CMK version: Checkmk Raw Edition 2.1.0p20
OS version: Ubuntu 20.04.6 LTS
We are experiencing an issue with our LDAP connectors and automatic assignment of contact groups in Checkmk. One of our LDAP connectors is continuously modifying the contact groups for all users in a particular contact group, alternately adding and removing them at seemingly random intervals.
The system’s change history is flooded with events like this (summarized):
2024-04-15 11:50:02 – LDAP [dom.ain]: Modified user jasons (Changed contactgroups from [‘Checkmk.All.Notifications’, ‘Checkmk.SqlMonitors’] to [‘Checkmk.All.Notifications’])
2024-04-15 11:44:02 – LDAP [dom.ain]: Modified user jasons (Changed contactgroups from [‘Checkmk.All.Notifications’] to [‘Checkmk.All.Notifications’, ‘Checkmk.SqlMonitors’])
We have a single Active Directory domain that Checkmk connects to with 2 separate connectors. The implementation model actually calls for 3, but we haven’t had a use for the third yet, so for now it is just the 2.
The first connector, in terms of users, only pulls the service account we use for connectivity. However, it scans the entire domain for security groups. Its purpose is to ensure that we are able to properly resolve nested group memberships for groups that are not explicitly related to Checkmk.
The second connector points to an OU that contains all of our users. The group selector points to the OU that contains all of our Checkmk-specific groups. It uses a group membership filter to automatically create users that need to exist as monitoring contacts.
The third (unimplemented) connector is intended for people who may wish to log in and view monitoring data but who don’t necessarily need to be added as contacts. The theory is that it would be created with the same settings as the primary user connector, but with Create users only on login checked.
I’m sure it’s something to do with the way our LDAP connections are configured, but I can’t wrap my head around why our setup isn’t working.
Does anyone have any tips on how I might troubleshoot this?
Thanks in advance,
Jason
EDIT: Added Checkmk and OS version details.