/[smeserver]/rpms/smeserver-samba/sme9/smeserver-samba-0.1.0-072416-update.patch
ViewVC logotype

Annotation of /rpms/smeserver-samba/sme9/smeserver-samba-0.1.0-072416-update.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Sat Jul 30 18:44:01 2016 UTC (8 years, 3 months ago) by gzartman
Branch: MAIN
CVS Tags: HEAD
* Sun Jul 24 2016 Greg Zartman <gzartman@koozali.org> 0.1-0-5
- Extend Active Directory schema to include quota and
  smeCustom attributes via the koozaliUser objectClass
- Remove adjust-samba event and use services2adjust
- Add Group-create-AD action
- Design changes to provision-domain-controller and
  bootstrap-provision-dc events to provision samba entirely
  cold using ldif
- Add pseudonym support to esmith::AD
- Further enhancement to esmith::AD to provide user & group
  management functionality similar to that provided by AccountsDB
- Re-write createlinks to flow a more logical sequence
- Fix dnsforwarder in smb.conf
- Fix several esmith::AD::User and esmith::AD::Group methods broken
  in 0.1-0-3 when we added runtime binding

1 gzartman 1.1 diff -urbN smeserver-samba-0.1.0/createlinks smeserver-samba-0.1.0-072416-update/createlinks
2     --- smeserver-samba-0.1.0/createlinks 2016-07-29 20:46:38.899060240 -0700
3     +++ smeserver-samba-0.1.0-072416-update/createlinks 2016-07-29 21:31:49.086060261 -0700
4     @@ -2,54 +2,136 @@
5    
6     use esmith::Build::CreateLinks qw(:all);
7    
8     +#====================================================
9     +#DEFAULTS
10     +#====================================================
11     +my $schemaPath='/home/e-smith/files/server-resources/schema/';
12    
13     -safe_symlink("../daemontools", "root/etc/rc.d/init.d/supervise/smb");
14    
15     +#====================================================
16     +#SERVER-MANAGER
17     +#====================================================
18     ##Set server-manager links
19     #my $panel = "manager";
20     #panel_link("workgroup", $panel);
21    
22     -##Define events that templates2expand expands smb.conf
23     -templates2events("/etc/samba/smb.conf", qw(
24     - provision-domain-controller
25     - bootstrap-initialize-samba));
26     -
27     -##Define events that templates2expand expands krb5.conf
28     -templates2events("/etc/krb5.conf", qw(
29     - provision-domain-controller
30     - bootstrap-initialize-samba));
31    
32     -##Links for provision-domain-controller event
33     +#====================================================
34     +#EVENTS
35     +#====================================================
36     +
37     +#----------------------------------------------------
38     +#provision-domain-controller
39     +#----------------------------------------------------
40     +$event = "provision-domain-controller";
41     +
42     +#Define action links
43     $event = "provision-domain-controller";
44     -event_link("adjust-samba-down", $event, "01");
45     event_link("initialize-default-databases", $event, "01");
46     event_link("provision-domain-controller", $event, "01");
47     event_link("samba-reset-defaults", $event, "02");
48     -event_link("samba-create-domain-admins", $event,"03");
49     -event_link("adjust-samba-up", $event, "50");
50     +event_link("AD-schema-modify", $event,"30");
51     +event_link("samba-create-domain-admins", $event, "60");
52    
53     -##Links for user-create
54     -$event = "user-create";
55     -event_link("user-create-AD", $event, "04");
56     +#Define templates2expand
57     +templates2events('/etc/samba/smb.conf',$event);
58     +templates2events('/etc/krb5.conf',$event);
59     +templates2events($schemaPath.'extendedADAttributes.ldif',$event);
60     +templates2events($schemaPath.'koozaliADClass.ldif',$event);
61     +templates2events($schemaPath.'modifyADSchema.ldif',$event);
62     +templates2events($schemaPath.'setupAdmins.ldif',$event);
63     +
64     +#Define services2adjust
65     +event_services($event, (
66     + 'smb' => 'sighup'
67     + ));
68     +
69     +#----------------------------------------------------
70     +#bootstrap-proviision-dc
71     +#----------------------------------------------------
72     +$event = "bootstrap-provision-dc";
73    
74     -##Links for adjust-samba event
75     -$event = "adjust-samba";
76     -event_link("adjust-samba-down", $event, "20");
77     -event_link("adjust-samba-up", $event, "30");
78     -
79     -##Links for bootstrap-intialize-samba event
80     -$event = "bootstrap-initialize-samba";
81     -event_link("provision-domain-controller", $event, "02");
82     +#Define action links
83     +event_link("provision-domain-controller", $event, "01");
84     event_link("samba-reset-defaults", $event, "02");
85     -event_link("samba-create-domain-admins", $event,"03");
86     +event_link("AD-schema-modify", $event,"30");
87     +event_link("samba-create-domain-admins", $event, "60");
88    
89     +#Define templates2expand
90     +templates2events('/etc/samba/smb.conf',$event);
91     +templates2events('/etc/krb5.conf',$event);
92     +templates2events($schemaPath.'extendedADAttributes.ldif',$event);
93     +templates2events($schemaPath.'koozaliADClass.ldif',$event);
94     +templates2events($schemaPath.'modifyADSchema.ldif',$event);
95     +templates2events($schemaPath.'setupAdmins.ldif',$event);
96     +
97     +#----------------------------------------------------
98     +#user-create
99     +#----------------------------------------------------
100     +$event = "user-create";
101     +
102     +#Define action links
103     +event_link("user-create-AD", $event, "04");
104    
105     -##Link smb to daemontools
106     +#----------------------------------------------------
107     +#group-create
108     +#----------------------------------------------------
109     +$event = "group-create";
110     +
111     +#Define action links
112     +event_link("group-create-AD", $event, "04");
113     +
114     +#----------------------------------------------------
115     +#post-upgrade
116     +#----------------------------------------------------
117     +$event = 'post-upgrade';
118     +
119     +#Define templates2expand
120     +templates2events('/etc/samba/smb.conf',$event);
121     +templates2events('/etc/krb5.conf',$event);
122     +templates2events($schemaPath.'extendedADAttributes.ldif',$event);
123     +templates2events($schemaPath.'koozaliADClass.ldif',$event);
124     +templates2events($schemaPath.'modifyADSchema.ldif',$event);
125     +templates2events($schemaPath.'setupAdmins.ldif',$event);
126     +
127     +#----------------------------------------------------
128     +#post-install
129     +#----------------------------------------------------
130     +$event = 'post-install';
131     +
132     +#Define templates2expand
133     +templates2events('/etc/samba/smb.conf',$event);
134     +templates2events('/etc/krb5.conf',$event);
135     +templates2events($schemaPath.'extendedADAttributes.ldif',$event);
136     +templates2events($schemaPath.'koozaliADClass.ldif',$event);
137     +templates2events($schemaPath.'modifyADSchema.ldif',$event);
138     +templates2events($schemaPath.'setupAdmins.ldif',$event);
139     +
140     +
141     +#====================================================
142     +#SERVICE SETUP
143     +#====================================================
144     +#Link smb to daemontools
145     safe_symlink("daemontools", "root/etc/rc.d/init.d/smb");
146     safe_symlink("/var/service/smb", "root/service/smb");
147     +safe_symlink("../daemontools", "root/etc/rc.d/init.d/supervise/smb");
148    
149     ##Run level links to smb service
150     safe_symlink("/etc/rc.d/init.d/supervise/smb", "root/etc/rc.d/rc7.d/S91smb");
151     safe_symlink("/etc/rc.d/init.d/supervise/smb", "root/etc/rc.d/rc6.d/K35smb");
152     safe_symlink("/etc/rc.d/init.d/supervise/smb", "root/etc/rc.d/rc1.d/K35smb");
153     safe_symlink("/etc/rc.d/init.d/supervise/smb", "root/etc/rc.d/rc0.d/K35smb");
154     +
155     +#====================================================
156     +#MISC
157     +#====================================================
158     +#Create template-begin files and empty config files schema templates
159     +foreach (qw(extendedADAttributes.ldif
160     + koozaliADClass.ldif
161     + modifyADSchema.ldif
162     + setupAdmins.ldif))
163     +{
164     + safe_touch("root/$schemaPath/$_");
165     + safe_touch("root/etc/e-smith/templates/$schemaPath/$_/template-begin");
166     +}
167     +
168     diff -urbN smeserver-samba-0.1.0/root/etc/e-smith/events/actions/AD-schema-modify smeserver-samba-0.1.0-072416-update/root/etc/e-smith/events/actions/AD-schema-modify
169     --- smeserver-samba-0.1.0/root/etc/e-smith/events/actions/AD-schema-modify 1969-12-31 16:00:00.000000000 -0800
170     +++ smeserver-samba-0.1.0-072416-update/root/etc/e-smith/events/actions/AD-schema-modify 2016-07-05 23:31:44.000000000 -0700
171     @@ -0,0 +1,48 @@
172     +#!/usr/bin/perl -w
173     +#------------------------------------------------------------
174     +#This action modifies the Active Directory with
175     +#attributes specific to Koozali SME Server
176     +#
177     +#Copyright 2016 Koozali Foundation, Inc.
