Module: check_mk
Branch: master
Commit: 3582330f20c25c3fc1af4f181af2251a8af1fdb7
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=3582330f20c25c…
Author: Mathias Kettner <mk(a)mathias-kettner.de>
Date: Wed Oct 23 04:44:14 2013 -0400
Removed peer replication from configuration dialog
Existing peer replications are still unaffected but
will soon be removed anyway.
---
ChangeLog | 1 +
web/htdocs/wato.py | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index 7d3f0c9..43e6d79 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -92,6 +92,7 @@
* New option for full SNMP scan in bulk inventory
* bulk operations now also available when checkboxes are off
* LDAP: Added test to validate the configured role sync groups
+ * Disabled replication type "peer" in site editor.
* FIX: correct display of number of hosts in bulk inventory
* FIX: nailed down ".siteid" exception when added new site
* FIX: fixed setting for locking mode from 'ait' to 'wait'
diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py
index a59454f..ac32bf7 100644
--- a/web/htdocs/wato.py
+++ b/web/htdocs/wato.py
@@ -7374,7 +7374,7 @@ def mode_edit_site(phase):
forms.section(_("Replication method"))
html.select("replication",
[ ("none", _("No replication with this site")),
- ("peer", _("Peer: synchronize configuration with this site")),
+ # ("peer", _("Peer: synchronize configuration with this site")),
("slave", _("Slave: push configuration to this site"))
], site.get("replication", "none"))
html.help( _("WATO replication allows you to manage several monitoring sites with a "
Module: check_mk
Branch: master
Commit: cf87bbc79c417df73de9b471335394002a9974eb
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=cf87bbc79c417d…
Author: Mathias Kettner <mk(a)mathias-kettner.de>
Date: Tue Oct 22 15:13:37 2013 -0400
Fixed layout of ListOfStrings
Cancelling the float: left, that makes e.g. the Negate hosts option appear
in the same line as the list of hosts. I hope this does not break something
on browsers other then Chrome and Firefox.
---
web/htdocs/check_mk.css | 4 ++--
web/htdocs/wato.py | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/web/htdocs/check_mk.css b/web/htdocs/check_mk.css
index 41169e0..aac444f 100644
--- a/web/htdocs/check_mk.css
+++ b/web/htdocs/check_mk.css
@@ -471,7 +471,7 @@ table.valuespec_listof option[selected] {
font-weight: bold;
}
-div.listofstring.horizontal {
+div.listofstrings.horizontal {
clear: left;
}
@@ -484,7 +484,7 @@ div.listofstrings.horizontal > div {
margin-right: 2px;
}
div.listofstrings.horizontal > div:last-child {
- /* float: none; */
+ float: none;
}
table.listchoice {
diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py
index 6602edd..c6a0a94 100644
--- a/web/htdocs/wato.py
+++ b/web/htdocs/wato.py
@@ -11395,7 +11395,7 @@ def mode_edit_rule(phase, new = False):
html.checkbox("negate_hosts", negate_hosts, label =
_("<b>Negate:</b> make rule apply for <b>all but</b> the above hosts"))
- html.write("</div><br>")
+ html.write("</div>")
html.help(_("You can enter a number of explicit host names that rule should or should "
"not apply to here. Leave this option disabled if you want the rule to "
"apply for all hosts specified by the given tags."))
Module: check_mk
Branch: master
Commit: 4dc44d02f6889447227c193d7dbc5fdc5509452b
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=4dc44d02f68894…
Author: Mathias Kettner <mk(a)mathias-kettner.de>
Date: Wed Oct 23 03:06:07 2013 -0400
WATO: bulk operations now also available when checkboxes are off
---
.bugs/982 | 9 ++++++++-
ChangeLog | 1 +
web/htdocs/wato.py | 39 +++++++++++++++++++++------------------
3 files changed, 30 insertions(+), 19 deletions(-)
diff --git a/.bugs/982 b/.bugs/982
index f7b3731..3c6fd58 100644
--- a/.bugs/982
+++ b/.bugs/982
@@ -1,9 +1,16 @@
Title: WATO: Hostlist in folder: enable checkboxes -> all should be checked
Component: wato
-State: open
+State: done
Date: 2013-10-09 20:39:38
Targetversion: 1.4.0
Class: nastiness
When you enable the checkboxes in a WATO folder host list,
then all boxes should initially be checked.
