smart_proxy_realm_ad_plugin 0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/LICENSE +675 -0
- data/README.md +111 -0
- data/bundler.d/realm_ad_plugin.rb +2 -0
- data/config/realm_ad.yml.example +24 -0
- data/lib/smart_proxy_realm_ad/configuration_loader.rb +23 -0
- data/lib/smart_proxy_realm_ad/plugin.rb +12 -0
- data/lib/smart_proxy_realm_ad/provider.rb +131 -0
- data/lib/smart_proxy_realm_ad/version.rb +5 -0
- data/lib/smart_proxy_realm_ad_plugin.rb +4 -0
- data/test/ad_provider_test.rb +125 -0
- data/test/api_tests.sh +14 -0
- data/test/setup_ad.md +36 -0
- data/test/test_helper.rb +7 -0
- data/test/test_radcli.rb +57 -0
- metadata +133 -0
data/test/api_tests.sh
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
#!/bin/sh
|
2
|
+
|
3
|
+
# ping smart-proxy
|
4
|
+
curl -H "Accept: application/json" http://localhost:8000/features
|
5
|
+
|
6
|
+
# create host
|
7
|
+
curl -d 'hostname=server1.example.com' http://localhost:8000/realm/EXAMPLE.COM
|
8
|
+
|
9
|
+
# rebuild host
|
10
|
+
curl -d 'hostname=server1.example.com&rebuild=true' http://localhost:8000/realm/EXAMPLE.COM
|
11
|
+
|
12
|
+
# delete host
|
13
|
+
curl -XDELETE http://localhost:8000/realm/EXAMPLE.COM/server1
|
14
|
+
|
data/test/setup_ad.md
ADDED
@@ -0,0 +1,36 @@
|
|
1
|
+
1. Create a user EXAMPLE@realm-proxy in the User OU.
|
2
|
+
2. Set the password and make sure its active.
|
3
|
+
3. Give this user permission to manage computer accounts in the Computers OU.
|
4
|
+
4. Create a keytab in the linux machine using ktutil and the account password.
|
5
|
+
5. Put the keytab in /etc/foreman/
|
6
|
+
|
7
|
+
marten@martenubuntu:~/src/smart-proxy$ klist -k -t /etc/foreman-proxy/realm-proxy.keytab
|
8
|
+
Keytab name: FILE:/etc/foreman-proxy/realm-proxy.keytab
|
9
|
+
KVNO Timestamp Principal
|
10
|
+
---- ------------------- ------------------------------------------------------
|
11
|
+
1 2017-07-31 09:34:13 realm-proxy@EXAMPLE.COM
|
12
|
+
|
13
|
+
6. Make sure the settings file for the plugin is correct
|
14
|
+
|
15
|
+
marten@martenubuntu:~/src/smart-proxy$ cat ./config/settings.d/realm.yml
|
16
|
+
---
|
17
|
+
# Can be true, false, or http/https to enable just one of the protocols
|
18
|
+
:enabled: true
|
19
|
+
|
20
|
+
# Available providers:
|
21
|
+
# realm_freeipa
|
22
|
+
:use_provider: realm_ad
|
23
|
+
|
24
|
+
# Authentication for Kerberos-based Realms
|
25
|
+
:realm: EXAMPLE.COM
|
26
|
+
|
27
|
+
:keytab_path: /etc/foreman-proxy/realm-proxy.keytab
|
28
|
+
:principal: realm-proxy@EXAMPLE.COM
|
29
|
+
|
30
|
+
:domain_controller: dc.example.com
|
31
|
+
|
32
|
+
marten@martenubuntu:~/src/smart-proxy$
|
33
|
+
|
34
|
+
|
35
|
+
apt-get install adcli
|
36
|
+
adcli info --domain=EXAMPLE.COM --domain-controller=dc.example.com
|
data/test/test_helper.rb
ADDED
data/test/test_radcli.rb
ADDED
@@ -0,0 +1,57 @@
|
|
1
|
+
require 'radcli'
|
2
|
+
|
3
|
+
# Connect using password
|
4
|
+
adconn = Adcli::AdConn.new("example.com")
|
5
|
+
adconn.set_domain_realm("EXAMPLE.COM")
|
6
|
+
adconn.set_domain_controller("dc.example.com")
|
7
|
+
adconn.set_login_user("realm-proxy")
|
8
|
+
adconn.set_user_password("password")
|
9
|
+
res = adconn.connect
|
10
|
+
|
11
|
+
# Connect using kerberos keytab
|
12
|
+
require 'radcli'
|
13
|
+
require "rkerberos"
|
14
|
+
principal = "realm-proxy"
|
15
|
+
keytab="/etc/foreman-proxy/realm-proxy.keytab"
|
16
|
+
krb5 = Kerberos::Krb5.new
|
17
|
+
ccache = Kerberos::Krb5::CredentialsCache.new
|
18
|
+
krb5.get_init_creds_keytab principal, keytab, nil, ccache
|
19
|
+
adconn = Adcli::AdConn.new("example.com")
|
20
|
+
adconn.set_domain_realm("EXAMPLE.COM")
|
21
|
+
adconn.set_domain_controller("dc.example.com")
|
22
|
+
adconn.set_login_ccache_name("")
|
23
|
+
res = adconn.connect
|
24
|
+
|
25
|
+
|
26
|
+
# Delete the computer accounts object
|
27
|
+
enroll = Adcli::AdEnroll.new(adconn)
|
28
|
+
enroll.set_computer_name("server1")
|
29
|
+
enroll.delete()
|
30
|
+
|
31
|
+
# Create a computer account object
|
32
|
+
enroll = Adcli::AdEnroll.new(adconn)
|
33
|
+
enroll.set_computer_name("server1")
|
34
|
+
enroll.set_host_fqdn("server1.example.com")
|
35
|
+
enroll.set_computer_password("password")
|
36
|
+
enroll.join()
|
37
|
+
|
38
|
+
# Reset a computer accounts password
|
39
|