178     +#06/30/2016: G.Zartman <gzartman@koozali.org>
179     +#
180     +#The code contained herein can be distributed under the same
181     +#license as Perl
182     +#------------------------------------------------------------
183     +use strict;
184     +use warnings;
185     +
186     +##Pull arguments
187     +my $event = $ARGV [0] || 'none';
188     +
189     +##Set a few path vars to abbreviate the systems commands
190     +my $ldifs = '/home/e-smith/files/server-resources/schema/';
191     +my $ad = '/var/lib/samba/private/sam.ldb';
192     +
193     +warn "Extending Active Directory:\n";
194     +
195     +##Add Attributes
196     +warn "Attributes: quota and smeCustom\n";
197     +my $addAttributes = '/usr/bin/ldbadd -H ' .
198     + "$ad " .
199     + $ldifs . 'extendedADAttributes.ldif ' .
200     + '--option="dsdb:schema update allowed"=true';
201     +system ($addAttributes);
202     +
203     +
204     +##Create Koozali Object Class for new attributes
205     +my $addKoozaliClass = '/usr/bin/ldbadd -H ' .
206     + "$ad " .
207     + $ldifs . 'koozaliADClass.ldif ' .
208     + '--option="dsdb:schema update allowed"=true';
209     +system ($addKoozaliClass);
210     +
211     +
212     +##Apply User class updates
213     +warn "Attempting to register User Class\n";
214     +my $modifyUserClass = '/usr/bin/ldbmodify -H ' .
215     + "$ad " .
216     + $ldifs . 'modifyADSchema.ldif ' .
217     + '--option="dsdb:schema update allowed"=true';
218     +
219     +system ($modifyUserClass);
220     diff -urbN smeserver-samba-0.1.0/root/etc/e-smith/events/actions/group-create-AD smeserver-samba-0.1.0-072416-update/root/etc/e-smith/events/actions/group-create-AD
221     --- smeserver-samba-0.1.0/root/etc/e-smith/events/actions/group-create-AD 1969-12-31 16:00:00.000000000 -0800
222     +++ smeserver-samba-0.1.0-072416-update/root/etc/e-smith/events/actions/group-create-AD 2016-07-02 10:45:54.000000000 -0700
223     @@ -0,0 +1,90 @@
224     +#!/usr/bin/perl -w
225     +
226     +#------------------------------------------------------------
227     +#This action creates an Active Directory group
228     +#
229     +#Command format:
230     +#
231     +# group-create-AD event username data:
232     +#
233     +# event : calling event name
234     +# username : unique groupname
235     +# data : Hash reference to user data to populate the AD
236     +# with. See esmith::AD::Groups->attributes() for
237     +# supported group attributes
238     +#
239     +#
240     +#Note: This action uses the samba-tool utility to add a new
241     +# group the the Active Directory. Samba-tool does not
242     +# exit very gracefully if it has a problem, so this
243     +# action may throw some really funky error messages
244     +#
245     +#Copyright 2016 Koozali Foundation, Inc.
246     +#07/02/2016: G.Zartman <gzartman@koozali.org>
247     +#
248     +#The code contained herein can be distributed under the same
249     +#license as Perl
250     +#
251     +#TODO
252     +#
253     +#-------------------------------------------------------------
254     +package esmith::thisaction;
255     +
256     +use strict;
257     +use warnings;
258     +use esmith::ConfigDB;
259     +use esmith::AD::Group;
260     +no warnings ('qw');
261     +
262     +use Data::Dumper; #For debugging
263     +
264     +##Pull arguments
265     +my $event = $ARGV [0] || '';
266     +my $groupName = $ARGV [1] || '';
267     +my $data = $ARGV [2] || ''; #Hash ref
268     +
269     +die "group-create-AD error: groupname not found in action arguments\n"
270     + unless ($groupName);
271     +
272     +##Check AD to see if group exists. If it already exists, then exit
273     +my $ad = esmith::AD::Group->new();
274     +die "group-create-AD error: Group already exists in Active Directory.\n"
275     + if ($ad->doesGroupExist($groupName));
276     +
277     +##Validate the group data passed as hash. If nothing is passed, ignore
278     +if (ref($data) eq 'HASH') {
279     + foreach my $key (keys %$data) {
280     + unless ($ad->validData->{$key}) {
281     + warn "Ignoring $key attribute for update -- Not supported.\n";
282     + delete $data->{$key};
283     + }
284     + }
285     +}
286     +
287     +##Build Active Directory group create command
288     +my $adPassword = $ad->getADPass();
289     +my $addGroup = "/usr/bin/samba-tool group add $groupName " .
290     + "-U ad_admin\%$adPassword";
291     +
292     +system ($addGroup);
293     +die ("Unable to add group $groupName to Active Directory\n") if ($? == -1);
294     +
295     +##Make group a Posix Group
296     +unless ($ad->setPosixGroup($groupName)) {
297     + warn ("Unable to set posix objectClass in AD for $groupName.\n");
298     +}
299     +
300     +##Build Unix Attributes
301     +my $GID = $ad->createGID($groupName) || '';
302     +my %posix = ('gidNumber' => $GID);
303     +
304     +##Merge Unix Attributes with any Extended Attributes and save to AD
305     +my $mergedData = \%posix;
306     +if (ref($data) eq 'HASH') {
307     + $mergedData = {%posix,%$data};
308     +}
309     +
310     +$ad->setManyAttr($groupName,$mergedData) ||
311     + warn("Unable update attributes for group $groupName.\n");
312     +
313     +1;
314     diff -urbN smeserver-samba-0.1.0/root/etc/e-smith/events/actions/provision-domain-controller smeserver-samba-0.1.0-072416-update/root/etc/e-smith/events/actions/provision-domain-controller
315     --- smeserver-samba-0.1.0/root/etc/e-smith/events/actions/provision-domain-controller 2016-07-29 20:46:38.899060240 -0700
316     +++ smeserver-samba-0.1.0-072416-update/root/etc/e-smith/events/actions/provision-domain-controller 2016-07-11 01:30:48.000000000 -0700
317     @@ -3,8 +3,8 @@
318     #------------------------------------------------------------
319     #This action provisions a Samba 4 active directory domain
320     #
321     -#Copyright 2014 Koozali Foundation, Inc.
322     -#11/15/2014: G.Zartman <gzartman@koozali.org>
323     +#Copyright 2016 Koozali Foundation, Inc.
324     +#07/14/2016: G.Zartman <gzartman@koozali.org>
325     #
326     #The code contained herein can be distributed under the same
327     #license as Perl
328     @@ -13,6 +13,7 @@
329     use strict;
330     use warnings;
331     use esmith::ConfigDB;
332     +use esmith::util;
333     use esmith::AD;
334    
335     ##Pull arguments
336     @@ -21,6 +22,12 @@
337    
338     die 'Samba provisioning error: Missing admin password' unless ($adminPass);
339    
340     +##Make sure samba deamons are down
341     +esmith::util::serviceControl(
342     + NAME => 'smb',
343     + ACTION => 'stop'
344     + );
345     +
346     ##Pull domain name from config dbase. This is the samba realm
347     my $cdb = esmith::ConfigDB->open;
348     my $domainName = $cdb->get('DomainName')->value ||
349     @@ -29,12 +36,6 @@
350     die 'Samba provisioning error: Workgroup not defined';
351     my $realm = $workGroup . "." . $domainName;
352    
353     -##Bail if Samba has already been initialized
354     -if ($event eq 'bootstrap-initialize-samba' &&
355     - $cdb->get_prop('bootstrap-console','Samba') eq 'initialized') {
356     - exit();
357     -}
358     -
359     ##Remove existing smb.conf file or the provision will error out
360     unlink ('/etc/samba/smb.conf') if (-e '/etc/samba/smb.conf');
361    
362     @@ -58,7 +59,7 @@
363    
364    
365     ##Initialize Samba Domain
366     -warn "Samba domain: Provisining Active Directory.";
367     +warn "Samba domain: Provisioning Active Directory\n";
368     my $provision = "/usr/bin/samba-tool domain provision --server-role=dc " .
369     "--domain=$workGroup " .
370     "--realm=$realm " .
371     @@ -91,10 +92,8 @@
372     system ($set_admin_pass);
373     die "Samba domain error: Unable to SME Server admin password.\n" if ($? == -1);
374    
375     -##Set samba key to initialized in bootstrap-console so it doesn't initialize again
376     -if ($event eq 'bootstrap-initialize-samba') {
377     +##Set samba dbase key indicating Samba has been provisioned per the current configuration
378     +$cdb->set_prop('smb','provisioned','yes') ||
379     + warn "Unable to set provisioned property for smb dbase key";
380    
381     - $cdb->set_prop('bootstrap-console','Samba','initialized') ||
382     - warn "Unable to set Samba key in $event";
383     -}
384     1;
385     diff -urbN smeserver-samba-0.1.0/root/etc/e-smith/events/actions/samba-create-domain-admins smeserver-samba-0.1.0-072416-update/root/etc/e-smith/events/actions/samba-create-domain-admins
386     --- smeserver-samba-0.1.0/root/etc/e-smith/events/actions/samba-create-domain-admins 2016-07-29 20:46:38.900060240 -0700
387     +++ smeserver-samba-0.1.0-072416-update/root/etc/e-smith/events/actions/samba-create-domain-admins 2016-07-11 01:27:00.000000000 -0700
388     @@ -1,60 +1,49 @@
389     #!/usr/bin/perl -w
390     #------------------------------------------------------------
391     -#This action creates standard domain administrator accounts
392     -#for the SME Server
393     +#This action domain administrator accounts Koozali SME
394     +#Server
395     #
396     -#Copyright 2014 Koozali Foundation, Inc.
397     -#11/15/2014: G.Zartman <gzartman@koozali.org>
398     +#Copyright 2016 Koozali Foundation, Inc.
