smart_proxy_realm_ad_plugin 0.1

data/test/api_tests.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+# ping smart-proxy
+curl -H "Accept: application/json" http://localhost:8000/features
+
+# create host
+curl -d 'hostname=server1.example.com' http://localhost:8000/realm/EXAMPLE.COM
+
+# rebuild host
+curl -d 'hostname=server1.example.com&rebuild=true' http://localhost:8000/realm/EXAMPLE.COM
+
+# delete host
+curl -XDELETE http://localhost:8000/realm/EXAMPLE.COM/server1
+

data/test/setup_ad.md

@@ -0,0 +1,36 @@
+1. Create a user EXAMPLE@realm-proxy in the User OU.
+2. Set the password and make sure its active.
+3. Give this user permission to manage computer accounts in the Computers OU.
+4. Create a keytab in the linux machine using ktutil and the account password.
+5. Put the keytab in /etc/foreman/
+
+marten@martenubuntu:~/src/smart-proxy$ klist -k -t /etc/foreman-proxy/realm-proxy.keytab 
+Keytab name: FILE:/etc/foreman-proxy/realm-proxy.keytab
+KVNO Timestamp           Principal
+---- ------------------- ------------------------------------------------------
+   1 2017-07-31 09:34:13 realm-proxy@EXAMPLE.COM
+
+6. Make sure the settings file for the plugin is correct
+
+marten@martenubuntu:~/src/smart-proxy$ cat ./config/settings.d/realm.yml
+---
+# Can be true, false, or http/https to enable just one of the protocols
+:enabled: true
+
+# Available providers:
+#   realm_freeipa
+:use_provider: realm_ad
+
+# Authentication for Kerberos-based Realms
+:realm: EXAMPLE.COM
+
+:keytab_path:  /etc/foreman-proxy/realm-proxy.keytab
+:principal: realm-proxy@EXAMPLE.COM
+
+:domain_controller: dc.example.com
+
+marten@martenubuntu:~/src/smart-proxy$
+
+
+apt-get install adcli
+adcli info --domain=EXAMPLE.COM --domain-controller=dc.example.com

data/test/test_helper.rb

@@ -0,0 +1,7 @@
+require 'test/unit'
+require 'mocha/setup'
+
+require 'smart_proxy_for_testing'
+
+# create log directory in our (not smart-proxy) directory
+FileUtils.mkdir_p File.dirname(Proxy::SETTINGS.log_file)

data/test/test_radcli.rb

@@ -0,0 +1,57 @@
+require 'radcli'
+
+# Connect using password
+adconn = Adcli::AdConn.new("example.com")
+adconn.set_domain_realm("EXAMPLE.COM")
+adconn.set_domain_controller("dc.example.com")
+adconn.set_login_user("realm-proxy")
+adconn.set_user_password("password")
+res = adconn.connect
+
+# Connect using kerberos keytab
+require 'radcli'
+require "rkerberos"
+principal = "realm-proxy"
+keytab="/etc/foreman-proxy/realm-proxy.keytab"
+krb5 = Kerberos::Krb5.new
+ccache = Kerberos::Krb5::CredentialsCache.new
+krb5.get_init_creds_keytab principal, keytab, nil, ccache
+adconn = Adcli::AdConn.new("example.com")
+adconn.set_domain_realm("EXAMPLE.COM")
+adconn.set_domain_controller("dc.example.com")
+adconn.set_login_ccache_name("")
+res = adconn.connect
+
+
+# Delete the computer accounts object
+enroll = Adcli::AdEnroll.new(adconn)
+enroll.set_computer_name("server1")
+enroll.delete()
+
+# Create a computer account object
+enroll = Adcli::AdEnroll.new(adconn)
+enroll.set_computer_name("server1")
+enroll.set_host_fqdn("server1.example.com")
+enroll.set_computer_password("password")
+enroll.join()
+
+# Reset a computer accounts password
+adconn.set_domain_controller("dc.example.com")
+enroll = Adcli::AdEnroll.new(adconn)
+enroll.set_computer_name("server1")
+enroll.set_computer_password("newpass")
+enroll.password()
+
+# Delete the computer accounts object
+enroll = Adcli::AdEnroll.new(adconn)
+enroll.set_computer_name("server1")
+enroll.delete()
+
+
+# Create a computer account object in specific OU
+enroll = Adcli::AdEnroll.new(adconn)
+enroll.set_domain_ou('OU=Computers,OU=Foobar,DC=example,DC=com')
+enroll.set_computer_name("server1")
+enroll.set_host_fqdn("server1.example.com")
+enroll.set_computer_password("password")
+enroll.join()

metadata

@@ -0,0 +1,133 @@
+--- !ruby/object:Gem::Specification
+name: smart_proxy_realm_ad_plugin
+version: !ruby/object:Gem::Version
+  version: '0.1'
+platform: ruby
+authors:
+- Mårten Cassel
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-12-31 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: mocha
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: test-unit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rkerberos
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: radcli
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: A realm ad provider plugin for Foreman's smart proxy
+email:
+- marten.cassel@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- README.md
+- bundler.d/realm_ad_plugin.rb
+- config/realm_ad.yml.example
+- lib/smart_proxy_realm_ad/configuration_loader.rb
+- lib/smart_proxy_realm_ad/plugin.rb
+- lib/smart_proxy_realm_ad/provider.rb
+- lib/smart_proxy_realm_ad/version.rb
+- lib/smart_proxy_realm_ad_plugin.rb
+- test/ad_provider_test.rb
+- test/api_tests.sh
+- test/setup_ad.md
+- test/test_helper.rb
+- test/test_radcli.rb
+homepage: https://github.com/martencassel/smart_proxy_realm_ad_plugin
+licenses:
+- GPL-3.0
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: A realm ad provider plugin for Foreman's smart proxy
+test_files:
+- test/ad_provider_test.rb
+- test/api_tests.sh
+- test/setup_ad.md
+- test/test_helper.rb
+- test/test_radcli.rb