+
+Better solution: readd the bulk buttons also when there
+are no checkboxes at all.
+
+
+2013-10-23 03:05:33: changed state open -> done
+Bulk operations now also work without checkboxes
diff --git a/ChangeLog b/ChangeLog
index c22bec4..0cf8cf3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -87,6 +87,7 @@
distributed WATO (available in the "Distributed Monitoring")
* bulk inventory: display percentage in progress bar
* New option for full SNMP scan in bulk inventory
+ * bulk operations now also available when checkboxes are off
* FIX: correct display of number of hosts in bulk inventory
* FIX: nailed down ".siteid" exception when added new site
* FIX: fixed setting for locking mode from 'ait' to 'wait'
diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py
index bb9fc1d..3f5241f 100644
--- a/web/htdocs/wato.py
+++ b/web/htdocs/wato.py
@@ -1292,23 +1292,23 @@ def show_hosts(folder):
'checkbox', _('Hide Checkboxes and bulk actions'), 'checkbox',
html.makeuri([('show_checkboxes', '0')])))
- html.write(' ' + _("Selected hosts:\n"))
+ html.write(' ' + _("Selected hosts:\n"))
- if not g_folder.get(".lock_hosts"):
- if config.may("wato.manage_hosts"):
- html.button("_bulk_delete", _("Delete"))
- if config.may("wato.edit_hosts"):
- html.button("_bulk_edit", _("Edit"))
- html.button("_bulk_cleanup", _("Cleanup"))
- if config.may("wato.services"):
- html.button("_bulk_inventory", _("Inventory"))
- if not g_folder.get(".lock_hosts"):
- if config.may("wato.parentscan"):
- html.button("_parentscan", _("Parentscan"))
- if config.may("wato.edit_hosts") and config.may("wato.move_hosts"):
- move_to_folder_combo("host", None, top)
- if at_least_one_imported:
- html.button("_bulk_movetotarget", _("Move to Target Folders"))
+ if not g_folder.get(".lock_hosts"):
+ if config.may("wato.manage_hosts"):
+ html.button("_bulk_delete", _("Delete"))
+ if config.may("wato.edit_hosts"):
+ html.button("_bulk_edit", _("Edit"))
+ html.button("_bulk_cleanup", _("Cleanup"))
+ if config.may("wato.services"):
+ html.button("_bulk_inventory", _("Inventory"))
+ if not g_folder.get(".lock_hosts"):
+ if config.may("wato.parentscan"):
+ html.button("_parentscan", _("Parentscan"))
+ if config.may("wato.edit_hosts") and config.may("wato.move_hosts"):
+ move_to_folder_combo("host", None, top)
+ if at_least_one_imported:
+ html.button("_bulk_movetotarget", _("Move to Target Folders"))
html.write("</td></tr>\n")
# Show table of hosts in this folder
@@ -1680,16 +1680,19 @@ def delete_folder_after_confirm(del_folder):
# Create list of all hosts that are select with checkboxes in the current file.
# This is needed for bulk operations.
def get_hostnames_from_checkboxes(filterfunc = None):
+ show_checkboxes = html.var("show_checkboxes") == "1"
+
entries = g_folder[".hosts"].items()
entries.sort()
- selected = weblib.get_rowselection('wato-folder-/'+g_folder['.path'])
+ if show_checkboxes:
+ selected = weblib.get_rowselection('wato-folder-/'+g_folder['.path'])
selected_hosts = []
search_text = html.var("search")
for hostname, host in entries:
if (not search_text or (search_text.lower() in hostname.lower())) \
- and ('_c_' + hostname) in selected:
+ and (not show_checkboxes or ('_c_' + hostname) in selected):
if filterfunc == None or \
filterfunc(host):
selected_hosts.append(hostname)
Module: check_mk
Branch: master
Commit: 4c36596a6c7082c9a3dad86df308503727df1549
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=4c36596a6c7082…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Wed Oct 23 10:23:48 2013 +0200
LDAP: Added option to make group and role sync plugin handle nested groups
---
ChangeLog | 4 ++++
web/htdocs/wato.py | 30 +++++++++++++++++++++------
web/plugins/userdb/ldap.py | 49 +++++++++++++++++++++++++++++++++++---------
3 files changed, 67 insertions(+), 16 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index c22bec4..759029d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -26,6 +26,9 @@
* Wiki Sidebar Snapin: showing navigation and quicksearch. OMD only.