399     +#06/30/2016: G.Zartman <gzartman@koozali.org>
400     #
401     #The code contained herein can be distributed under the same
402     #license as Perl
403     #------------------------------------------------------------
404     -
405     -
406     use strict;
407     use warnings;
408     use esmith::ConfigDB;
409     use esmith::AD;
410    
411     ##Pull arguments
412     -my $event = $ARGV [0];
413     -my $AdminPass = $ARGV [1];
414     +my $event = $ARGV [0] || '';
415     +my $AdminPass = $ARGV [1] || '';
416    
417     die 'Samba provisioning error: Missing admin password' unless ($AdminPass);
418    
419     -##Bail if called by bootstrap-initialize-samba and it has already been run
420     -my $cdb = esmith::ConfigDB->open;
421     -if ($event eq 'bootstrap-initialize-samba' &&
422     - $cdb->get_prop('bootstrap-console','Samba') eq 'initialized') {
423     - exit();
424     -}
425     -
426     -
427     -##Create admin and root accounts in AD and add to Domain Admin
428     +##Create admin accounts in AD
429     my $add_admin = "/usr/bin/samba-tool user create " .
430     "admin $AdminPass " .
431     "-U Administrator\%$AdminPass";
432     system ($add_admin);
433     warn "Unable create admin Samba user\n" if ($? == -1);
434    
435     -my $add_root = "/usr/bin/samba-tool user create " .
436     - "root $AdminPass " .
437     - "-U Administrator\%$AdminPass";
438     -system ($add_root);
439     -warn "Unable to create root Samba user\n" if ($? == -1);
440     -
441     -##Create ad_admin account and add it to domain admins for runtime access to acive directory
442     +##Create ad_admin account for runtime access to active directory
443     my $add_ad_admin = "/usr/bin/samba-tool user create " .
444     "ad_admin " . esmith::AD::getADPass() . " " .
445     "-U Administrator\%$AdminPass";
446     system ($add_ad_admin);
447     die "Samba provisioning error: Unable to create ad_admin user in Active Directory.\n" if ($? == -1);
448    
449     -my $add_members = "/usr/bin/samba-tool group addmembers " .
450     - "\'Domain Admins\' ".
451     - "root,admin,ad_admin " .
452     - "-U Administrator\%$AdminPass";
453     -system ($add_members);
454     -warn "Unable to add admin and root users to Domain Admins group\n" if ($? == -1);
455     +
456     +##Enumerate admin accounts and update domain admins group
457     +warn "Enumerating admin accounts\n";
458     +my $ldifs = '/home/e-smith/files/server-resources/schema/';
459     +my $ad = '/var/lib/samba/private/sam.ldb';
460     +my $modifyUserClass = '/usr/bin/ldbmodify -H ' .
461     + "$ad " .
462     + $ldifs . 'setupAdmins.ldif ' .
463     + '--option="dsdb:schema update allowed"=true';
464     +
465     +system ($modifyUserClass);
466    
467     1;
468     diff -urbN smeserver-samba-0.1.0/root/etc/e-smith/events/actions/user-create-AD smeserver-samba-0.1.0-072416-update/root/etc/e-smith/events/actions/user-create-AD
469     --- smeserver-samba-0.1.0/root/etc/e-smith/events/actions/user-create-AD 2016-07-29 20:46:38.900060240 -0700
470     +++ smeserver-samba-0.1.0-072416-update/root/etc/e-smith/events/actions/user-create-AD 2016-07-02 12:44:56.000000000 -0700
471     @@ -1,19 +1,23 @@
472     #!/usr/bin/perl -w
473    
474     #------------------------------------------------------------
475     -#This action creates an Active Directory user given a username
476     -#from the accountsDB.
477     +#This action creates an Active Directory user
478     #
479     #Command format:
480     #
481     -# user-account-AD event username data:
482     +# user-create-AD event username data:
483     #
484     # event : calling event name
485     # username : unique username
486     # data : Hash reference to user data to populate the AD
487     # with. See the note below for
488     #
489     -#Copyright 2015 Koozali Foundation, Inc.
490     +#Note: This action uses the samba-tool utility to add a new
491     +# user the the Active Directory. Samba-tool does not exit
492     +# very gracefully if it has a problem, so this action may
493     +# throw some really funky error messages.
494     +#
495     +#Copyright 2016 Koozali Foundation, Inc.
496     #06/23/2016: G.Zartman <gzartman@koozali.org>
497     #
498     #The code contained herein can be distributed under the same
499     @@ -21,12 +25,6 @@
500     #
501     #TODO
502     #
503     -#- We need to look at some kind of interm solution to use
504     -# acccountsDB in the short term until we figure out where we are
505     -# storing user data long term on SME. For now, we'll build a
506     -# hash of data from the accounts dbase, but also provide a means
507     -# to pass the data to this action with a hashref, which is the
508     -# preferred method for AD.
509     #- For the hash reference, let's scrub it with the
510     # esmith::AD::User::ValidData method
511     #- Consider setting the displayName attribute as well, otherwise
512     @@ -48,7 +46,7 @@
513     ##Pull arguments
514     my $event = $ARGV [0] || '';
515     my $userName = $ARGV [1] || '';
516     -my $data = $ARGV [2] || ''; #Hash ref
517     +my $data = $ARGV [2] || {}; #Hash ref
518    
519     die "user-create-AD error: username not found in action arguments\n"
520     unless ($userName);
521     @@ -111,7 +109,6 @@
522     delete $data->{'loginShell'};
523     }
524    
525     -
526     ##Create AD User
527     my $adPassword = $ad->getADPass();
528     my $addUser = "/usr/bin/samba-tool user create $userName " .
529     @@ -121,7 +118,7 @@
530     '--description="Koozali User:" ' .
531     "-U ad_admin\%$adPassword";
532     system ($addUser);
533     -die ("Unable to add user #userName to Active Directory\n") if ($? == -1);
534     +die ("Unable to add user $userName to Active Directory\n") if ($? == -1);
535    
536     ##Make user a Posix User
537     unless ($ad->setPosixUser($userName)) {
538     @@ -140,8 +137,7 @@
539     $mergedData = {%posix,%$data};
540     }
541    
542     -$ad->setManyAttr($userName,\%posix) ||
543     - warn("Unable update user attributes for $userName.\n");
544     -
545     +$ad->setManyAttr($userName,$mergedData) ||
546     + warn("Unable update attributes for user $userName.\n");
547    
548     1;
549     diff -urbN smeserver-samba-0.1.0/root/etc/e-smith/templates/etc/krb5.conf/20default_realm smeserver-samba-0.1.0-072416-update/root/etc/e-smith/templates/etc/krb5.conf/20default_realm
550     --- smeserver-samba-0.1.0/root/etc/e-smith/templates/etc/krb5.conf/20default_realm 2014-11-19 23:32:12.000000000 -0800
551     +++ smeserver-samba-0.1.0-072416-update/root/etc/e-smith/templates/etc/krb5.conf/20default_realm 2016-06-30 22:16:57.000000000 -0700
552     @@ -1,5 +1,8 @@
553     {
554     - my $default_realm = $krb5{defaultRealm} || $DomainName;
555     + my $workgroup = $smb{Workgroup} || 'sme-server';
556     + my $realm = $smb{realm} || $workgroup . "." . $DomainName;
557     +
558     + my $default_realm = $smb{realm} || $workgroup . "." .$DomainName;
559    
560     "default_realm = $default_realm";
561     }
562     diff -urbN smeserver-samba-0.1.0/root/etc/e-smith/templates/etc/smb.conf/14dnsForwarder smeserver-samba-0.1.0-072416-update/root/etc/e-smith/templates/etc/smb.conf/14dnsForwarder
563     --- smeserver-samba-0.1.0/root/etc/e-smith/templates/etc/smb.conf/14dnsForwarder 2014-11-19 23:32:12.000000000 -0800
564     +++ smeserver-samba-0.1.0-072416-update/root/etc/e-smith/templates/etc/smb.conf/14dnsForwarder 2016-07-27 23:05:39.298060111 -0700
565     @@ -1,5 +1,5 @@
566     {
567     - my $dns_forwarder = $smb{DNSForwarder} || '127.0.0.2';
568     + my $dns_forwarder = $smb{DNSForwarder} || '127.0.0.4';
569    
570     "dns forwarder = $dns_forwarder";
571    
572     diff -urbN smeserver-samba-0.1.0/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/extendedADAttributes.ldif/00setup smeserver-samba-0.1.0-072416-update/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/extendedADAttributes.ldif/00setup
573     --- smeserver-samba-0.1.0/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/extendedADAttributes.ldif/00setup 1969-12-31 16:00:00.000000000 -0800
574     +++ smeserver-samba-0.1.0-072416-update/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/extendedADAttributes.ldif/00setup 2016-07-05 20:14:38.000000000 -0700
575     @@ -0,0 +1,9 @@
576     +{my $workgroup = $smb{Workgroup} || 'sme-server';
577     + my $domain = $DomainName || 'undefined';
578     +
579     + my @realm_parts = (($workgroup),(split(/\./,$domain)));
580     +
581     + my @dc_parts = map {'DC=' . $_} @realm_parts;
582     + $DC = join (',',@dc_parts);
583     + $OUT = "";}
584     +
585     diff -urbN smeserver-samba-0.1.0/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/extendedADAttributes.ldif/10quota smeserver-samba-0.1.0-072416-update/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/extendedADAttributes.ldif/10quota
586     --- smeserver-samba-0.1.0/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/extendedADAttributes.ldif/10quota 1969-12-31 16:00:00.000000000 -0800
587     +++ smeserver-samba-0.1.0-072416-update/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/extendedADAttributes.ldif/10quota 2016-07-05 20:14:38.000000000 -0700
588     @@ -0,0 +1,12 @@
589     +dn: CN=quota,CN=Schema,CN=Configuration,{$DC}
590     +objectClass: top
591     +objectClass: attributeSchema
592     +attributeID: 1.3.6.1.4.1.19937.1.1.1
593     +cn: quota
594     +name: quota
595     +ldapDisplayName: quota
596     +description: User Quotas
597     +attributeSyntax: 2.5.5.5
598     +oMSyntax: 22
599     +isSingleValued: TRUE
600     +-
601     diff -urbN smeserver-samba-0.1.0/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/extendedADAttributes.ldif/20smeCustom smeserver-samba-0.1.0-072416-update/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/extendedADAttributes.ldif/20smeCustom
