/[smeserver]/rpms/smeserver-samba/sme9/smeserver-samba-0.1.0-062616-update.patch
ViewVC logotype

Annotation of /rpms/smeserver-samba/sme9/smeserver-samba-0.1.0-062616-update.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Sat Jul 30 18:36:41 2016 UTC (8 years, 4 months ago) by gzartman
Branch: MAIN
CVS Tags: HEAD
* Sun Jun 26 2016 Greg Zartman <gzartman@koozali.org> 0.1-0-4
- Add dnscache and tinydns config per bug [SME: 8638]
- Add iptables preroute rule for DNS per bug [SME: 8638]
- Fix issues with domain admins assignment during provisioning
- Nearly full re-write of user-create-AD action to utilize
  esmith::AD class
- Add Legacy Mode to user-create-AD action to allow this
  action to work with AccountsDB
- Add user-create-AD to user-create event
- Add user-AD-disable action to disable AD user
- Continued development and enhancement to esmith::AD
  including POD documentation
- Continued development and enhancement to esmith::AD::User
  including POD documentation
- Add esmith::AD::OU to manage Organizational Units in the
  Active Directory
- Fix realm definition in provision action

1 gzartman 1.1 diff -urbN smeserver-samba-0.1.0/createlinks smeserver-samba-0.1.0-062616-update/createlinks
2     --- smeserver-samba-0.1.0/createlinks 2016-07-24 10:25:57.946060238 -0700
3     +++ smeserver-samba-0.1.0-062616-update/createlinks 2016-06-26 21:04:56.892472467 -0700
4     @@ -19,7 +19,6 @@
5     provision-domain-controller
6     bootstrap-initialize-samba));
7    
8     -
9     ##Links for provision-domain-controller event
10     $event = "provision-domain-controller";
11     event_link("adjust-samba-down", $event, "01");
12     @@ -29,6 +28,10 @@
13     event_link("samba-create-domain-admins", $event,"03");
14     event_link("adjust-samba-up", $event, "50");
15    
16     +##Links for user-create
17     +$event = "user-create";
18     +event_link("user-create-AD", $event, "04");
19     +
20     ##Links for adjust-samba event
21     $event = "adjust-samba";
22     event_link("adjust-samba-down", $event, "20");
23     diff -urbN smeserver-samba-0.1.0/root/etc/e-smith/db/configuration/migrate/dnscache_set_ListenIP_AD smeserver-samba-0.1.0-062616-update/root/etc/e-smith/db/configuration/migrate/dnscache_set_ListenIP_AD
24     --- smeserver-samba-0.1.0/root/etc/e-smith/db/configuration/migrate/dnscache_set_ListenIP_AD 1969-12-31 16:00:00.000000000 -0800
25     +++ smeserver-samba-0.1.0-062616-update/root/etc/e-smith/db/configuration/migrate/dnscache_set_ListenIP_AD 2016-06-27 18:15:13.000000000 -0700
26     @@ -0,0 +1,9 @@
27     +{
28     + my $serverRole = $DB->get_prop('smb','ServerRole') || '';
29     + # Set dnscache listen IP for Samba DNS Loopback routing
30     + if ($serverRole eq 'DC') {
31     +
32     + $DB->set_prop ('dnscache','ListenIP', '127.0.0.3');
33     +
34     + }
35     +}
36     diff -urbN smeserver-samba-0.1.0/root/etc/e-smith/db/configuration/migrate/tinydns_set_ListenIP_AD smeserver-samba-0.1.0-062616-update/root/etc/e-smith/db/configuration/migrate/tinydns_set_ListenIP_AD
37     --- smeserver-samba-0.1.0/root/etc/e-smith/db/configuration/migrate/tinydns_set_ListenIP_AD 1969-12-31 16:00:00.000000000 -0800
38     +++ smeserver-samba-0.1.0-062616-update/root/etc/e-smith/db/configuration/migrate/tinydns_set_ListenIP_AD 2016-06-27 18:13:29.000000000 -0700
39     @@ -0,0 +1,10 @@
40     +{
41     +
42     + my $serverRole = $DB->get_prop('smb','ServerRole') || '';
43     + # Set tinydns listen IP for Samba DNS Loopback routing
44     + if ($serverRole eq 'DC') {
45     +
46     + $DB->set_prop ('tinydns','ListenIP', '127.0.0.4');
47     +
48     + }
49     +}
50     diff -urbN smeserver-samba-0.1.0/root/etc/e-smith/events/actions/provision-domain-controller smeserver-samba-0.1.0-062616-update/root/etc/e-smith/events/actions/provision-domain-controller
51     --- smeserver-samba-0.1.0/root/etc/e-smith/events/actions/provision-domain-controller 2016-07-24 10:25:57.946060238 -0700
52     +++ smeserver-samba-0.1.0-062616-update/root/etc/e-smith/events/actions/provision-domain-controller 2016-06-20 23:26:45.000000000 -0700
53     @@ -17,18 +17,17 @@
54    
55     ##Pull arguments
56     my $event = $ARGV [0];
57     -my $AdminPass = $ARGV [1];
58     +my $adminPass = $ARGV [1];
59    
60     -die 'Samba provisioning error: Missing admin password' unless ($AdminPass);
61     +die 'Samba provisioning error: Missing admin password' unless ($adminPass);
62    
63     -##Pull config parameters for DC provision
64     +##Pull domain name from config dbase. This is the samba realm
65     my $cdb = esmith::ConfigDB->open;
66     -my $SystemName = $cdb->get('SystemName')->value ||
67     - die 'Samba provisioning error: SystemName not defined';
68     -my $DomainName = $cdb->get('DomainName')->value ||
69     +my $domainName = $cdb->get('DomainName')->value ||
70     die 'Samba provisioning error: Primary Domain Name not defined';
71     -my $WorkGroup = $cdb->get_prop ('smb', 'Workgroup') ||
72     +my $workGroup = $cdb->get_prop ('smb', 'Workgroup') ||
73     die 'Samba provisioning error: Workgroup not defined';
74     +my $realm = $workGroup . "." . $domainName;
75    
76     ##Bail if Samba has already been initialized
77     if ($event eq 'bootstrap-initialize-samba' &&
78     @@ -61,8 +60,8 @@
79     ##Initialize Samba Domain
80     warn "Samba domain: Provisining Active Directory.";
81     my $provision = "/usr/bin/samba-tool domain provision --server-role=dc " .
82     - "--domain=$WorkGroup " .
83     - "--realm=$DomainName " .
84     + "--domain=$workGroup " .
85     + "--realm=$realm " .
86     "--adminpass=$provisionPass " .
87     "--dns-backend=SAMBA_INTERNAL " .
88     "--use-rfc2307 " .
89     @@ -86,7 +85,7 @@
90     ##Change administrator password from the stashed password to the admin password
91     warn "Samba domain: Setting Admin Password\n";
92     my $set_admin_pass = "/usr/bin/samba-tool user setpassword Administrator " .
93     - "--newpassword=" . $AdminPass . " " .
94     + "--newpassword=" . $adminPass . " " .