+
adconn.set_domain_controller("dc.example.com")
|
40
|
+
enroll = Adcli::AdEnroll.new(adconn)
|
41
|
+
enroll.set_computer_name("server1")
|
42
|
+
enroll.set_computer_password("newpass")
|
43
|
+
enroll.password()
|
44
|
+
|
45
|
+
# Delete the computer accounts object
|
46
|
+
enroll = Adcli::AdEnroll.new(adconn)
|
47
|
+
enroll.set_computer_name("server1")
|
48
|
+
enroll.delete()
|
49
|
+
|
50
|
+
|
51
|
+
# Create a computer account object in specific OU
|
52
|
+
enroll = Adcli::AdEnroll.new(adconn)
|
53
|
+
enroll.set_domain_ou('OU=Computers,OU=Foobar,DC=example,DC=com')
|
54
|
+
enroll.set_computer_name("server1")
|
55
|
+
enroll.set_host_fqdn("server1.example.com")
|
56
|
+
enroll.set_computer_password("password")
|
57
|
+
enroll.join()
|
metadata
ADDED
@@ -0,0 +1,133 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: smart_proxy_realm_ad_plugin
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: '0.1'
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Mårten Cassel
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2017-12-31 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: rake
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ">="
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0'
|
20
|
+
type: :development
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - ">="
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '0'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: mocha
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - ">="
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '0'
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - ">="
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: test-unit
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - ">="
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '0'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - ">="
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '0'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: rkerberos
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - ">="
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '0'
|
62
|
+
type: :runtime
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - ">="
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '0'
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: radcli
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - ">="
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '0'
|
76
|
+
type: :runtime
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - ">="
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: '0'
|
83
|
+
description: A realm ad provider plugin for Foreman's smart proxy
|
84
|
+
email:
|
85
|
+
- marten.cassel@gmail.com
|
86
|
+
executables: []
|
87
|
+
extensions: []
|
88
|
+
extra_rdoc_files: []
|
89
|
+
files:
|
90
|
+
- LICENSE
|
91
|
+
- README.md
|
92
|
+
- bundler.d/realm_ad_plugin.rb
|
93
|
+
- config/realm_ad.yml.example
|
94
|
+
- lib/smart_proxy_realm_ad/configuration_loader.rb
|
95
|
+
- lib/smart_proxy_realm_ad/plugin.rb
|
96
|
+
- lib/smart_proxy_realm_ad/provider.rb
|
97
|
+
- lib/smart_proxy_realm_ad/version.rb
|
98
|
+
- lib/smart_proxy_realm_ad_plugin.rb
|
99
|
+
- test/ad_provider_test.rb
|
100
|
+
- test/api_tests.sh
|
101
|
+
- test/setup_ad.md
|
102
|
+
- test/test_helper.rb
|
103
|
+
- test/test_radcli.rb
|
104
|
+
homepage: https://github.com/martencassel/smart_proxy_realm_ad_plugin
|
105
|
+
licenses:
|
106
|
+
- GPL-3.0
|
107
|
+
metadata: {}
|
108
|
+
post_install_message:
|
109
|
+
rdoc_options: []
|
110
|
+
require_paths:
|
111
|
+
- lib
|
112
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
113
|
+
requirements:
|
114
|
+
- - ">="
|
115
|
+
- !ruby/object:Gem::Version
|
116
|
+
version: '0'
|
117
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
118
|
+
requirements:
|
119
|
+
- - ">="
|
120
|
+
- !ruby/object:Gem::Version
|
121
|
+
version: '0'
|
122
|
+
requirements: []
|
123
|
+
rubyforge_project:
|
124
|
+
rubygems_version: 2.5.1
|
125
|
+
signing_key:
|
126
|
+
specification_version: 4
|
127
|
+
summary: A realm ad provider plugin for Foreman's smart proxy
|
128
|
+
test_files:
|
129
|
+
- test/ad_provider_test.rb
|
130
|
+
- test/api_tests.sh
|
131
|
+
- test/setup_ad.md
|
132
|
+
- test/test_helper.rb
|
133
|
+
- test/test_radcli.rb
|