602     --- smeserver-samba-0.1.0/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/extendedADAttributes.ldif/20smeCustom 1969-12-31 16:00:00.000000000 -0800
603     +++ smeserver-samba-0.1.0-072416-update/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/extendedADAttributes.ldif/20smeCustom 2016-07-05 20:14:38.000000000 -0700
604     @@ -0,0 +1,15 @@
605     +
606     +
607     +dn: CN=smeCustom,CN=Schema,CN=Configuration,{$DC}
608     +objectClass: top
609     +objectClass: attributeSchema
610     +attributeID: 1.3.6.1.4.1.19937.1.1.1
611     +cn: smeCustom
612     +name: smeCustom
613     +ldapDisplayName: smeCustom
614     +description: Custom Property and Values for Koozali
615     +attributeSyntax: 2.5.5.5
616     +oMSyntax: 22
617     +isSingleValued: FALSE
618     +-
619     +
620     diff -urbN smeserver-samba-0.1.0/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/koozaliADClass.ldif/00setup smeserver-samba-0.1.0-072416-update/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/koozaliADClass.ldif/00setup
621     --- smeserver-samba-0.1.0/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/koozaliADClass.ldif/00setup 1969-12-31 16:00:00.000000000 -0800
622     +++ smeserver-samba-0.1.0-072416-update/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/koozaliADClass.ldif/00setup 2016-07-05 23:24:34.000000000 -0700
623     @@ -0,0 +1,9 @@
624     +{my $workgroup = $smb{Workgroup} || 'sme-server';
625     + my $domain = $DomainName || 'undefined';
626     +
627     + my @realm_parts = (($workgroup),(split(/\./,$domain)));
628     +
629     + my @dc_parts = map {'DC=' . $_} @realm_parts;
630     + $DC = join (',',@dc_parts);
631     + $OUT = "";}
632     +
633     diff -urbN smeserver-samba-0.1.0/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/koozaliADClass.ldif/20classSchema smeserver-samba-0.1.0-072416-update/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/koozaliADClass.ldif/20classSchema
634     --- smeserver-samba-0.1.0/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/koozaliADClass.ldif/20classSchema 1969-12-31 16:00:00.000000000 -0800
635     +++ smeserver-samba-0.1.0-072416-update/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/koozaliADClass.ldif/20classSchema 2016-07-11 00:54:49.000000000 -0700
636     @@ -0,0 +1,14 @@
637     +dn: CN=koozaliUser,CN=Schema,CN=Configuration,{$DC}
638     +objectClass: top
639     +objectClass: classSchema
640     +governsID: 1.3.6.1.4.1.19937.1.2.1
641     +cn: koozaliUser
642     +name: koozaliUser
643     +ldapDisplayName: koozaliUser
644     +subClassOf: posixAccount
645     +objectClassCategory: 3
646     +mayContain: quota
647     +mayContain: smeCustom
648     +defaultObjectCategory: CN=koozaliUser,CN=Schema,CN=Configuration,{$DC}
649     +possSuperiors: top
650     +-
651     diff -urbN smeserver-samba-0.1.0/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/modifyADSchema.ldif/00setup smeserver-samba-0.1.0-072416-update/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/modifyADSchema.ldif/00setup
652     --- smeserver-samba-0.1.0/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/modifyADSchema.ldif/00setup 1969-12-31 16:00:00.000000000 -0800
653     +++ smeserver-samba-0.1.0-072416-update/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/modifyADSchema.ldif/00setup 2016-07-05 20:17:28.000000000 -0700
654     @@ -0,0 +1,9 @@
655     +{my $workgroup = $smb{Workgroup} || 'sme-server';
656     + my $domain = $DomainName || 'undefined';
657     +
658     + my @realm_parts = (($workgroup),(split(/\./,$domain)));
659     +
660     + my @dc_parts = map {'DC=' . $_} @realm_parts;
661     + $DC = join (',',@dc_parts);
662     + $OUT = "";}
663     +
664     diff -urbN smeserver-samba-0.1.0/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/modifyADSchema.ldif/10updateSchema smeserver-samba-0.1.0-072416-update/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/modifyADSchema.ldif/10updateSchema
665     --- smeserver-samba-0.1.0/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/modifyADSchema.ldif/10updateSchema 1969-12-31 16:00:00.000000000 -0800
666     +++ smeserver-samba-0.1.0-072416-update/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/modifyADSchema.ldif/10updateSchema 2016-07-11 00:53:56.000000000 -0700
667     @@ -0,0 +1,5 @@
668     +dn: CN=User,CN=Schema,CN=Configuration,{$DC}
669     +changetype: modify
670     +add: auxiliaryClass
671     +auxiliaryClass: koozaliUser
672     +-
673     diff -urbN smeserver-samba-0.1.0/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/setupAdmins.ldif/00setup smeserver-samba-0.1.0-072416-update/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/setupAdmins.ldif/00setup
674     --- smeserver-samba-0.1.0/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/setupAdmins.ldif/00setup 1969-12-31 16:00:00.000000000 -0800
675     +++ smeserver-samba-0.1.0-072416-update/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/setupAdmins.ldif/00setup 2016-07-05 19:47:46.000000000 -0700
676     @@ -0,0 +1,9 @@
677     +{my $workgroup = $smb{Workgroup} || 'sme-server';
678     + my $domain = $DomainName || 'undefined';
679     +
680     + my @realm_parts = (($workgroup),(split(/\./,$domain)));
681     +
682     + my @dc_parts = map {'DC=' . $_} @realm_parts;
683     + $DC = join (',',@dc_parts);
684     + $OUT = "";}
685     +
686     diff -urbN smeserver-samba-0.1.0/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/setupAdmins.ldif/20setupAdmin smeserver-samba-0.1.0-072416-update/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/setupAdmins.ldif/20setupAdmin
687     --- smeserver-samba-0.1.0/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/setupAdmins.ldif/20setupAdmin 1969-12-31 16:00:00.000000000 -0800
688     +++ smeserver-samba-0.1.0-072416-update/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/setupAdmins.ldif/20setupAdmin 2016-07-11 00:53:42.000000000 -0700
689     @@ -0,0 +1,20 @@
690     +
691     +dn: CN=admin,CN=Users,{$DC}
692     +changetype: modify
693     +add: objectClass
694     +objectClass: posixAccount
695     +-
696     +add: objectClass
697     +objectClass: koozaliUser
698     +-
699     +add: uidNumber
700     +uidNumber: 5000
701     +-
702     +add: gidNumber
703     +gidNumber:513
704     +-
705     +add: loginShell
706     +loginShell:/sbin/e-smith/console
707     +-
708     +add: unixHomeDirectory
709     +unixHomeDirectory: /home/e-smith
710     diff -urbN smeserver-samba-0.1.0/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/setupAdmins.ldif/30setupAd_Admin smeserver-samba-0.1.0-072416-update/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/setupAdmins.ldif/30setupAd_Admin
711     --- smeserver-samba-0.1.0/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/setupAdmins.ldif/30setupAd_Admin 1969-12-31 16:00:00.000000000 -0800
712     +++ smeserver-samba-0.1.0-072416-update/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/setupAdmins.ldif/30setupAd_Admin 2016-07-11 00:53:32.000000000 -0700
713     @@ -0,0 +1,21 @@
714     +
715     +
716     +dn: CN=ad_admin,CN=Users,{$DC}
717     +changetype: modify
718     +add: objectClass
719     +objectClass: posixAccount
720     +-
721     +add: objectClass
722     +objectClass: koozaliUser
723     +-
724     +add: uidNumber
725     +uidNumber: 5001
726     +-
727     +add: gidNumber
728     +gidNumber:513
729     +-
730     +add: loginShell
731     +loginShell:/sbin/nologin
732     +-
733     +add: unixHomeDirectory
734     +unixHomeDirectory: /home/e-smith
735     diff -urbN smeserver-samba-0.1.0/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/setupAdmins.ldif/40updateDomainAdmins smeserver-samba-0.1.0-072416-update/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/setupAdmins.ldif/40updateDomainAdmins
736     --- smeserver-samba-0.1.0/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/setupAdmins.ldif/40updateDomainAdmins 1969-12-31 16:00:00.000000000 -0800
737     +++ smeserver-samba-0.1.0-072416-update/root/etc/e-smith/templates/home/e-smith/files/server-resources/schema/setupAdmins.ldif/40updateDomainAdmins 2016-07-11 00:42:32.000000000 -0700
738     @@ -0,0 +1,9 @@
739     +
740     +dn: CN=Domain Admins,CN=Users,{$DC}
741     +changetype: modify
742     +-
743     +add: member
744     +member: CN=admin,CN=Users,DC=sme-server,DC=development,DC=com
745     +-
746     +add: member
747     +member: CN=ad_admin,CN=Users,DC=sme-server,DC=development,DC=com
748     diff -urbN smeserver-samba-0.1.0/root/usr/share/perl5/vendor_perl/esmith/AD/Group.pm smeserver-samba-0.1.0-072416-update/root/usr/share/perl5/vendor_perl/esmith/AD/Group.pm
749     --- smeserver-samba-0.1.0/root/usr/share/perl5/vendor_perl/esmith/AD/Group.pm 2015-02-12 21:15:46.000000000 -0800
750     +++ smeserver-samba-0.1.0-072416-update/root/usr/share/perl5/vendor_perl/esmith/AD/Group.pm 2016-07-11 04:41:16.000000000 -0700
751     @@ -1,10 +1,10 @@
752     package esmith::AD::Group;
753    
754     use strict;
755     -use Net::LDAP;
756     +use base 'esmith::AD';
757     +use esmith::AD::User;
758     no warnings ('qw');
759    
760     -
761     =head1 NAME
762    
763     esmith::AD::Group -- Sub-Class to the Koozali esmith::AD API
764     @@ -14,42 +14,90 @@
765     use esmith::AD
766    
767     my $ad = esmith::AD->new();
768     - my @groups = $ad->groups;
769     + my @groups = $ad->listGroups;
770    
771    
772     =head1 DESCRIPTION
773     -
774     -This module provides esmith::AD methods related to group management in
775     -the Koozali Active Directory. Like the parent class, esmith::AD, this
776     -module uses Net::LDAP to communicate with the Active Directory. Methods
777     -provided in this module abstract Net::LDAP so that knowledge of this
778     -module is not required.