* Sidebar can now be folded. Simply click somewhere at the left 10 pixels.
* Foldable sections now have an animated triangle icon that shows the folding state
+ * LDAP: Added option to make group and role sync plugin handle nested
+ groups (only in Active Directory at the moment). Enabling this
+ feature might increase the sync time a lot - use only when really needed.
* FIX: Fixed encoding problem in webservice column output
* FIX: Fix output format python for several numeric columns
* FIX: Fixed searching hosts by aliases/adresses
@@ -87,6 +90,7 @@
distributed WATO (available in the "Distributed Monitoring")
* bulk inventory: display percentage in progress bar
* New option for full SNMP scan in bulk inventory
+ * LDAP: Added test to validate the configured role sync groups
* FIX: correct display of number of hosts in bulk inventory
* FIX: nailed down ".siteid" exception when added new site
* FIX: fixed setting for locking mode from 'ait' to 'wait'
diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py
index 6602edd..78d053a 100644
--- a/web/htdocs/wato.py
+++ b/web/htdocs/wato.py
@@ -5624,12 +5624,30 @@ def mode_ldap_config(phase):
else:
return (False, msg)
+ def test_groups_to_roles(address):
+ if 'groups_to_roles' not in config.ldap_active_plugins:
+ return True, _('Skipping this test (Plugin is not enabled)')
+
+ userdb.ldap_connect(enforce_new = True, enforce_server = address)
+ num = 0
+ for role_id, dn in config.ldap_active_plugins['groups_to_roles'].items():
+ if isinstance(dn, str):
+ num += 1
+ try:
+ ldap_groups = userdb.ldap_get_groups('(distinguishedName=%s)' % dn)
+ if not ldap_groups:
+ return False, _('Could not find the group specified for role %s') % role_id
+ except Exception, e:
+ return False, _('Error while fetching group for role %s: %s') % (role_id, str(e))
+ return True, _('Found all %d groups.') % num
+
tests = [
- (_('Connect'), test_connect),
- (_('User Base-DN'), test_user_base_dn),
- (_('Count Users'), test_user_count),
- (_('Group Base-DN'), test_group_base_dn),
- (_('Count Groups'), test_group_count),
+ (_('Connect'), test_connect),
+ (_('User Base-DN'), test_user_base_dn),
+ (_('Count Users'), test_user_count),
+ (_('Group Base-DN'), test_group_base_dn),
+ (_('Count Groups'), test_group_count),
+ (_('Sync-Plugin: Roles'), test_groups_to_roles),
]
for address in userdb.ldap_servers():
@@ -5642,7 +5660,7 @@ def mode_ldap_config(phase):
state, msg = test(address)
except Exception, e:
state = False
- msg = _('Exception: %s') % e
+ msg = _('Exception: %s') % html.attrencode(e)
if state:
img = '<img src="images/icon_success.gif" alt="%s" />' % _('Success')
diff --git a/web/plugins/userdb/ldap.py b/web/plugins/userdb/ldap.py
index 4aa68d3..77faf2e 100644
--- a/web/plugins/userdb/ldap.py
+++ b/web/plugins/userdb/ldap.py
@@ -505,7 +505,7 @@ def ldap_get_groups(add_filt = None):
filt = '(&%s%s)' % (filt, add_filt)
return ldap_search(ldap_replace_macros(config.ldap_groupspec['dn']), filt, ['cn'])
-def ldap_user_groups(username, user_dn, attr = 'cn'):
+def ldap_user_groups(username, user_dn, attr = 'cn', nested = False):
# When configured to convert user_ids to lower case, all user ids here are lower case.
# Otherwise all user_ids are in the case which they are in LDAP. This should be ok
# for this function! I removed the snippet below to reduce the number of ldap queries.
@@ -515,11 +515,12 @@ def ldap_user_groups(username, user_dn, attr = 'cn'):
# # so the username read from ldap might differ. Fix it here.
# user_dn, username = ldap_get_user(username, True)
- if username in g_ldap_group_cache:
+ cache_key = '%s-%s' % (username, nested and 'n' or 'f')
+ if cache_key in g_ldap_group_cache:
if attr == 'cn':
- return g_ldap_group_cache[username][0]
+ return g_ldap_group_cache[cache_key][0]
else:
- return g_ldap_group_cache[username][1]
+ return g_ldap_group_cache[cache_key][1]