95     "-U Administrator\%" . $provisionPass;
96    
97     system ($set_admin_pass);
98     diff -urbN smeserver-samba-0.1.0/root/etc/e-smith/events/actions/samba-create-domain-admins smeserver-samba-0.1.0-062616-update/root/etc/e-smith/events/actions/samba-create-domain-admins
99     --- smeserver-samba-0.1.0/root/etc/e-smith/events/actions/samba-create-domain-admins 2016-07-24 10:25:57.946060238 -0700
100     +++ smeserver-samba-0.1.0-062616-update/root/etc/e-smith/events/actions/samba-create-domain-admins 2016-06-25 15:31:09.000000000 -0700
101     @@ -43,14 +43,6 @@
102     system ($add_root);
103     warn "Unable to create root Samba user\n" if ($? == -1);
104    
105     -my $add_members = "/usr/bin/samba-tool group addmembers " .
106     - "\'Domain Admins\' ".
107     - "root,admin " .
108     - "-U Administrator\%$AdminPass";
109     -system ($add_members);
110     -warn "Unable to add admin and root users to Domain Admins group\n" if ($? == -1);
111     -
112     -
113     ##Create ad_admin account and add it to domain admins for runtime access to acive directory
114     my $add_ad_admin = "/usr/bin/samba-tool user create " .
115     "ad_admin " . esmith::AD::getADPass() . " " .
116     @@ -58,11 +50,11 @@
117     system ($add_ad_admin);
118     die "Samba provisioning error: Unable to create ad_admin user in Active Directory.\n" if ($? == -1);
119    
120     -$add_members = "/usr/bin/samba-tool group addmembers " .
121     +my $add_members = "/usr/bin/samba-tool group addmembers " .
122     "\'Domain Admins\' ".
123     - "ad_admin " .
124     + "root,admin,ad_admin " .
125     "-U Administrator\%$AdminPass";
126     -#system ($add_members);
127     -die "Samba provisioning error: Unable to add ad_admin user to the Domain Admins group.\n" if ($? == -1);
128     +system ($add_members);
129     +warn "Unable to add admin and root users to Domain Admins group\n" if ($? == -1);
130    
131     1;
132     diff -urbN smeserver-samba-0.1.0/root/etc/e-smith/events/actions/user-AD-disable smeserver-samba-0.1.0-062616-update/root/etc/e-smith/events/actions/user-AD-disable
133     --- smeserver-samba-0.1.0/root/etc/e-smith/events/actions/user-AD-disable 1969-12-31 16:00:00.000000000 -0800
134     +++ smeserver-samba-0.1.0-062616-update/root/etc/e-smith/events/actions/user-AD-disable 2016-06-26 19:21:09.000000000 -0700
135     @@ -0,0 +1,38 @@
136     +#!/usr/bin/perl -w
137     +
138     +#------------------------------------------------------------
139     +#This action disables an Active Directory user
140     +#
141     +#Command format:
142     +#
143     +# user-AD-disable event username
144     +#
145     +# event : calling event name
146     +# username : username to disable
147     +#
148     +#Copyright 2016 Koozali Foundation, Inc.
149     +#06/26/2016: G.Zartman <gzartman@koozali.org>
150     +#
151     +#The code contained herein can be distributed under the same
152     +#license as Perl
153     +#
154     +#------------------------------------------------------------
155     +package esmith::thisaction;
156     +
157     +use strict;
158     +use warnings;
159     +no warnings ('qw');
160     +
161     +##Pull arguments
162     +my $event = $ARGV [0] || '';
163     +my $userName = $ARGV [1] || '';
164     +
165     +die "user-AD-disable error: username not found in action arguments\n"
166     + unless ($userName);
167     +
168     +my $disableUser = '/usr/bin/samba-tool user disable ' . $userName;
169     +system ($disableUser);
170     +die "create-AD-disable error: Unable to disable user:"
171     + if ($? == -1);
172     +
173     +1;
174     diff -urbN smeserver-samba-0.1.0/root/etc/e-smith/events/actions/user-create-AD smeserver-samba-0.1.0-062616-update/root/etc/e-smith/events/actions/user-create-AD
175     --- smeserver-samba-0.1.0/root/etc/e-smith/events/actions/user-create-AD 2015-02-12 21:17:53.000000000 -0800
176     +++ smeserver-samba-0.1.0-062616-update/root/etc/e-smith/events/actions/user-create-AD 2016-06-26 19:09:07.000000000 -0700
177     @@ -1,39 +1,36 @@
178     #!/usr/bin/perl -w
179    
180     #------------------------------------------------------------
181     -#This action creates a user in the active directory given
182     -#a unique username and a hash reference of specific user data.
183     -#The hash reference must use the following keys or they will be
184     -#ignored:
185     -#
186     -#\%user_data_hash (
187     -#
188     -# 'description' => Some Description
189     -# 'given-name' => First Name
190     -# 'surname' => Last Name
191     -# 'initials' => User Initials
192     -# 'job-title' => Job Title
193     -# 'company' => Company
194     -# 'department' => Department
195     -# 'mail-address' => Mailing Address
196     -# 'physical-delivery-office' => Physical Address
197     -# 'telephone-number' => Telephone Number
198     -# 'internet-address' => Internet/Web Address
199     -# }
200     +#This action creates an Active Directory user given a username
201     +#from the accountsDB.
202     #
203     -#Copyright 2014 Koozali Foundation, Inc.
204     -#11/25/2014: G.Zartman <gzartman@koozali.org>
205     +#Command format:
206     +#
207     +# user-account-AD event username data:
208     +#
209     +# event : calling event name
210     +# username : unique username
211     +# data : Hash reference to user data to populate the AD
212     +# with. See the note below for
213     +#
214     +#Copyright 2015 Koozali Foundation, Inc.
215     +#06/23/2016: G.Zartman <gzartman@koozali.org>
216     #
217     #The code contained herein can be distributed under the same
218     #license as Perl
219     #
220     #TODO
221     -#- May need ot do a bit of datachecking on the values, unless
222     -# we assume the data comes to this action clean. Initials,
223     -# for example, will error out if more than 3 characters are
224     -# used for the value
225     +#
226     +#- We need to look at some kind of interm solution to use
227     +# acccountsDB in the short term until we figure out where we are
228     +# storing user data long term on SME. For now, we'll build a
229     +# hash of data from the accounts dbase, but also provide a means
230     +# to pass the data to this action with a hashref, which is the
231     +# preferred method for AD.
232     +#- For the hash reference, let's scrub it with the
233     +# esmith::AD::User::ValidData method
234     #- Consider setting the displayName attribute as well, otherwise
235     -# Active directory does it automatically to
236     +# Active Directory does it automatically to
237     # given-name initials surname. In some cases, this looks goofy.
238     #
239     #------------------------------------------------------------
240     @@ -42,89 +39,109 @@
241     use strict;
242     use warnings;
243     use esmith::AccountsDB;
244     -use esmith::AD;
245     +use esmith::ConfigDB;
246     +use esmith::AD::User;
247     no warnings ('qw');
248    
249     +use Data::Dumper; #For debugging
250    
251     ##Pull arguments
252     my $event = $ARGV [0] || '';
253     my $userName = $ARGV [1] || '';
254     -my $refUserData = $ARGV [2] || ''; #hash reference
255     -my $verbose = $ARGV [3] || ''; #flag to display user create output
256     +my $data = $ARGV [2] || ''; #Hash ref
257    
258     die "user-create-AD error: username not found in action arguments\n"
259     unless ($userName);
260    
261     -##Check AccountsDB to see if username existsi
262     -my $adb = esmith::AccountsDB->open_ro;
263     -if ($adb->get($userName)){
264     - die "Error in $event: User exists in esmith::accounts\n";
265     +##Check AD to see if username exists. If usernae already exists, then
266     +##bail out.