779     +This module provide esmith::AD::Group methods for management of users
780     +stored in the Koozali SME Server Active Directory. These methods are
781     +the preferred methods to interact with user objects in the Active
782     +Directory. Many methods in this class inherit functionality from the
783     +esmith::AD parent class and provide run-time binding of LDAP query
784     +elements to these parent methods. Methods provided in this module
785     +abstract Net::LDAP so that knowledge of this module is not required.
786    
787     =cut
788    
789     sub new {
790     my ($class, %params) = @_;
791     - my $queryElements = {
792     +
793     + #Define runtime LDAP query parameters
794     + my $base = {
795     + 'default' => '&(objectClass=group)(!(objectClass=computer))'
796     + };
797     + my $set = {
798     'all' => '',
799     - 'builtin' => "(!(objectClass=posixAccount))",
800     - 'koozali' => "(objectClass=posixAccount)",
801     - 'member' => '',
802     - 'noMachine' => "(!(objectClass=computer))",
803     - 'object' => "&(objectClass=group)",
804     + 'builtin' => '(!(objectClass=posixAccount))',
805     + 'koozali' => '(objectClass=posixAccount)',
806     'single' => ''
807     };
808     - my $objectClass = ['top','group','posixAccount'];
809     + my $type = {
810     + 'posix' => ['top','group','posixAccount']
811     + };
812     +
813     + my $attribute = {
814     + 'default' => 'sAMAccountName',
815     + 'dn' => 'DN'
816     + };
817     my $self = {
818     - 'query' => $queryElements,
819     - 'objectClass' => $objectClass
820     + 'base' => $base,
821     + 'set' => $set,
822     + 'attribute' => $attribute,
823     + 'type' => $type
824     };
825    
826     + #Bless parameters into the class
827     bless ($self, $class);
828     +
829     return ($self);
830     }
831    
832     =head2 Methods
833    
834     +
835     +=head3 addUserToGroup()
836     +
837     +This method adds a user to a group given a username and group name.
838     +The method returns 1 of successful and 0 if something went wrong.
839     +
840     +Usage: $ad->addUserToGroup('username','groupname')
841     +
842     +=cut
843     +
844     +sub addUserToGroup {
845     + my ($self,$user,$group) = @_;
846     + return 0 unless ($user && $group);
847     +
848     + my $ad2 = esmith::AD::User->new();
849     + return 0 unless ($ad2->doesUserExist($user));
850     +
851     + #Verify Group exists so we don't run a bunch of bogus AD queries.
852     + return 0 unless ($self->doesGroupExist($group));
853     +
854     + my $groupMembers = $self->getGroupAttr($group,'member','all') || '';
855     + unless ($groupMembers) {$groupMembers = [];}
856     +
857     + my $memberAddDN = $self->getObjectDN($user);
858     +
859     + push(@$groupMembers, $memberAddDN)
860     + unless grep{$_ == $memberAddDN} @$groupMembers;
861     +
862     + if ($self->setAttr($group,'member',$groupMembers)) {return(1);}
863     + else {return (0)}
864     +
865     +}
866     +
867     +
868     =head3 attributes()
869    
870     This method returns a list of Active Directory group attributes managed
871     @@ -79,14 +127,14 @@
872     sub createGID {
873     my ($self,$group) = @_;
874    
875     - die $self->error("Groupname not specified.\n") unless $group;
876     + return (0) unless $group;
877    
878     #Pull SID from the AD
879     return (0) unless (my $SID = $self->getSID($group));
880    
881     - #Return GID = RID + 2000
882     + #Return GID = RID + 4000
883     my $RID = (split(/-/,$SID))[7];
884     - return($RID+2000);
885     + return($RID+4000);
886     }
887    
888     =head3 doesGroupExist($groupname)
889     @@ -102,10 +150,12 @@
890     sub doesGroupExist {
891     my ($self,$group) = @_;
892    
893     - my @groups = $self->listGroups('all');
894     + return 0 unless $group;
895     +
896     + my ($groupRecord) = $self->queryObjects($group);
897    
898     - if(grep { $group eq $_ } @groups) { return (1); }
899     - else{ return(0); }
900     + if(defined $groupRecord) {return (1);}
901     + else{return(0);}
902     }
903    
904     =head3 getGID($groupname)
905     @@ -117,142 +167,154 @@
906    
907     =cut
908    
909     -sub getGID { ##TO DO
910     - my ($self,$name) = @_;
911     +sub getGID {
912     + my ($self,$group)=@_;
913     +
914     + return 0 unless $group;
915     +
916     + my ($record) = $self->queryObjects($group);
917     + die $self->error("Unable to find \"$group\" in the Active Directory.\n")
918     + unless ($record);
919    
920     - die $self->error("Groupname not specified.\n") unless $name;
921     + my $GID = $record->get_value('gidNumber') || '';
922    
923     -###FIX ME: We are now pulling the GID from the AD
924     + die $self->error("Unable to retrieve GID for $group\n")
925     + unless ($GID);
926    
927     - return();
928     + return($GID);
929     }
930    
931     -=head3 getGroupAttr($group,$attr)
932     +=head3 getGroupAttr($group,$attr,$set)
933    
934     This method returns the value of the specified attribute for a group
935     -listed in the Active Directory.
936     +listed in the Active Directory. Some attributes could be multi-value
937     +attributes. By default this method will return the first value of a
938     +multi-value attribute in scalar contact unless you tell the method to
939     +return all value.
940    
941     -Usage: $value = $ad->getGroupAttr('group','attribute');
942     +Usage: $single_value = $ad->getGroupAttr('group','attribute');
943     + $multi_value_ref = $ad->getGroupAttr('group',attribute','all');
944    
945     =cut
946    
947     sub getGroupAttr {
948    
949     - my($self,$group,$attr)=@_;
950     + my($self,$group,$attr,$set)=@_;
951     +
952     + return 0 unless $group;
953    
954     #Check that the search attribute is supported
955     die $self->error("Attribute \"$attr\" not supported\n")
956     unless ($self->validData->{$attr});
957    
958     - #Get attribute value from the Active Directory
959     - my $value = $self->getADRecord($group)->{$attr} || '';
960     -
961     + #Query AD
962     + my ($record) = $self->queryObjects($group);
963     + die $self->error("Unable to find \"$group\" in Active Directory.\n")
964     + unless ($record);
965     +
966     + #Pull attribute value single or all
967     + if ($set eq 'all') {
968     + my $valueRef = $record->get_value($attr,asref => 1) || '';
969     + return ($valueRef);
970     + }
971     + else {
972     + my $value = $record->get_value($attr) || '';
973     return ($value);
974     + }
975     }
976    
977     =head3 getMembers($group)
978    
979     -###FIX ME: Rewrite
980     -This method returns a list group membersthe value of the specified attribute for a group
981     -listed in the Active Directory.
982     +This method returns a list of members of a specified group. The user
983     +needs to be aware of what he is asking this method to report because
984     +Active Directory allows nested groups (i.e., groups that are members of
985     +a group). In most cases, if you ask this method for members of a group
986     +designed by this API, then it will return a list of users that are members
987     +of the designed group. In the future, we may add logic to delinate user
988     +members versus nested group members, but for now we are going to be lazy
989     +and just report what is in Active Directory.
