⬆️ ⬇️

A bunch of LightSquid + Active Directory

I use the LightSquid log analyzer on the squid proxy server, and once I wanted the statistics to be in the form of a computer - the real name, and since editing the configuration file for 100+ users seemed routine, well, when changing the name or adding new users to climb again I did not want to configure, I decided to take the names from the Active Directory automatically. For details please under the cat.



I use Active Directory, but with minimal changes the script should work with regular LDAP.

I will not describe the installation of LightSquid, it is quite simple, Google will help you. To convert IP to hostname, we will use DNS, described in the configuration file lightsquid.cfg with the line:



$ ip2name = "dns";



The parser rereads the files realname.cfg and group.cfg and takes from there the real names of users attached to the hosts. The file format is:

')

realname.cfg:

"Hostname" "real name"



group.cfg:

"Hostname" "group number" "group name"



What do we want?



It is necessary to take with HELL the hosts, the names of users attached to the hosts, the groups which contain users; then we write all this into configuration files in the appropriate format.



Here is the actual script that does this:



#!/usr/local/bin/perl # # ldap2lightsquid (c) Roman Melko <romanmelko@gmail.com> # Description: Synchronize users and computers of LightSquid with LDAP server # Requirements: Should run periodically # Version: 2012030601 # License: BSD # use strict; use Net::LDAP; my $domain = "example.ua"; # Domain is supposed to have 2 levels my @parts = split(/\./,$domain); my $domain0 = $parts[1]; my $domain1 = $parts[0]; my $user = "<username>"; # LDAP user my $password = "<password>"; # LDAP password my $cfgpath = "/usr/local/etc/lightsquid/"; # depends on OS my $realname = "$cfgpath/realname.cfg"; my $group = "$cfgpath/group.cfg"; # departments OU my @units = ( "MGT", "OPR", "PRO", "Sales "); # computers OU my @pcunits = ( "Developer servers", "Servers", "Workstation OPR", "Workstations PRO", "Workstations Sales", "Workstations Telemarketing" ); my @dep = ("no in group"); my $ldap = Net::LDAP->new("$domain") or die "$0"; $ldap->bind("CN=$user,DC=$domain1,DC=$domain0", password=>$password); my $base_path = "OU=<some path>,OU=<some path>,DC=$domain1,DC=$domain0"; # base LDAP path, change to yours my $num = @units; my $pcnum = @pcunits; my $attrs = "sn, givenname, department, samaccountname"; my $filter = "(objectcategory=CN=Person,CN=Schema,CN=Configuration,DC=$domain1,DC=$domain0)"; my $pcattrs = "cn, managedBy"; my $pcfilter = "(objectcategory=CN=Computer,CN=Schema,CN=Configuration,DC=$domain1,DC=$domain0)"; my $count; my $results; my %department_id = (); my %department_name = (); sub get_host_info { for (my $i=0; $i<$count; $i++) { my $entry = $results->entry($i); my $hostname = join(".",lc($entry->get_value('cn')),$domain); my @tmp_array = split(/,/,$entry->get_value('managedBy')); @tmp_array = split(/=/,$tmp_array[0]); my $fullname = $tmp_array[1]; if(!$fullname) { next; } print(REALNAME "$hostname\t$fullname\n"); print(GROUP "$hostname\t$department_id{$fullname}\t$department_name{$fullname}\n"); } } sub get_user_info { for (my $i=0; $i<$count; $i++) { my $entry = $results->entry($i); my $depnum = @dep; my $depid = $depnum; $depid++; foreach $depnum (0 .. @dep) { if ($entry->get_value('department') eq $dep[$depnum]) { $depid = $depnum; } } if ($depid > $depnum) { $dep[$depid] = $entry->get_value('department'); } if (length $depid < 2) { $depid = "0".$depid; } my $name = $entry->get_value('givenname'); my $surname = $entry->get_value('sn'); $name =~ s/^\s+//; $name =~ s/\s+$//; $surname =~ s/^\s+//; $surname =~ s/\s+$//; my $fullname = join(" ",$name,$surname); $department_id{$fullname} = $depid; $department_name{$fullname} = $entry->get_value('department'); } } open (REALNAME, ">", $realname) or die $!; open (GROUP, ">", $group) or die $!; # Getting real names and departments foreach $num (0 .. @units) { my $base = 'OU='.$units[$num].','.$base_path; $results = $ldap->search(base=>$base,filter=>$filter,attrs=>$attrs); $count = $results->count; if ($count > 0) { get_user_info(); } } # Getting pc names and owners, writing results to conf files foreach $pcnum (0 .. @pcunits) { my $base = 'OU='.$pcunits[$pcnum].',OU=Resources,'.$base_path; $results = $ldap->search(base=>$base,filter=>$pcfilter,attrs=>$pcattrs); $count = $results->count; if ($count > 0) { get_host_info(); } } # Closing connection to LDAP and files $ldap->unbind; close (REALNAME); close (GROUP); exit 0 




Important points:

- in each host in the AD, the managedby field must be filled in, so the host is tied to the user;

- in each user in AD, the department field must be filled, so the user is tied to the group (for now, I haven't gotten my hands on real groups, since my one user can belong to many groups with similar names);

- units and pcunits you must fill in your own data;

- the script should be executed periodically, for example in cron;

- the user, under which the script is accessed in AD, must be at the root of AD, otherwise it would not let me;

- in order to make the script work with the standard LDAP database, you should smoke mana, there are differences with HELL.

Source: https://habr.com/ru/post/139525/



All Articles