267     +my $ad = esmith::AD::User->new;
268     +die "user-create-AD error: User already exists in Active Directory.\n"
269     + if ($ad->doesUserExist($userName));
270     +
271     +##---------------------LEGACY MODE--------------------------------------
272     +##The following block of code will pull data from the
273     +##AccountsDB and copy it into the active directory. Using legacy mode
274     +##will ##ignore user data passed via the $data argument. Once we drop
275     +##support for the AccountsDB, this code can be removed
276     +
277     +my $cdb = esmith::ConfigDB->open_ro;
278     +my $legacy = $cdb->get_prop('smb','legacy');
279     +$cdb->close;
280     +
281     +if ($legacy eq 'enabled') {
282     + warn "Legacy Mode Enabled.\n";
283     +
284     + my $adb = esmith::AccountsDB->open_ro;
285     + my $acct = $adb->get($userName);
286     + die "user-create-AD error: $userName not found in accounts database.\n"
287     + unless (defined $acct and $acct->prop('type') eq "user");
288     +
289     + #build a hashref of AD data from accountdb data
290     + $data= {
291     + 'company' => $acct->prop('Company'),
292     + 'department' => $acct->prop('Dept'),
293     + 'givenName' => $acct->prop('FirstName'),
294     + 'mail' => $acct->prop('ForwardAddress'),
295     + 'physicalDeliveryOfficeName' => $acct->prop('Street'),
296     + 'sn' => $acct->prop('LastName'),
297     + 'telephoneNumber' => $acct->prop('Phone')
298     + };
299     +
300     + $adb->close;
301     }
302     +##----------------END LEGACY MODE----------------------------------------
303     +
304    
305     -##Check AD to see if username exists
306     -my $ad = esmith::AD->new;
307     -if ($ad->doesUserExist($userName)){
308     - die "Error in $event: User exists in Active Directory\n";
309     +##Validate the user data
310     +if (ref($data) eq 'HASH') {
311     + foreach my $key (keys %$data) {
312     + unless ($ad->validData->{$key}) {
313     + warn "Ignoring $key attribute for update -- Not supported.\n";
314     + delete $data->{$key};
315     + }
316     + }
317     }
318    
319     -##Create user in active directory.
320     +##Build Active Directory user create command
321     my $homeDirectory = '/home/e-smith/files/users/' . $userName . '/home/';
322     -my %userData = ();
323     -if (ref($refUserData) eq 'HASH') {%userData = %$refUserData;}
324     +my $shell = '/usr/bin/rssh';
325     +if ($data->{'loginShell'}) {
326     + $shell = $data->{'loginShell'};
327     + delete $data->{'loginShell'};
328     +}
329     +
330    
331     +##Create AD User
332     +my $adPassword = $ad->getADPass();
333     my $addUser = "/usr/bin/samba-tool user create $userName " .
334     "--home-directory=$homeDirectory " .
335     - '--login-shell=/usr/bin/rssh ' .
336     + "--login-shell=$shell " .
337     '--random-password ' .
338     - '--description="Koozali User:" ';
339     -
340     -$addUser .= "$userData{'description'} "
341     - if (defined $userData{'description'});
342     -$addUser .= "--given-name=$userData{'given-name'} "
343     - if (defined $userData{'given-name'});
344     -$addUser .= "--surname=$userData{'surname'} "
345     - if (defined $userData{'surname'});
346     -$addUser .= "--initials=$userData{'initials'} "
347     - if (defined $userData{'initials'});
348     -$addUser .= "--job-title=$userData{'job-title'} "
349     - if (defined $userData{'job-title'});
350     -$addUser .= "--company=$userData{'company'} "
351     - if (defined $userData{'company'});
352     -$addUser .= "--department=$userData{'department'} "
353     - if (defined $userData{'department'});
354     -$addUser .= "--mail-address=$userData{'mail-address'} "
355     - if (defined $userData{'mail-address'});
356     -$addUser .= "--physical-delivery-office=$userData{'physical-delivery-office'} "
357     - if (defined $userData{'physical-delivery-office'});
358     -$addUser .= "--telephone-number=$userData{'telephone-number'} "
359     - if (defined $userData{'telephone-number'});
360     -$addUser .= "--internet-address=$userData{'internet-address'} "
361     - if (defined $userData{'internet-address'});
362     -
363     -#Run user create command silently so passwords dont show up in log files
364     -my $output = `$addUser 2>&1`;
365     -if ($output =~ /ERROR/) {
366     - die "Error creating $userName account" . ($verbose ? ': ' . $output : ".\n");
367     -}
368     -else {
369     - warn("Successfully created user $userName in the Active Directory.\n");
370     + '--description="Koozali User:" ' .