990    
991     -Usage: $value = $ad->getGroupAttr('group','attribute');
992     +Usage: @group_mambers = $ad->getMembers('group_name');
993    
994     =cut
995    
996     -sub getMembers { ##TO DO -- May want to change to just "getMembers"
997     +sub getMembers {
998     + my($self,$group)=@_;
999    
1000     - my($self,$group,$attr)=@_;
1001     + return (0) unless $group;
1002    
1003     - #Check that the search attribute is supported
1004     - die $self->error("Attribute \"$attr\" not supported\n")
1005     - unless (grep {$attr eq $_} ($self->attributes('group')));
1006     + #Get group members as an array ref
1007     + my $memberDN = $self->getGroupAttr($group,'member','all') || '';
1008    
1009     - #Get attribute value from the Active Directory
1010     - my $value = ($self->getADRecord('group',$group))->{$attr} || '';
1011     -
1012     - return ($value);
1013     + #AD returns the DN for group members, so we need to generate names
1014     + my ($sam,@members);
1015     + foreach (@$memberDN) {
1016     + $sam = $self->getName($_) || '';
1017     + push (@members,$sam) unless ($sam eq '');
1018     + }
1019     + return (@members);
1020     }
1021    
1022     =head3 listGroups($type)
1023    
1024     This method returns a list of groups based upon the type of group
1025     specified as a parameter to the method. Valid types include:
1026     +
1027     - builtin: Groups defined during the Active Directory
1028     provisioning (e.g., Administrator);
1029     - koozali: Groups defined in the Koozali API.
1030     - all: All groups.
1031    
1032     -If the method doesn't recieve a valid type, then it will return a list
1033     -of all groups in the Active Directory
1034     +If the method doesn't receive a valid type, then it will return a
1035     +list of all groups in the Active Directory
1036    
1037     +Usage:
1038     + use esmith::AD::Group;
1039     +
1040     + my $ad = esmith::AD::Group->new();
1041     + my @groups = $ad->listGroups('buildin');
1042     =cut
1043    
1044     sub listGroups {
1045     - my ($self, $type) = @_;
1046     + my ($self, $set) = @_;
1047    
1048     - return($self->listObjects($type));
1049     + return($self->listObjects($set));
1050     }
1051    
1052     -=head3 queryMembers($set,$value)
1053    
1054     -###FIX ME: Need to rewire
1055     -This method is an alias method to the esmith::AD::listObjects method.
1056     -It returns a list of usernames from the Active Directory, and also
1057     -subsets of users:
1058     +=head3 removeUserFromGroup()
1059    
1060     - - builtin: Users defined during the Active Directory
1061     - provisioning (e.g., Administrator);
1062     - - koozali: Users defined in the Koozali API.
1063     - - all: All users (default).
1064     +This method removes a user from a group given a username and group name.
1065     +The method returns 1 of successful and 0 if something went wrong.
1066    
1067     -Usage:
1068     - use esmith::AD::User;
1069     - my $ad = esmith::AD::User->new();
1070     - my @users = $ad->listUsers('koozali');
1071     +Usage: $ad->removeUserFromGroupp('username','groupname')
1072    
1073     =cut
1074    
1075     -sub queryMembers {
1076     - my ($self,$set,$value)=@_;
1077     -
1078     - my $queryFilter = $self->buildQuery('member',$set,$value) || '';
1079     -
1080     - return ($self->runQuery($queryFilter));
1081     -}
1082     -
1083     +sub removeUserFromGroup {
1084     + my ($self,$user,$group) = @_;
1085     + return 0 unless ($user && $group);
1086    
1087     -=head3 queryObjects($set,$value)
1088     + my $ad2 = esmith::AD::User->new();
1089     + return 0 unless ($ad2->doesUserExist($user));
1090    
1091     -###FIX ME: Need to rewire
1092     -This method is an alias method to the esmith::AD::listObjects method.
1093     -It returns a list of usernames from the Active Directory, and also
1094     -subsets of users:
1095     + #Verify Group exists so we don't run a bunch of bogus AD queries.
1096     + return 0 unless ($self->doesGroupExist($group));
1097    
1098     - - builtin: Users defined during the Active Directory
1099     - provisioning (e.g., Administrator);
1100     - - koozali: Users defined in the Koozali API.
1101     - - all: All users (default).
1102     + my $groupMembers = $self->getGroupAttr($group,'member','all') || '';
1103     + return (1) unless ($groupMembers); #group is empty already
1104    
1105     -Usage:
1106     - use esmith::AD::User;
1107     - my $ad = esmith::AD::User->new();
1108     - my @users = $ad->listUsers('koozali');
1109     -
1110     -=cut
1111     + my $memberRemoveDN = $self->getObjectDN($user);
1112    
1113     -sub queryObjects {
1114     - my ($self,$set,$value)=@_;
1115     + my @newMembers = grep {$_ ne $memberRemoveDN} @$groupMembers;
1116    
1117     - my $class = 'object';
1118     - if (defined $value) {$class = 'single'};
1119     + if ($self->setAttr($group,'member',\@newMembers)) {return(1);}
1120     + else {return (0)}
1121    
1122     - my $queryFilter = $self->buildQuery($class,$set,$value) || '';
1123     -
1124     - return ($self->runQuery($queryFilter));
1125     }
1126    
1127     -=head3 setGroupAttr($group,$attr,$value)
1128     +
1129     +=head3 setGroupAttr($group,$attr,$value)**
1130    
1131     This method sets or modifies an attribute value for the specified
1132     groupname.
1133     @@ -264,24 +326,7 @@
1134     sub setGroupAttr {
1135     my ($self,$group,$attr,$value) = @_;
1136    
1137     - if ($self->setAttr($group,{$attr=>$value})) { return(1); }
1138     - else {
1139     - die->error("Unable to modify \"$attr\" for groupname \"$group\".\n");
1140     - }
1141     -}
1142     -
1143     -=head3 setGroupMembers($group,\@members)
1144     -
1145     -###FIX ME: NEED TO REWITE
1146     -This method sets or modifies an attribute value for the specified
1147     -groupname.
1148     -
1149     -Usage: $ad->setGroupAttr('groupname','attribute','value')
1150     -
1151     -=cut
1152     -
1153     -sub setGroupMembers { ##TO DO
1154     - my ($self,$group,$attr,$value) = @_;
1155     + return 0 unless $group;
1156    
1157     if ($self->setAttr($group,{$attr=>$value})) { return(1); }
1158     else {
1159     @@ -289,9 +334,7 @@
1160     }
1161     }
1162    
1163     -
1164     -
1165     -=head3 setPostixGroup ($group)
1166     +=head3 setPosixGroup ($group)
1167    
1168     This method designates a group as a Posix Group. The Posix group type
1169     represents the groups managed by Koozali and are those groups that are
1170     @@ -302,9 +345,11 @@
1171     =cut
1172    
1173     sub setPosixGroup {
1174     - my ($self,$name) = @_;
1175     + my ($self,$group) = @_;
1176     +
1177     + return 0 unless $group;
1178    
1179     - return($self->setPosix($name));
1180     + return($self->setPosix($group));
1181     }
1182    
1183     =head3 validData()
1184     @@ -319,12 +364,15 @@
1185     sub validData {
1186     my $self = shift;
1187    
1188     - return ({});
1189     + return ({
1190     + 'member' => 1,
1191     + 'gidNumber' => 1
1192     + });
1193     }
1194    
1195     =head1 COPYRIGHT
1196    
1197     -Copyright (c) 2014 Koozali Foundation, Inc.
1198     +Copyright (c) 2016 Koozali Foundation, Inc.
1199     This program is free software; you can redistribute it and/or modify it
1200     under the same terms as Perl itself.
1201    
1202     diff -urbN smeserver-samba-0.1.0/root/usr/share/perl5/vendor_perl/esmith/AD/User.pm smeserver-samba-0.1.0-072416-update/root/usr/share/perl5/vendor_perl/esmith/AD/User.pm
1203     --- smeserver-samba-0.1.0/root/usr/share/perl5/vendor_perl/esmith/AD/User.pm 2016-07-29 20:46:38.901060240 -0700
1204     +++ smeserver-samba-0.1.0-072416-update/root/usr/share/perl5/vendor_perl/esmith/AD/User.pm 2016-07-11 04:35:26.000000000 -0700
1205     @@ -15,6 +15,7 @@
1206     my $ad = esmith::AD::User->new();
1207     my @users = $ad->listUsers;
1208    
1209     +
1210     =head1 DESCRIPTION
1211    
1212     This module provide esmith::AD::User methods for management of users stored
1213     @@ -41,7 +42,7 @@
1214     };
1215     my $type = {
1216     'posix' => ['top','person','organizationalPerson',
1217     - 'user','posixAccount']
1218     + 'user','posixAccount','koozali']
1219     };
1220    
1221     my $attribute = {
1222     @@ -80,8 +81,53 @@
1223     return (keys %dataHash);
1224     }
1225    
1226     +=head3 createAutoPseudonyms($username)
1227     +
1228     +This method creates dot and bar pseudonyms for a user and then
1229     +adds them as an attribute to the user object.
1230     +
1231     +Usage: my $uid = $ad->createAutoPseudonyms($username);
1232     +
1233     +=cut
1234     +
1235     +sub createAutoPseudonyms {
1236     + my ($self,$user) = @_;
1237     +
1238     + return 0 unless $user;
1239     +
1240     + #Query AD
1241     + my ($record) = $self->queryObjects($user);
1242     + die $self->error("Unable to find \"$user\" in the Active Directory.\n")
1243     + unless ($record);
1244     +
1245     + #Pull first and last name. Exit if either isn't set, as we can't
1246     + #build a pseudonym without both.
