoring) and do a user sync, it does not modify contact group
membership for the user. (note contact group membership option is checked in the ldap connection)

Any ideas?

r.sander · May 31, 2018, 7:34am

You need to tell Check_MK the name of the member attribute of the LDAP
group class you are using. In your case this is most likeley just "member".

The RDNs of the path elements in the group DN do not matter.

Regards

···

On 31.05.2018 01:03, Garth Horsburgh [DATACOM] wrote:

Search filter is for (objectclass=groupOfNames) and when I do a test it
says it can see 10 groups (expected) but when I create a contact group
with the same common name (ie monitoring) and do a user sync, it does
not modify contact group membership for the user. (note contact group
membership option is checked in the ldap connection)

--
Robert Sander
Heinlein Support GmbH
Schwedter Str. 8/9b, 10119 Berlin

Tel: 030 / 405051-43
Fax: 030 / 405051-19

Zwangsangaben lt. §35a GmbHG:
HRB 93818 B / Amtsgericht Berlin-Charlottenburg,
Geschäftsführer: Peer Heinlein -- Sitz: Berlin

GarthH · May 31, 2018, 9:26pm

Excellent, that did it.
Thanks

···

-----Original Message-----
From: checkmk-en <checkmk-en-bounces@lists.mathias-kettner.de> On Behalf Of Robert Sander
Sent: Thursday, 31 May 2018 7:34 PM
To: checkmk-en@lists.mathias-kettner.de
Subject: Re: [Check_mk (english)] OpenLDAP Contact Groups Sync

On 31.05.2018 01:03, Garth Horsburgh [DATACOM] wrote:

Search filter is for (objectclass=groupOfNames) and when I do a test
it says it can see 10 groups (expected) but when I create a contact
group with the same common name (ie monitoring) and do a user sync, it
does not modify contact group membership for the user. (note contact
group membership option is checked in the ldap connection)

You need to tell Check_MK the name of the member attribute of the LDAP group class you are using. In your case this is most likeley just "member".

The RDNs of the path elements in the group DN do not matter.

Regards
--
Robert Sander
Heinlein Support GmbH
Schwedter Str. 8/9b, 10119 Berlin

Tel: 030 / 405051-43
Fax: 030 / 405051-19

Zwangsangaben lt. §35a GmbHG:
HRB 93818 B / Amtsgericht Berlin-Charlottenburg,
Geschäftsführer: Peer Heinlein -- Sitz: Berlin