371     + "-U ad_admin\%$adPassword";
372     +system ($addUser);
373     +die ("Unable to add user #userName to Active Directory\n") if ($? == -1);
374     +
375     +##Make user a Posix User
376     +unless ($ad->setPosixUser($userName)) {
377     + warn ("Unable to set posix objectClass in AD for $userName.\n");
378     }
379    
380     -##Set Posix settings for user
381     -$ad = esmith::AD->new();
382     +##Build Unix Attributes
383     my $UID = $ad->createUID($userName) || '';
384     my %posix = ('uidNumber' => $UID,
385     - 'gidNumber' => $UID,
386     + 'gidNumber' => '513',
387     'unixHomeDirectory' => $homeDirectory);
388     -unless ($ad->setAttr('user',$userName,\%posix)) {
389     - warn("Unable to set Posix attributes for $userName.\n");
390     +
391     +##Merge Unix Attributes with any Extended Attributes and save to AD
392     +my $mergedData = \%posix;
393     +if (ref($data) eq 'HASH') {
394     + $mergedData = {%posix,%$data};
395     }
396    
397     +$ad->setManyAttr($userName,\%posix) ||
398     + warn("Unable update user attributes for $userName.\n");
399    
400     -##Disable user until we enable in server-manager by setting password
401     -my $disableUser = '/usr/bin/samba-tool user disable ' . $userName;
402     -system ($disableUser);
403     -die "create-user-AD error: Unable to disable user after create:"
404     - if ($? == -1);
405    
406     1;
407     diff -urbN smeserver-samba-0.1.0/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90PreroutingDNScache smeserver-samba-0.1.0-062616-update/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90PreroutingDNScache
408     --- smeserver-samba-0.1.0/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90PreroutingDNScache 1969-12-31 16:00:00.000000000 -0800
409     +++ smeserver-samba-0.1.0-062616-update/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90PreroutingDNScache 2016-06-21 01:52:10.000000000 -0700
410     @@ -0,0 +1,9 @@
411     +{
412     + my $dnscache_ip = $dnscache{ListenIP} || '127.0.0.3';
413     +
414     + ##Preroute to redirect DNS from local IP to dnscache on localhost 127.0.0.x
415     + $OUT .= " /sbin/iptables -t nat -I PREROUTING --in-interface eth0\\\n";
416     + $OUT .= "\t-p tcp -d $LocalIP --destination-port 53 -j DNAT\\\n";
417     + $OUT .= "\t--to-destination $dnscache_ip";
418     +}
419     +
420     diff -urbN smeserver-samba-0.1.0/root/etc/e-smith/templates/etc/smb.conf/12realm smeserver-samba-0.1.0-062616-update/root/etc/e-smith/templates/etc/smb.conf/12realm
421     --- smeserver-samba-0.1.0/root/etc/e-smith/templates/etc/smb.conf/12realm 2014-11-19 23:32:12.000000000 -0800
422     +++ smeserver-samba-0.1.0-062616-update/root/etc/e-smith/templates/etc/smb.conf/12realm 2016-06-20 23:38:53.000000000 -0700
423     @@ -1,5 +1,6 @@
424     {
425     - my $realm = $smb{realm} || $DomainName;
426     + my $workgroup = $smb{Workgroup} || 'sme-server';
427     + my $realm = $smb{realm} || $workgroup . "." . $DomainName;
428    
429     "realm = $realm";
430     }
431     diff -urbN smeserver-samba-0.1.0/root/usr/share/perl5/vendor_perl/esmith/AD/OU.pm smeserver-samba-0.1.0-062616-update/root/usr/share/perl5/vendor_perl/esmith/AD/OU.pm
432     --- smeserver-samba-0.1.0/root/usr/share/perl5/vendor_perl/esmith/AD/OU.pm 1969-12-31 16:00:00.000000000 -0800
433     +++ smeserver-samba-0.1.0-062616-update/root/usr/share/perl5/vendor_perl/esmith/AD/OU.pm 2016-06-26 20:31:35.000000000 -0700
434     @@ -0,0 +1,84 @@
435     +package esmith::AD::OU;
436     +
437     +use strict;
438     +use base 'esmith::AD';
439     +no warnings ('qw');
440     +
441     +=head1 NAME
442     +
443     +esmith::AD::OU - Sub-Class to the Koozali esmith::AD API
444     +
445     +=head1 SYNOPSIS
446     +
447     + use esmith::AD::OU;
448     +
449     + my $ad = esmith::AD::OU->new();
450     + my @organizational_units = $ad->OUs;
451     +
452     +=head1 DESCRIPTION
453     +
454     +This module provide esmith::AD::OU methods for management of organizational
455     +units stored in the Koozali SME Server Active Directory. These methods are
456     +the preferred methods to interact with user objects in the Active Directory.
457     +Many methods in this class inherit functionality from the esmith::AD parent
458     +class and provide run-time binding of LDAP query elements to these parent
459     +methods. Methods provided in this module abstract Net::LDAP so that knowledge
460     +of this module is not required.
461     +=cut
462     +
463     +sub new {
464     + my ($class, %params) = @_;
465     +
466     + #Define runtime LDAP query parameters
467     + my $base = {
468     + 'default' => '&(objectClass=ou)(!(objectClass=computer))'
469     + };
470     + my $set = {
471     + 'all' => '',
472     + 'builtin' => '(!(objectClass=posixAccount))',
473     + 'koozali' => '(objectClass=posixAccount)',
474     + 'single' => ''
475     + };
476     + my $type = {
477     + 'posix' => ['top','ou','posixAccount']
478     + };
479     +
480     + my $attribute = {
481     + 'default' => 'sAMAccountName'
482     + };
483     + my $self = {
484     + 'base' => $base,
485     + 'set' => $set,
486     + 'attribute' => $attribute,
487     + 'type' => $type
488     + };
489     +
490     +
491     + #bless paramters into the class
492     + bless ($self, $class);
493     +
494     + return ($self);
495     +}
496     +
497     +
498     +=head2 Methods
499     +
500     +Methods here
501     +
502     +=head1 COPYRIGHT
503     +
504     +Copyright (c) 2016 Koozali Foundation, Inc.
505     +This program is free software; you can redistribute it and/or modify it
506     +under the same terms as Perl itself.
507     +
508     +=head1 AUTHOR
509     +
510     +Greg Zartman, Koozali Foundation <gzartman@koozali.org>
511     +
512     +=head1 SEE ALSO
513     +
514     +Net::LDAP
515     +
516     +=cut
517     +
518     +1;
519     diff -urbN smeserver-samba-0.1.0/root/usr/share/perl5/vendor_perl/esmith/AD/User.pm smeserver-samba-0.1.0-062616-update/root/usr/share/perl5/vendor_perl/esmith/AD/User.pm
520     --- smeserver-samba-0.1.0/root/usr/share/perl5/vendor_perl/esmith/AD/User.pm 2015-02-12 21:15:51.000000000 -0800
521     +++ smeserver-samba-0.1.0-062616-update/root/usr/share/perl5/vendor_perl/esmith/AD/User.pm 2016-06-25 23:12:35.000000000 -0700
522     @@ -18,34 +18,46 @@
523     =head1 DESCRIPTION
524    
525     This module provide esmith::AD::User methods for management of users stored
526     -in the Koozali Active Directory. These methods are the preferred methods to
527     -interact with user objects in the Active Directory. Many methods in this
528     -class inherit functionality from the esmith::AD parent class and provide
529     -run-time binding of user objects to these parent methods. Methods provided
530     -in this module abstract Net::LDAP so that knowledge of this module is not
531     -required.
532     -
533     +in the Koozali SME Server Active Directory. These methods are the preferred
534     +methods to interact with user objects in the Active Directory. Many methods
535     +in this class inherit functionality from the esmith::AD parent class and
536     +provide run-time binding of LDAP query elements to these parent methods.
537     +Methods provided in this module abstract Net::LDAP so that knowledge of
538     +this module is not required.
539     =cut
540    
541     sub new {
542     my ($class, %params) = @_;
543     - my $queryElements = {
544     +
545     + #Define runtime LDAP query parameters
546     + my $base = {
547     + 'default' => '&(objectClass=user)(!(objectClass=computer))'
548     + };
549     + my $set = {
550     'all' => '',
551     - 'builtin' => "(!(objectClass=posixAccount))",
552     - 'koozali' => "(objectClass=posixAccount)",
553     - 'member' => '',
554     - 'noMachine' => "(!(objectClass=computer))",
555     - 'object' => "&(objectClass=user)",
556     + 'builtin' => '(!(objectClass=posixAccount))',
557     + 'koozali' => '(objectClass=posixAccount)',
558     'single' => ''
559     };
560     - my $objectClass = ['top','person','organizationalPerson','user',
561     - 'posixAccount'];
562     + my $type = {
563     + 'posix' => ['top','person','organizationalPerson',
564     + 'user','posixAccount']
565     + };
566     +
567     + my $attribute = {
568     + 'default' => 'sAMAccountName'
569     + };
570     my $self = {
571     - 'query' => $queryElements,
572     - 'objectClass' => $objectClass
573     + 'base' => $base,
574     + 'set' => $set,
575     + 'attribute' => $attribute,
576     + 'type' => $type
577     };
578    
579     +
580     + #bless paramters into the class
581     bless ($self, $class);
582     +
583     return ($self);
584     }
585    
586     @@ -69,7 +81,7 @@
587     }
588    
589    
590     -=head3 createUID($name)
591     +=head3 createUID($name)*
592    
593     This method calculates a unix UID for an Active Directory user
594     based upon the SID for the Active Directory object.