1247     + my $firstName = $record->get_value('givenName') || '';
1248     + my $lastName = $record->get_value('sn') || '';
1249     + return (0) if ($firstName eq '' || $lastName eq '');
1250     +
1251     + #Get ProxyAddresses attribute as list reference or create it
1252     + my $proxyAddresses = $record->get_value('proxyAddresses');
1253     + unless (ref($proxyAddresses) eq 'ARRAY') {$proxyAddresses = [];}
1254     +
1255     + my $dotPseudonym = 'sme:' . $firstName . '.' . $lastName;
1256     + push(@$proxyAddresses, $dotPseudonym)
1257     + unless grep{$_ eq $dotPseudonym} @$proxyAddresses;
1258     +
1259     + my $barPseudonym = 'sme:' . $firstName . '_' . $lastName;
1260     + push(@$proxyAddresses, $barPseudonym)
1261     + unless grep{$_ eq $barPseudonym} @$proxyAddresses;
1262     +
1263     +
1264     + foreach (@$proxyAddresses) {print $_ . "\n";}
1265     + if ($self->setAttr($user,'proxyAddresses',$proxyAddresses)) {
1266     + return(1);
1267     + }
1268     + else {print "had a problem"; return (0)}
1269     +}
1270     +
1271    
1272     -=head3 createUID($name)*
1273     +=head3 createUID($username)
1274    
1275     This method calculates a unix UID for an Active Directory user
1276     based upon the SID for the Active Directory object.
1277     @@ -93,18 +139,17 @@
1278     sub createUID {
1279     my ($self,$name) = @_;
1280    
1281     - die $self->error("Username not specified in createUID method.\n")
1282     - unless $name;
1283     + return 0 unless $name;
1284    
1285     #Pull SID from the AD
1286     return (0) unless (my $SID = $self->getSID($name));
1287    
1288     - #Return UID = RID + 2000
1289     + #Return UID = RID + 4000
1290     my $RID = (split(/-/,$SID))[7];
1291     - return($RID+2000);
1292     + return($RID+4000);
1293     }
1294    
1295     -=head3 doesUserExist($username)*
1296     +=head3 doesUserExist($username)
1297    
1298     This method checks the Active Directory for the existance of a username passed
1299     as a parameter to the method. The method returns 1 if the username exists in
1300     @@ -117,75 +162,110 @@
1301     sub doesUserExist {
1302     my ($self,$user) = @_;
1303    
1304     + return 0 unless $user;
1305     +
1306     my ($userRecord) = $self->queryObjects($user);
1307    
1308     if (defined $userRecord) {return(1);}
1309     else {return(0);}
1310     }
1311    
1312     +
1313     =head3 getUID($username)
1314    
1315     This method returns the unix UID for a user from the Active Directory.
1316    
1317     -Usage: my $uid = $ad->UID('username');
1318     +Usage: my $uid = $ad->getUID('username');
1319    
1320     =cut
1321    
1322     sub getUID {
1323     my ($self,$user)=@_;
1324    
1325     -###FIX ME: Pull UID from AD instead of calculating it.
1326     + return 0 unless $user;
1327     +
1328     + my ($record) = $self->queryObjects($user);
1329     +
1330     + die $self->error("Unable to find \"$user\" in the Active Directory.\n")
1331     + unless ($record);
1332     +
1333     + my $UID = $record->get_value('uidNumber') || '';
1334     +
1335     + die $self->error("Unable to retrieve UID for $user\n")
1336     + unless ($UID);
1337    
1338     - return();
1339     + return($UID);
1340     }
1341    
1342     -=head3 getUserAttr($username,$attr)
1343     +=head3 getUserAttr($username,$attr,$set)
1344    
1345     This method returns the value of the specified attribute for a user
1346     -listed in the Active Directory.
1347     +listed in the Active Directory. Some attributes could be multi-value
1348     +attributes. By default this method will return the first value of a
1349     +multi-value attribute in scalar contact unless you tell the method to
1350     +return all values. If all values are specified, this method returns
1351     +an array reference to the list of values.
1352    
1353     -Usage: $value = $ad->getUserAttr('username','attribute');
1354     +Usage: $single_value = $ad->getUserAttr('username','attribute');
1355     + $multi_ref = $ad->getGroupAttr('username','attribute','all);
1356    
1357     =cut
1358    
1359     sub getUserAttr {
1360    
1361     - my($self,$username,$attr)=@_;
1362     + my($self,$user,$attr,$set)=@_;
1363     +
1364     + return 0 unless $user;
1365    
1366     ##Check that the search attribute is supported
1367     die $self->error("Attribute \"$attr\" not supported.\n")
1368     - unless (grep {$attr eq $_} ($self->attributes('user')));
1369     + unless ($self->attributes($attr));
1370     +
1371     + ##Query AD
1372     + my ($record) = $self->queryObjects($user);
1373     + die $self->error("Unable to find \"$user\" in the Active Directory.\n")
1374     + unless ($record);
1375    
1376     - #Get attribute value from the Active Directory
1377     - my $value = ($self->getADRecord($username))->{$attr} || '';
1378     + #Pull attribute value single or all
1379     + if ($set eq 'all') {
1380     + my $valueRef = $record->get_value($attr) || '';
1381     + if (ref ($valueRef) eq "ARRAY") {return($valueRef);}
1382     + else {return([$valueRef]);}
1383     + }
1384     + else {
1385     + my $value = $record->get_value($attr) || '';
1386     return ($value);
1387     + }
1388     }
1389    
1390     +
1391     =head3 getUserGroups($username)
1392    
1393     -This method returns a list of the Active Directory groups that a user
1394     -is a member of.
1395     +This returns a list of groups the user is a member of.
1396    
1397     -Usage: @ad_groups=$ad->getUserGroups('username');
1398     +Usage: @user_groups = $ad->getUserGroups('username');
1399    
1400     =cut
1401    
1402     -sub getUserGroups { ##TO DO
1403     - my ($self,$user) = @_;
1404     +sub getUserGroups {
1405     + my($self,$user)=@_;
1406    
1407     - #Lookup entry in the active directory
1408     - my ($record) = $self->query('user',$user);
1409     + return (0) unless $user;
1410    
1411     - die $self->error("Unable to find \"$user\" in the Active Directory.\n")
1412     - unless ($record);
1413     + #Get getups
1414     + my $memberDN = $self->getUserAttr($user,'memberOf','all') || '';
1415    
1416     - #Get memberOf values from AD record object
1417     - my @results = $record->get_value('memberOf');
1418     -
1419     - return (map {(split(/[=,]/,$_))[1]} @results);
1420     + #AD returns the DN for group members, so we need to generate names
1421     + my ($sam,@groups);
1422     + foreach (@$memberDN) {
1423     + $sam = $self->getName($_) || '';
1424     + push (@groups,$sam) unless ($sam eq '');
1425     + }
1426     + return (@groups);
1427     }
1428    
1429     -=head3 getUserStatus($username)*
1430     +
1431     +=head3 getUserStatus($username)
1432    
1433     This method returns user account status, enabled or disabled, for a
1434     specified username.
1435     @@ -197,12 +277,63 @@
1436     sub getUserStatus {
1437     my ($self,$user)=@_;
1438    
1439     + return 0 unless $user;
1440     +
1441     return ($self->getStatus($user));
1442     }
1443    
1444     -=head3 listUsers($set)*
1445    
1446     -This method returns a list of usernames in the active directory
1447     +=head3 isUserInGroup($username,$group)
1448     +
1449     +This method returns true a user exists in a group, otherwise it returns
1450     +false.
1451     +
1452     +Usage: $is_user_in_group = $ad->isUserInGroup('username','groupname');
1453     +
1454     +=cut
1455     +
1456     +sub isUserInGroup {
1457     + my ($self,$user,$group)=@_;
1458     +
1459     + return (0) unless ($user && $group);
1460     +
1461     + #my @groups = $self->getUserGroups('root');
1462     +
1463     + my @groups = $self->getUserGroups($user);
1464     +
1465     + if (grep {$_ eq $group} @groups) {return(1);}
1466     + else {return(0);}
1467     +}
1468     +
1469     +=head3 listPseudonyms
1470     +
1471     +This method returns a list all Koozali User pseudonyms in the Active Directory
1472     +including the admin account.
1473     +
1474     +Usage: my @pseudonyms = $ad->listPseudonyms();
1475     +
1476     +=cut
1477     +
1478     +sub listPseudonyms {
1479     +
1480     +my ($self) = @_;
1481     +
1482     + #Pull all Koozali accounts
1483     + my @adRecords = $self->queryObjects('koozali');
1484     +
1485     + my (@proxyAddresses, @pseudonyms) = ();
1486     + foreach (@adRecords) {
1487     + @proxyAddresses = $_->get_value('proxyAddresses');
1488     + push(@pseudonyms, (grep(!/sme/,(map{split/:/,$_}@proxyAddresses))));
1489     + @proxyAddresses = ();
1490     + }
1491     + return(@pseudonyms);
1492     +}
1493     +
1494     +
1495     +=head3 listUsers($set)
1496     +
1497     +This method returns a list of usernames in the Active Directory
1498     depending upon the search set sent to the method. Valid search
1499     sets include:
1500    
1501     @@ -224,7 +355,7 @@
1502     return($self->listObjects($set));
1503     }
1504    
1505     -=head3 setPosixUser($user) *
1506     +=head3 setPosixUser($user)
1507    
1508     This method designates a user as a Posix User. The Posix user type
1509     represents the users managed by Koozali and displayed in the
1510     @@ -239,55 +370,9 @@
1511     sub setPosixUser {
1512     my ($self,$name) = @_;
1513    
1514     - return($self->setPosix($name));
1515     -}
1516     -
1517     -
1518     -=head3 setUserGroups($username,$groupRef)
1519     -
1520     -This mthod sets the groups that a user is a member of give the username
1521     -and an array reference to the group names a user is a member of.