# posixGroup objects use the memberUid attribute to specify the group memberships.
# This is the username instead of the users DN. So the username needs to be used
@@ -531,7 +532,10 @@ def ldap_user_groups(username, user_dn, attr = 'cn'):
# Apply configured group ldap filter and only reply with groups
# having the current user as member
- add_filt = '(%s=%s)' % (ldap_member_attr(), ldap.filter.escape_filter_chars(user_filter))
+ if config.ldap_connection['type'] and nested:
+ add_filt = '(member:1.2.840.113556.1.4.1941:=%s)' % ldap.filter.escape_filter_chars(user_dn)
+ else:
+ add_filt = '(%s=%s)' % (ldap_member_attr(), ldap.filter.escape_filter_chars(user_filter))
# First get all groups
groups_cn = []
@@ -540,7 +544,7 @@ def ldap_user_groups(username, user_dn, attr = 'cn'):
groups_cn.append(group['cn'][0])
groups_dn.append(dn)
- g_ldap_group_cache.setdefault(username, (groups_cn, groups_dn))
+ g_ldap_group_cache.setdefault(cache_key, (groups_cn, groups_dn))
if attr == 'cn':
return groups_cn
@@ -744,7 +748,7 @@ register_user_attribute_sync_plugins()
def ldap_convert_groups_to_contactgroups(params, user_id, ldap_user, user):
groups = []
# 1. Fetch CNs of all LDAP groups of the user (use group_dn, group_filter)
- ldap_groups = ldap_user_groups(user_id, ldap_user['dn'])
+ ldap_groups = ldap_user_groups(user_id, ldap_user['dn'], nested = params.get('nested', False))
# 2. Fetch all existing group names in WATO
cg_names = load_group_information().get("contact", {}).keys()
@@ -759,20 +763,32 @@ ldap_attribute_plugins['groups_to_contactgroups'] = {
'contactgroup must match the common name (cn) of the LDAP group.'),
'convert': ldap_convert_groups_to_contactgroups,
'lock_attributes': ['contactgroups'],
- 'no_param_txt': _('Add user to all contactgroups where the common name matches the group name.'),
+ 'parameters': [
+ ('nested', FixedValue(
+ title = _('Handle nested group memberships (Active Directory only at the moment)'),
+ help = _('Once you enable this option, this plugin will not only handle direct '
+ 'group memberships, instead it will also dig into nested groups and treat '
+ 'the members of those groups as contact group members as well. Please mind '
+ 'that this feature might increase the execution time of your LDAP sync.'),
+ value = True,
+ totext = _('Nested group memberships are resolved'),
+ )
+ )
+ ],
}
def ldap_convert_groups_to_roles(params, user_id, ldap_user, user):
groups = []
# 1. Fetch DNs of all LDAP groups of the user
- ldap_groups = [ g.lower() for g in ldap_user_groups(user_id, ldap_user['dn'], 'dn') ]
+ ldap_groups = [ g.lower() for g in ldap_user_groups(user_id, ldap_user['dn'],
+ attr = 'dn', nested = params.get('nested', False)) ]
# 2. Load default roles from default user profile
roles = config.default_user_profile['roles'][:]
# 3. Loop all roles mentioned in params (configured to be synchronized)
for role_id, dn in params.items():
- if dn.lower() in ldap_groups and role_id not in roles:
+ if isinstance(dn, str) and dn.lower() in ldap_groups and role_id not in roles:
roles.append(role_id)
return {'roles': roles}
@@ -788,6 +804,19 @@ def ldap_list_roles_with_group_dn():
size = 80,
enforce_suffix = ldap_replace_macros(config.ldap_groupspec.get('dn', '')),
)))
+
+ elements.append(
+ ('nested', FixedValue(
+ title = _('Handle nested group memberships (Active Directory only at the moment)'),
+ help = _('Once you enable this option, this plugin will not only handle direct '
+ 'group memberships, instead it will also dig into nested groups and treat '
+ 'the members of those groups as contact group members as well. Please mind '
+ 'that this feature might increase the execution time of your LDAP sync.'),
+ value = True,
+ totext = _('Nested group memberships are resolved'),
+ )
+ )
+ )
return elements
ldap_attribute_plugins['groups_to_roles'] = {