595     @@ -85,30 +97,30 @@
596     unless $name;
597    
598     #Pull SID from the AD
599     - return (0) unless (my $SID = $self->getSID('user',$name));
600     + return (0) unless (my $SID = $self->getSID($name));
601    
602     #Return UID = RID + 2000
603     my $RID = (split(/-/,$SID))[7];
604     return($RID+2000);
605     }
606    
607     -=head3 doesUserExist($username)
608     +=head3 doesUserExist($username)*
609    
610     This method checks the Active Directory for the existance of a username passed
611     as a parameter to the method. The method returns 1 if the username exists in
612     the Active Directory and 0 if it does not.
613    
614     -Usage: $user_check = $ad->doesUserExist('group_name');
615     +Usage: $user_check = $ad->doesUserExist('user_name');
616    
617     =cut
618    
619     sub doesUserExist {
620     my ($self,$user) = @_;
621    
622     - my @users = $self->listUsers('all');
623     + my ($userRecord) = $self->queryObjects($user);
624    
625     - if (grep { $user eq $_ } @users) { return(1); }
626     - else{return(0);}
627     + if (defined $userRecord) {return(1);}
628     + else {return(0);}
629     }
630    
631     =head3 getUID($username)
632     @@ -132,7 +144,7 @@
633     This method returns the value of the specified attribute for a user
634     listed in the Active Directory.
635    
636     -Usage: $value = $ad->getUserAttr('uername','attribute');
637     +Usage: $value = $ad->getUserAttr('username','attribute');
638    
639     =cut
640    
641     @@ -173,7 +185,7 @@
642     return (map {(split(/[=,]/,$_))[1]} @results);
643     }
644    
645     -=head3 getUserStatus($username)
646     +=head3 getUserStatus($username)*
647    
648     This method returns user account status, enabled or disabled, for a
649     specified username.
650     @@ -188,23 +200,22 @@
651     return ($self->getStatus($user));
652     }
653    
654     -=head3 listUsers($set)
655     +=head3 listUsers($set)*
656    
657     -This method is an alias method to the esmith::AD::listObjects method.
658     -It returns a list of usernames from the Active Directory, and also
659     -subsets of users:
660     +This method returns a list of usernames in the active directory
661     +depending upon the search set sent to the method. Valid search
662     +sets include:
663    
664     - - builtin: Users defined during the Active Directory
665     + - builtin : Users defined during the Active Directory
666     provisioning (e.g., Administrator);
667     - - koozali: Users defined in the Koozali API.
668     - - all: All users (default).
669     + - koozali : Users defined in the Koozali API.
670     + - all : All users (default).
671    
672     Usage:
673     use esmith::AD::User;
674    
675     my $ad = esmith::AD::User->new();
676     my @users = $ad->listUsers('koozali');
677     -
678     =cut
679    
680     sub listUsers {
681     @@ -213,61 +224,15 @@
682     return($self->listObjects($set));
683     }
684    
685     -=head3 queryMembers($set,$value)
686     -
687     -###FIX ME: Need to rewire
688     -This method is an alias method to the esmith::AD::listObjects method.
689     -It returns a list of usernames from the Active Directory, and also
690     -subsets of users:
691     -
692     -=cut
693     -
694     -sub queryMembers {
695     - my ($self,$set,$value)=@_;
696     -
697     - my $queryFilter = $self->buildQuery('member',$set,$value) || '';
698     -
699     - return ($self->runQuery($queryFilter));
700     -}
701     -
702     -=head3 queryObjects($set,$value)
703     -
704     -###FIX ME: Need to rewire
705     -This method is an alias method to the esmith::AD::listObjects method.
706     -It returns a list of usernames from the Active Directory, and also
707     -subsets of users:
708     -
709     - - builtin: Users defined during the Active Directory
710     - provisioning (e.g., Administrator);
711     - - koozali: Users defined in the Koozali API.
712     - - all: All users (default).
713     -
714     -Usage:
715     - use esmith::AD::User;
716     -
717     - my $ad = esmith::AD::User->new();
718     - my @users = $ad->listUsers('koozali');
719     -
720     -=cut
721     -
722     -sub queryObjects {
723     - my ($self,$set,$value)=@_;
724     -
725     - my $class = 'object';
726     - if (defined $value) {$class = 'single'};
727     -
728     - my $queryFilter = $self->buildQuery($class,$set,$value) || '';
729     -
730     - return ($self->runQuery($queryFilter));
731     -}
732     -
733     -=head3 setPostixUser ($user)
734     +=head3 setPosixUser($user) *
735    
736     This method designates a user as a Posix User. The Posix user type
737     -represents the users managed by Koozali and are those groups that are
738     -displayed in the server-manager
739     +represents the users managed by Koozali and displayed in the
740     +server-manager. This method returns 1 if successful and 0 if something
741     +went wrong.
742    
743     -Usage: $ad->setPosixUser('username')
744     +Usage: $ad = esmith::AD::User;
745     + $ad->setPosixUser('username')
746    
747     =cut
748    
749     @@ -278,22 +243,6 @@
750     }
751    
752    
753     -=head3 setUserAttr($user,$attr,$value)
754     -
755     -This method sets or modifies an attribute value for the specified
756     -username.
757     -
758     -Usage: $ad->setUserAttr('username','attribute','value')
759     -
760     -=cut
761     -
762     -sub setUserAttr {
763     - my ($self,$user,$attr,$value) = @_;
764     -
765     - if ($self->setAttr($user,{$attr=>$value})) { return(1); }
766     - else { die->error("Unable to modify \"$attr\" for user \"$user\".\n");}
767     -}
768     -
769     =head3 setUserGroups($username,$groupRef)
770    
771     This mthod sets the groups that a user is a member of give the username
772     @@ -379,7 +328,7 @@
773    
774     =head1 COPYRIGHT
775    
776     -Copyright (c) 2014 Koozali Foundation, Inc.
777     +Copyright (c) 2016 Koozali Foundation, Inc.
778     This program is free software; you can redistribute it and/or modify it
779     under the same terms as Perl itself.
780    
781     diff -urbN smeserver-samba-0.1.0/root/usr/share/perl5/vendor_perl/esmith/AD.pm smeserver-samba-0.1.0-062616-update/root/usr/share/perl5/vendor_perl/esmith/AD.pm
782     --- smeserver-samba-0.1.0/root/usr/share/perl5/vendor_perl/esmith/AD.pm 2015-02-12 21:14:42.000000000 -0800
783     +++ smeserver-samba-0.1.0-062616-update/root/usr/share/perl5/vendor_perl/esmith/AD.pm 2016-06-26 18:54:06.000000000 -0700
784     @@ -6,11 +6,15 @@
785     use esmith::ConfigDB;
786     use esmith::AccountsDB;
787    
788     +#This package is to aid in debugging. Can remove
789     +use Data::Dumper;
790     +
791     no warnings ('qw');
792    
793     =head1 NAME
794    
795     -esmith::AD - Interface to Samba 4 Active Directory for Koozali
796     +esmith::AD - Interface to Samba 4 Active Directory for
797     + Koozali SME Server
798    
799     =head1 SYNOPSIS
800    
801     @@ -33,7 +37,7 @@
802     This module provides an abstracted interface to Samba 4 Active Directory
803     for the Koozali SME Server.