1522     -
1523     -=cut
1524     -
1525     -sub setUserGroups {###TO DO
1526     - my ($self,$name,$groupRef) = @_;
1527     + return 0 unless $name;
1528    
1529     - #Check input parameters
1530     - die $self->error("Username not specified.\n") unless ($name);
1531     - die $self->error("List of user groups not specified for $name\n")
1532     - unless (ref($groupRef) eq 'ARRAY');
1533     -
1534     - my @groups = @$groupRef;
1535     -
1536     - #Verify that groups exist in the AD
1537     -
1538     - #Call connect as we'll need this Net::LDAP object later
1539     - my $ad = $self->connect();
1540     -
1541     - #Query AD using Net::LDAP syntax, as we called connect
1542     - my $query=$ad->search(
1543     - base => 'DC=domain,DC=com',
1544     - filter => "&(cn=$name)(objectClass=user)"
1545     - );
1546     - if($query->code()) {
1547     - die $self->error("Active Directory query error: ") .
1548     - ($query->server_error);
1549     - }
1550     - die $self->error("Unable to query \"$name\" from the Active Directory.\n")
1551     - unless (my $entry = $query->entry());
1552     -
1553     - #Modify Active Directory record and return true if successful, else die
1554     - #with error message from the Active Directory if update failed
1555     -
1556     - #$entry->replace(%dataHash);
1557     - my $result = $entry->update($ad);
1558     -
1559     - if($result->code()) {
1560     - die $self->error("Could not update \"$name\": ") .
1561     - ($result->server_error);
1562     - }
1563     - return (1);
1564     + return($self->setPosix($name));
1565     }
1566    
1567     =head3 validData()
1568     @@ -316,11 +401,13 @@
1569     'mail' => 1,
1570     'name' => 1,
1571     'physicalDeliveryOfficeName' => 1,
1572     + 'proxyAddresses' => 1,
1573     'sn' => 1,
1574     'telephoneNumber' => 1,
1575     'title' => 1,
1576     'uidNumber' => 1,
1577     'unixHomeDirectory' => 1,
1578     + 'quota' => 1,
1579     'wWWHomePage' => 1
1580     });
1581     }
1582     diff -urbN smeserver-samba-0.1.0/root/usr/share/perl5/vendor_perl/esmith/AD.pm smeserver-samba-0.1.0-072416-update/root/usr/share/perl5/vendor_perl/esmith/AD.pm
1583     --- smeserver-samba-0.1.0/root/usr/share/perl5/vendor_perl/esmith/AD.pm 2016-07-29 20:46:38.902060240 -0700
1584     +++ smeserver-samba-0.1.0-072416-update/root/usr/share/perl5/vendor_perl/esmith/AD.pm 2016-07-25 18:10:03.000000000 -0700
1585     @@ -4,7 +4,6 @@
1586     use Net::LDAP;
1587     use MIME::Base64();
1588     use esmith::ConfigDB;
1589     -use esmith::AccountsDB;
1590    
1591     #This package is to aid in debugging. Can remove
1592     use Data::Dumper;
1593     @@ -71,7 +70,7 @@
1594     my $user_status = $ad->getUserStatus;
1595    
1596    
1597     -=head3 getADRecord {$name)
1598     +=head3 getADRecord($name)
1599    
1600     This method returns a hash reference of attribute/value pairs
1601     from the Active Directory for attributes supported by this method,
1602     @@ -90,7 +89,7 @@
1603     die $self->error("Object name not specified.\n") unless $name;
1604    
1605     #Query record from AD
1606     - my ($record) = $self->queryObjects('single',$name);
1607     + my ($record) = $self->queryObjects($name);
1608    
1609     #Verify that we found a record in the AD
1610     die $self->error("Unable to find \"$name\" in the Active Directory.\n")
1611     @@ -98,12 +97,34 @@
1612    
1613     #Build a hash of supported attributes and values
1614     my @attributes = $self->attributes;
1615     +
1616     my %adRecord = map {$_ => ($record->get_value($_))||''} @attributes;
1617    
1618     return (\%adRecord);
1619     }
1620    
1621     -=head3 SID($name)
1622     +
1623     +=head3 getName($dn)
1624     +
1625     +This method returns an object sAMAccountName given an object DN.
1626     +
1627     +Usage: $sAMAccountName= = $ad->getName(DN);
1628     +
1629     +=cut
1630     +
1631     +sub getName {
1632     + my ($self,$dn) = @_;
1633     +
1634     + return (0) unless $dn;
1635     +
1636     + my @dnParts = split (/\,/,$dn);
1637     + my ($cn,$name) = split (/=/,$dnParts[0]);
1638     +
1639     + return ($name);
1640     +}
1641     +
1642     +
1643     +=head3 getSID($name)
1644    
1645     This method retrieves the SID for a specified Active Directory
1646     object name, decrypts it, and then returns it. This method must be
1647     @@ -209,27 +230,6 @@
1648     }
1649    
1650    
1651     -
1652     -
1653     -=head3 queryMembers($set,$value)
1654     -
1655     -###FIX ME: Need to rewite POD
1656     -This method is an alias method to the esmith::AD::listObjects method.
1657     -It returns a list of usernames from the Active Directory, and also
1658     -subsets of users:
1659     -
1660     -=cut
1661     -
1662     -sub queryMembers {
1663     - my ($self,$set,$value)=@_;
1664     -
1665     - ##Need to rewrite this to use the queryObjectsmethod
1666     - my $queryFilter = $self->BuildQuery('member',$set,$value) || '';
1667     -
1668     - return ($self->runQuery($queryFilter));
1669     -}
1670     -
1671     -
1672     =head3 queryObjects($self,$value,$attribute,$base)
1673    
1674     This is the primary query method for this API and returns Net::LDAP record
1675     @@ -244,12 +244,13 @@
1676    
1677     - all: All user account records in the active directory
1678     - buildin: Builtin user account records. Example: Administrator
1679     - - koozali: All user accoun records defined in this UI. These are the typical
1680     + - koozali: All user account records defined in this UI. These are the typical
1681     user accounts setup in the server-manager for via the commandline.
1682    
1683     -To search for a single user record, set $value to the Active Directory attribute
1684     -value for the record you'd like to search for. The default search attribute is
1685     -the username (e.g., sAMAccountName).
1686     +To search for a single, set $value to the Active Directory attribute value for
1687     +the record you'd like to search for. This method will automatically runtime
1688     +bind to the correct object type (i.e., users, groups, OUs, DNS). The default
1689     +search attribute is the username (e.g., sAMAccountName).
1690    
1691     This method can also search for single records given other AD attributes,
1692     but other search attributes must be defined in child classes. See child
1693     @@ -294,7 +295,6 @@
1694     $searchValue = $setValue;
1695     };
1696    
1697     -
1698     ##Build Query Filter
1699     my $queryFilter = $self->{'base'}->{"$base"} .
1700     $self->{'set'}->{"$set"};
1701     @@ -349,19 +349,24 @@
1702     sub setManyAttr {
1703     my ($self,$name,$attrRef) = @_;
1704    
1705     + return 0 unless ($name && $attrRef);
1706     +
1707     #Don't allow this method from this class
1708     - die $self->error("Must call this method on a esmith::AD child object.\n")
1709     + die $self->error("Must call this method on a esmith::AD child object\n")
1710     if (ref($self) eq 'esmith::AD');
1711    
1712     #Check to make sure we have enough data to perform an update
1713     - die $self->error("Entity to modify not specified.\n") unless ($name);
1714     die $self->error("No attributes set to modify for $name\n")
1715     unless (ref($attrRef) eq 'HASH');
1716    
1717     #Validate that we support the attributes for update
1718     foreach my $key (keys %$attrRef) {
1719     unless ($self->validData->{$key}) {
1720     - warn "Ignoring $key attribute for update -- Not supported.\n";
1721     + warn "Ignoring $key attribute for update -- Not supported\n";
1722     + delete $attrRef->{$key};
1723     + }
1724     + if ($attrRef->{$key} eq '') {
1725     + warn "Ignoring $key attribute since it is blank\n";
1726     delete $attrRef->{$key};
1727     }
1728     }
1729     @@ -377,7 +382,7 @@
1730     return (1);
1731     }
1732    
1733     -=head3 setPosix($type,$name) *
1734     +=head3 setPosix($type,$name)
1735    
1736     This method designates an Active Directory object as a Posix object given
1737     and object sAMAccount name (e.g., username).
1738     @@ -552,12 +557,12 @@
1739     my ($self)=@_;
1740    
1741     my $realm = $self->realm;
1742     - my @elements = split (/\./, $realm);
1743     + my @realmParts = split (/\./, $realm);
1744    
1745     - my $base = '';
1746     - foreach (@elements) {$base .= "DC=" . $_ . ","};
1747     + my @dnParts = map {'DC=' . $_} @realmParts;
1748     + my $base = join (',' , @dnParts);
1749    
1750     - return(substr ($base,0,-1));
1751     + return ($base);
1752     }
1753    
1754     #------------------------------------------------------------
1755     @@ -588,6 +593,21 @@
1756     }
1757    
1758     #------------------------------------------------------------
1759     +#Method: getObjectDN()
1760     +# This method builds and object DN for user and group
1761     +# objects in the Active Directory.
1762     +#-----------------------------------------------------------
1763     +sub getObjectDN {
1764     + my ($self,$name)=@_;
1765     +
1766     + return 0 unless $name;
1767     +
1768     + my $base = $self->baseDN;
1769     +
1770     + return('CN=' . $name . ',' . 'CN=Users,' . $base);
1771     +}
1772     +
1773     +#------------------------------------------------------------
1774     #Method: realm()
1775     # This method returns the realm which is the SME
1776     # domain name stored in the configuration dbase

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed