The LDAP Helper module can be used in organizations desiring to utilize LDAP groups to populate contact groups in OP5 Monitor.
Version & Support
This article was written for version 7.3.5 of Monitor, it could work on both lower and higher version if nothing else is stated.
Articles in the Community-Space are not supported by op5 Support.
Setup steps for the LDAP helper module:
Only install on the master, not master-peers. With the exception of needing to have LDAP sync on master-peers in the event of a fail over scenario (rare).
- Download the ldap helper module archive (tar.gz).
- Extract the folder to /opt on the OP5 server.
Configure the LDAP helper module :
- Modify: /opt/op5-ldap-helper/op5-ldap-helper.conf.yml
Verify lines 2 & 3 match the name of the auth connector driver. (i.e. LDAP)
NOTE: The sync action utilizes the existing LDAP Auth Module configuration.
- Modify lines 26 & 27 if you would like to filter for specific groups.
custom_group_filter - For adding (cn=*GROUP_NAME*) include the asterisks but change GROUP_NAME of the group would "enable" OP5 to scan this specific group.
- Modify lines 46 & 47 with the user for API access to OP5 Monitor.
- op5api - In order for the script to work with OP5 a user "apiuser" was created in OP5. The credentials are stored in this file.
- Setup a contact group prefaced with "LDAP_" for example "LDAP_testgroup".
Using the module
Running the script to sync groups :
- Once the group is configured within the config file run go to /opt/op5-ldap-helper/ and run the following: ./op5-ldap-helper.pl
- To see available help use: ./op5-ldap-helper.pl -h
- To perform a dry run (no save), and get detailed output use: ./op5-ldap-helper.pl -d -C -n
- To perform a run with sync, simply run: ./op5-ldap-helper.pl
- Consider creating a cron job to periodically sync groups.