804    
805     -Methods provided by this interface interacts with Samba 4 Active Directory
806     +Methods provided by this interface interact with Samba 4 Active Directory
807     using the Net::LDAP perl module. Understanding of Net::LDAP syntax is
808     not required to utilize the primary functionality provided by this interface,
809     but the full suite of Net::LDAP methods is provided by this module should
810     @@ -51,15 +55,15 @@
811    
812     =head2 Fully Abstraced Methods
813    
814     -For all intents and purposes, this interface is the preferred approach to
815     -interact with the Koozali Active Directory. Included in this API are child
816     -classes for managing the different object types in the Active Directory
817     +For all intents and purposes, fully abstracted methods are the the preferred
818     +approach to interact with the Koozali Active Directory. Included in this API
819     +are child classes for managing the different object types in the Active Directory
820     including users, groups, and DNS entries. Methods provided in this parent
821     class should generally not be called directly (unless noted in the method
822     -specific documentation), but from one of these child classies. This is because
823     +specific documentation), but from one of these child classes. This is because
824     this API provides run-time binding of many of these parent methods to the
825     object types they are presented with. See esmith::AD::User, esmith::AD::Group,
826     -and esmith::AD::DNS for more details.
827     +esmith::AD:OU, and esmith::AD::DNS for more details.
828    
829     Usage example:
830     use esmith::AD::User;
831     @@ -69,10 +73,10 @@
832    
833     =head3 getADRecord {$name)
834    
835     -This method returns a hash reference of attribute / value pairs
836     +This method returns a hash reference of attribute/value pairs
837     from the Active Directory for attributes supported by this method,
838     -given an object name. This method should not be called from this
839     -class, but one of the esmith::AD child classes.
840     +given an object name. This method must be called from a child
841     +method or this code will return a runtime error.
842    
843     Usage: $hashref = $ad->getADRecord($name);
844    
845     @@ -102,9 +106,8 @@
846     =head3 SID($name)
847    
848     This method retrieves the SID for a specified Active Directory
849     -object name, decrypts it, and then returns it. This method
850     -must be called from a esmith::AD child and not directly
851     -from this class.
852     +object name, decrypts it, and then returns it. This method must be
853     +called from a child method or this code will return a runtime error.
854    
855     Usage: my $sid = $ad->getSID('username');
856    
857     @@ -118,7 +121,7 @@
858     if (ref($self) eq 'esmith::AD');
859     die $self->error("Object name not specified.\n") unless $name;
860    
861     - my ($record) = $self->queryObjects('single',$name);
862     + my ($record) = $self->queryObjects($name);
863    
864     die $self->error("Unable to find \"$name\" in the Active Directory.\n")
865     unless ($record);
866     @@ -128,11 +131,12 @@
867     return($self->sidToString($encryptedSID));
868     }
869    
870     +
871     =head3 getStatus($name)
872    
873     This method returns the status, enabled or disabled, for various entries
874     -in the Active Directory. This method must be called from a esmith::AD
875     -child and not directly from this class.
876     +in the Active Directory. This method must be called from a child
877     +method or this code will return a runtime error.
878    
879     Usage: my $status=$ad->getStatus('username');
880    
881     @@ -147,7 +151,7 @@
882     die $self->error("Object name not specified.\n") unless $name;
883    
884     #Lookup entry in the active directory
885     - my ($record) = $self->queryObjects('single',$name);
886     + my ($record) = $self->queryObjects($name);
887    
888     die $self->error("Unable to find \"$name\" in the Active Directory.\n")
889     unless ($record);
890     @@ -161,19 +165,26 @@
891    
892     =head3 listObjects($set)
893    
894     -This method returns a list of object names (cn) from the Active Directory.
895     -The method is meant to be called from an esmith::AD child and not directly
896     -from the parent class, esmith::AD. This method also queriesi subsets of
897     -objects:
898     +This method returns a list of object names (sAMAccountName) from the Active
899     +Directory. It will return one of the following subsets of AD objects:
900    
901     - - all: All objects within the search objectClass;
902     + - all: All searchable objects;
903     - builtin: Objects defined during the AD provisioning;
904     - - koozali: Objects defined by this API.
905     + - koozali: Objects defined by this API;
906    
907     -Usage: use esmith::AD::User;
908     +Usage example 1: Get a list of koozali users
909    
910     + use esmith::AD::User;
911     my $ad = esmith::AD;User->new();
912     - my @objects = $ad->listObjects('koozali');
913     + my @kooazli_users = $ad->listObjects('koozali');
914     +
915     +Usage example 2: Get list of buildin groups
916     +
917     + usee esmith::AD:Group;
918     + my $ad = esmith::AD:Group->new();
919     + my @builtin_groups = $ad->listObjects('builtin');
920     +
921     +This method must be called from a child method or this code will return a runtime error.
922    
923     =cut
924    
925     @@ -192,50 +203,172 @@
926     die $self->error("Unable to query objects from Active Directory.\n")
927     unless (@records);
928    
929     - my @objects = map { $_->get_value('cn') } @records;
930     + my @objects = map { $_->get_value('sAMAccountName') } @records;
931    
932     return(@objects);
933     }
934    
935     -=head3 setAttr($type,$name,$hashRef)
936    
937     -This method sets or modifies attribute / value pairs for an Active Directory
938     -object given object type, object name, and a hash reference to the values
939     -to set or modify. It should be noted that this method will only update
940     -attribute / value pairs as defined the validData method.
941     -
942     -NOTE: This method dies is data fails validation check. This may need
943     - to be changed to provide better feedback to server-panels and
944     - what not.
945     -
946     -FIXME: 1)NEED TO FIX THE CODE THAT VALIDATES DAT APRIOR TO UPDATING
947     - 2)The name attribute is actually givenName + sn (surname) attribute
948     - with a space between. We should consider forcing this instead of
949     - letting it be changed free form as we are now.
950     +
951     +
952     +=head3 queryMembers($set,$value)
953     +
954     +###FIX ME: Need to rewite POD
955     +This method is an alias method to the esmith::AD::listObjects method.
956     +It returns a list of usernames from the Active Directory, and also
957     +subsets of users:
958     +
959     +=cut
960     +
961     +sub queryMembers {
962     + my ($self,$set,$value)=@_;
963     +
964     + ##Need to rewrite this to use the queryObjectsmethod
965     + my $queryFilter = $self->BuildQuery('member',$set,$value) || '';
966     +
967     + return ($self->runQuery($queryFilter));
968     +}
969     +
970     +
971     +=head3 queryObjects($self,$value,$attribute,$base)
972     +
973     +This is the primary query method for this API and returns Net::LDAP record
974     +objects from the Active Directory in list context. Many of the query elements
975     +for an AD query are set via runtime parameters in the child class calling
976     +this method. If nothing is passed to this method, then this method returns
977     +a list of all user records in the Active Directory.
978     +
979     +$value defines what records this method will search for, given default query
980     +elements set in the child class. Setting $value to the following will search
981     +for specific groups of user records in the AD:
982     +
983     + - all: All user account records in the active directory
984     + - buildin: Builtin user account records. Example: Administrator
985     + - koozali: All user accoun records defined in this UI. These are the typical
986     + user accounts setup in the server-manager for via the commandline.
987     +
988     +To search for a single user record, set $value to the Active Directory attribute
989     +value for the record you'd like to search for. The default search attribute is
990     +the username (e.g., sAMAccountName).
991     +
992     +This method can also search for single records given other AD attributes,
993     +but other search attributes must be defined in child classes. See child
994     +class perldoc for details on support AD attributes.
995     +
996     +
997     + #Search for a user record by username
998     + use esmith::AD::User;
999     + my $ad = esmith::AD->new;
1000     + my ($userRecord) = $ad->QueryObjects('username');
1001     +
1002     + #Search all Koozali users
1003     + user esmith::AD::User;
1004     + my @koozaliUser = $ad-QueryObjects('koozali');
1005     +
1006     +=cut
1007     +
1008     +sub queryObjects {
1009     + my ($self,$setValue,$attribute,$base)=@_;
1010     +
1011     + ##Error out if this method called from this class and not a child
1012     + die $self->error("Must call this method on a esmith::AD child object.\n")
1013     + if (ref($self) eq 'esmith::AD');
1014     +
1015     + ##Check for changes to the runtime query parameters.
1016     + $attribute = 'default'
1017     + unless ($attribute && defined($self->{'attribute'}->{$attribute}));
1018     + $base = 'default'
1019     + unless ($base && defined($self->{'base'}->{$base}));
1020     +
1021     + ##Assume we are searching for all user accounts unless the $value tells us
1022     + ##otherwise
1023     + my $set = 'all';
1024     + my $searchValue = '';
1025     +
1026     + ##Look at $setValue and determine query set
1027     + if (grep {$setValue eq $_} qw(all builtin koozali)) {
1028     + $set = $setValue;
1029     + }
1030     + else {
1031     + $set = 'single';
1032     + $searchValue = $setValue;
1033     + };
1034     +
1035     +
1036     + ##Build Query Filter
1037     + my $queryFilter = $self->{'base'}->{"$base"} .
1038     + $self->{'set'}->{"$set"};
1039     + if ($set eq 'single') {
1040     + $queryFilter .= "(" .
1041     + $self->{'attribute'}->{$attribute} .
1042     + "=" .
1043     + $searchValue .
1044     + ")";
1045     + }
1046     +
1047     + return ($self->runQuery($queryFilter));
1048     +}
1049     +
1050     +
1051     +=head3 setAttr($name,$attr,$value)
1052     +
1053     +This method sets or modifies a single attribute/value pair for a
1054     +specified object given the object sAMAccount Name and a attribute
1055     +value pair. See setManyAttr for more details about updating object
1056     +attributes.
1057     +
1058     +Usage: $ad->setAttr('name','attribute','value')
1059     +
1060     =cut
1061    
1062     sub setAttr {
1063     + my ($self,$name,$attr,$value) = @_;
1064     +
1065     + if ($self->setManyAttr($name,{$attr=>$value})) { return(1); }
1066     + else { die->error("Unable to modify \"$attr\" for \"$name\".\n");}
1067     +}
1068     +
1069     +
1070     +=head3 setManyAttr($name,$hashRef)
1071     +
1072     +This method sets or modifies multiple attribute / value pairs for
1073     +an Active Directory object sAMAccount. The method uses
1074     +runtime binding to determine which type of object is being updated.
1075     +Update attribute pairs need to be passed to the method as a hash
1076     +reference. It should be noted that this method will only update
1077     +attribute / value pairs supported by this class. All other pairs will
1078     +be ignored. Supported attribute/value paris are defined in the
1079     +validData method. This method returns 1 if successful and will typically
1080     +die with appropriate error information if unsucessful.
1081     +
1082     +NOTE: This method currently dies if data fails validation check.
1083     + This may need to be changed to provide better feedback to
1084     + server-panels in the future.
1085     +=cut
1086     +
1087     +sub setManyAttr {
1088     my ($self,$name,$attrRef) = @_;
1089    
1090     #Don't allow this method from this class
1091     die $self->error("Must call this method on a esmith::AD child object.\n")
1092     if (ref($self) eq 'esmith::AD');
1093     +
1094     + #Check to make sure we have enough data to perform an update
1095     die $self->error("Entity to modify not specified.\n") unless ($name);
1096     die $self->error("No attributes set to modify for $name\n")
1097     unless (ref($attrRef) eq 'HASH');
1098    
1099     -
1100     - ##Validate attributes and values to update
1101     + #Validate that we support the attributes for update
1102     foreach my $key (keys %$attrRef) {
1103     - die $self->error("Unsupported attribute \"$key\".\n")
1104     - unless ($self->validData->{$key});
1105     -
1106     - ###FIX ME: Add regex check for actual values
1107     + unless ($self->validData->{$key}) {
1108     + warn "Ignoring $key attribute for update -- Not supported.\n";
1109     + delete $attrRef->{$key};
1110     + }
1111     }
1112    
1113     #Query Record to update from AD
1114     - my ($record) = $self->queryObject($name);
1115     - die $self->error("Unable to query \"$name\" from Active Directory\n.")
1116     + my ($record) = $self->queryObjects($name);
1117     + die $self->error("Unable to query \"$name\" from Active Directory.\n.")
1118     unless ($record);
1119    
1120     my $result = $self->updateAD($record,$attrRef);
1121     @@ -244,11 +377,10 @@
1122     return (1);
1123     }
1124    
1125     -=head3 setPosix($type,$name)
1126     +=head3 setPosix($type,$name) *
1127    
1128     This method designates an Active Directory object as a Posix object given
1129     -object type and name. Currently, this method support the types user and
1130     -group.
1131     +and object sAMAccount name (e.g., username).
1132    
1133     =cut
1134    
1135     @@ -260,13 +392,15 @@
1136     if (ref($self) eq 'esmith::AD');
1137    
1138     #Pull record from AD
1139     - my ($record) = $self->queryObject($name);
1140     + my ($record) = $self->queryObjects($name);
1141     die $self->error("Unable to find \"$name\" in the Active Directory.\n")
1142     unless ($record);
1143    
1144     + ##Localize posix type array reference to shorten LDAP update syntax
1145     + my $typeRef = {'objectClass' => $self->{'type'}->{'posix'}};
1146     +
1147     #Set the Posix objectClass
1148     - my $result = $self->updateAD($record,
1149     - {'objectClass'=>$self->{'objectClass'}});
1150     + my $result = $self->updateAD($record,$typeRef);
1151     die $self->error("Unable to update \"$name\" record.\n") unless ($result);
1152    
1153     return(1);
1154     @@ -278,11 +412,11 @@
1155     Methods providing a thin abstracted connection to Koozali Active Directory
1156     using Net::LDAP. These methods are designed to connect directly to the
1157     Koozali Active Directory and return Net::LDAP objects. The developer should
1158     -generally not need to call these Partiall Abstracted Methods directly, as
1159     -this class includes Fully Abstracted Methods that provide Active Directory
1160     -functionality needed to manage the Koozali SME Server. However, the
1161     -developer may utilize these Partially Abstracted Methods for more fine
1162     -grained interacting with the Active Directory using Net::LDAP.
1163     +generally not need to call these Partially Abstracted Methods directly, as
1164     +this class includes Fully Abstracted Methods to more directly and specifically
1165     +access data in the Active Directly. However, the developer may utilize these
1166     +Partially Abstracted Methods for more fine grained interacting with the
1167     +Active Directory using Net::LDAP.
1168    
1169     =head3 connect()
1170    
1171     @@ -308,6 +442,7 @@
1172     my $domain = $self->domain;
1173     my $sme_ad_host=$self->hostIP;
1174    
1175     +
1176     #Pull AD password from local storage
1177     my $ad_password = $self->getADPass;
1178    
1179     @@ -316,6 +451,7 @@
1180    
1181     #Bind to the AD and return the connection object
1182     my $bind = $ad->bind($domain . "\\ad_admin", password=>$ad_password);
1183     +
1184     if($bind->code) {
1185     die $self->error($bind->server_error);
1186     }
1187     @@ -341,17 +477,21 @@
1188     sub runQuery {
1189     my ($self,$filter) = @_;
1190    
1191     - die $self->error('Query filter no specified.') unless $filter;
1192     + die $self->error('Query filter not specified.') unless $filter;
1193    
1194     - ##Connect to AD
1195     + ##Bind to AD
1196     my $ad = $self->connect;
1197    
1198     - ##Send query to the Active Directory
1199     + ##Get LDAP base DN for AD query -- we need to build it.
1200     + my $base = $self->baseDN;
1201     +
1202     + ##Query the Active Directory
1203     my $query=$ad->search(
1204     - base => 'DC=domain,DC=com',
1205     + base => "$base",
1206     filter => "$filter"
1207     );
1208     $ad->unbind;
1209     +
1210     if($query->code) { die $self->error($query->server_error);}
1211    
1212     return ($query->entries);
1213     @@ -362,7 +502,7 @@
1214     This method updates an Active Directory record, given a Net::LDAP::Entry
1215     object and a hash reference of data to update. This method does not check
1216     the contents of the record to update nor the hash reference prior to trying
1217     -to upate the Active Directory other than schema checks done by the LDAP
1218     +to update the Active Directory, other than schema checks done by the LDAP
1219     server. The method will return 1 if the update was successful and will die
1220     with a LDAP server error is there was a problem.
1221    
1222     @@ -375,7 +515,7 @@
1223    
1224     die $self->error("Record object to update not specified.\n")
1225     unless ($record =~ /Net::LDAP::Entry/);
1226     - die $self->error("Update hash reference no specified.\n")
1227     + die $self->error("Update hash reference not specified.\n")
1228     unless (ref($attrRef) eq "HASH");
1229    
1230     #Bind to AD and update
1231     @@ -397,27 +537,27 @@
1232     ##other than the note comments contained in this code, as they
1233     ##are meant to support other methods contained in this class.
1234     ##The developer may use these methods, but should examine the
1235     -##code closely to achieved desired results.
1236     +##code closely to achieve desired results.
1237     ##-----------------------------------------------------------
1238    
1239     #------------------------------------------------------------
1240     -#Method: buildFilter($set,$value)
1241     -# This method builds a query filter by run-time binding
1242     -# to esmith::AD child query elements
1243     +#Method: baseDN()
1244     +# This method builds the Base DN for LDAP query of the
1245     +# Active Directory. The Base DN is build from the
1246     +# primary machine domain name, which is considered the
1247     +# realm by Samba.
1248     +#
1249     #-----------------------------------------------------------
1250     -sub buildQuery {
1251     - my ($self,$class,$set,$value)=@_;
1252     -
1253     - #Set dynamic LDAP query elements
1254     - $self->{'query'}->{'single'} = "&(cn=$value)(objectClass=group)";
1255     - $self->{'query'}->{'member'} = "&(objectClass=group)(memberOf=$value)";
1256     +sub baseDN {
1257     + my ($self)=@_;
1258    
1259     - $set = 'all' unless (grep {$set eq $_} qw(all builtin koozali));
1260     + my $realm = $self->realm;
1261     + my @elements = split (/\./, $realm);
1262    
1263     - my $filter = $self->{'query'}->{$class} . $self->{'query'}->{$set};
1264     - $filter .= $self->{'query'}->{'noMachine'};
1265     + my $base = '';
1266     + foreach (@elements) {$base .= "DC=" . $_ . ","};
1267    
1268     - return($filter)
1269     + return(substr ($base,0,-1));
1270     }
1271    
1272     #------------------------------------------------------------
1273     @@ -426,24 +566,48 @@
1274     sub error {
1275     my ($self,$error)=@_;
1276    
1277     + $error = '' unless $error;
1278     +
1279     return ((caller(1))[3] . " error: " . $error);
1280     }
1281    
1282     #------------------------------------------------------------
1283     #Method: domain()
1284     -# This method returns the Samba domain from the smb
1285     -# configuration dbase. This method is not meant to be
1286     -# used external to this class.
1287     +# This method returns the Samba domain, which is stored
1288     +# in the configuration dbase as Workgroup
1289     #------------------------------------------------------------
1290     sub domain {
1291     my $self = shift;
1292    
1293     my $cdb = esmith::ConfigDB->open_ro;
1294     my $domain = $cdb->get_prop('smb','Workgroup') ||
1295     - die $self->error("Unable to determine AD domain name from ConfigDB\n");
1296     + die $self->error("Unable to determine the Workgroup from ConfigDB\n");
1297     + $cdb->close;
1298     +
1299     + return ($domain);
1300     +}
1301     +
1302     +#------------------------------------------------------------
1303     +#Method: realm()
1304     +# This method returns the realm which is the SME
1305     +# domain name stored in the configuration dbase
1306     +# This method is not meant to be used external
1307     +# to this class.
1308     +#------------------------------------------------------------
1309     +sub realm {
1310     + my $self = shift;
1311     +
1312     + my $cdb = esmith::ConfigDB->open_ro;
1313     + my $realm = $cdb->get_prop('smb','realm');
1314     + return ($realm) if defined $realm;
1315     +
1316     + my $domainName = $cdb->get_value('DomainName') ||
1317     + die $self->error("Unable to determine Domain Name from ConfigDB\n");
1318     $cdb->close;
1319    
1320     - return($domain);
1321     + my $ad_domain = $self->domain();
1322     +
1323     + return($ad_domain . '.' . $domainName);
1324     }
1325    
1326     #------------------------------------------------------------
1327     @@ -512,6 +676,12 @@
1328     return $sid_str;
1329     }
1330    
1331     +=head1 COPYRIGHT
1332     +
1333     +Copyright (c) 2016 Koozali Foundation, Inc.
1334     +This program is free software; you can redistribute it and/or modify it
1335     +under the same terms as Perl itself.
1336     +
1337     =head1 AUTHOR
1338    
1339     Greg Zartman, Koozali Foundation <gzartman@koozali.org>

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed