smart_proxy_realm_ad_plugin 0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,14 @@
1
+ #!/bin/sh
2
+
3
+ # ping smart-proxy
4
+ curl -H "Accept: application/json" http://localhost:8000/features
5
+
6
+ # create host
7
+ curl -d 'hostname=server1.example.com' http://localhost:8000/realm/EXAMPLE.COM
8
+
9
+ # rebuild host
10
+ curl -d 'hostname=server1.example.com&rebuild=true' http://localhost:8000/realm/EXAMPLE.COM
11
+
12
+ # delete host
13
+ curl -XDELETE http://localhost:8000/realm/EXAMPLE.COM/server1
14
+
@@ -0,0 +1,36 @@
1
+ 1. Create a user EXAMPLE@realm-proxy in the User OU.
2
+ 2. Set the password and make sure its active.
3
+ 3. Give this user permission to manage computer accounts in the Computers OU.
4
+ 4. Create a keytab in the linux machine using ktutil and the account password.
5
+ 5. Put the keytab in /etc/foreman/
6
+
7
+ marten@martenubuntu:~/src/smart-proxy$ klist -k -t /etc/foreman-proxy/realm-proxy.keytab
8
+ Keytab name: FILE:/etc/foreman-proxy/realm-proxy.keytab
9
+ KVNO Timestamp Principal
10
+ ---- ------------------- ------------------------------------------------------
11
+ 1 2017-07-31 09:34:13 realm-proxy@EXAMPLE.COM
12
+
13
+ 6. Make sure the settings file for the plugin is correct
14
+
15
+ marten@martenubuntu:~/src/smart-proxy$ cat ./config/settings.d/realm.yml
16
+ ---
17
+ # Can be true, false, or http/https to enable just one of the protocols
18
+ :enabled: true
19
+
20
+ # Available providers:
21
+ # realm_freeipa
22
+ :use_provider: realm_ad
23
+
24
+ # Authentication for Kerberos-based Realms
25
+ :realm: EXAMPLE.COM
26
+
27
+ :keytab_path: /etc/foreman-proxy/realm-proxy.keytab
28
+ :principal: realm-proxy@EXAMPLE.COM
29
+
30
+ :domain_controller: dc.example.com
31
+
32
+ marten@martenubuntu:~/src/smart-proxy$
33
+
34
+
35
+ apt-get install adcli
36
+ adcli info --domain=EXAMPLE.COM --domain-controller=dc.example.com
@@ -0,0 +1,7 @@
1
+ require 'test/unit'
2
+ require 'mocha/setup'
3
+
4
+ require 'smart_proxy_for_testing'
5
+
6
+ # create log directory in our (not smart-proxy) directory
7
+ FileUtils.mkdir_p File.dirname(Proxy::SETTINGS.log_file)
@@ -0,0 +1,57 @@
1
+ require 'radcli'
2
+
3
+ # Connect using password
4
+ adconn = Adcli::AdConn.new("example.com")
5
+ adconn.set_domain_realm("EXAMPLE.COM")
6
+ adconn.set_domain_controller("dc.example.com")
7
+ adconn.set_login_user("realm-proxy")
8
+ adconn.set_user_password("password")
9
+ res = adconn.connect
10
+
11
+ # Connect using kerberos keytab
12
+ require 'radcli'
13
+ require "rkerberos"
14
+ principal = "realm-proxy"
15
+ keytab="/etc/foreman-proxy/realm-proxy.keytab"
16
+ krb5 = Kerberos::Krb5.new
17
+ ccache = Kerberos::Krb5::CredentialsCache.new
18
+ krb5.get_init_creds_keytab principal, keytab, nil, ccache
19
+ adconn = Adcli::AdConn.new("example.com")
20
+ adconn.set_domain_realm("EXAMPLE.COM")
21
+ adconn.set_domain_controller("dc.example.com")
22
+ adconn.set_login_ccache_name("")
23
+ res = adconn.connect
24
+
25
+
26
+ # Delete the computer accounts object
27
+ enroll = Adcli::AdEnroll.new(adconn)
28
+ enroll.set_computer_name("server1")
29
+ enroll.delete()
30
+
31
+ # Create a computer account object
32
+ enroll = Adcli::AdEnroll.new(adconn)
33
+ enroll.set_computer_name("server1")
34
+ enroll.set_host_fqdn("server1.example.com")
35
+ enroll.set_computer_password("password")
36
+ enroll.join()
37
+
38
+ # Reset a computer accounts password
39
+ adconn.set_domain_controller("dc.example.com")
40
+ enroll = Adcli::AdEnroll.new(adconn)
41
+ enroll.set_computer_name("server1")
42
+ enroll.set_computer_password("newpass")
43
+ enroll.password()
44
+
45
+ # Delete the computer accounts object
46
+ enroll = Adcli::AdEnroll.new(adconn)
47
+ enroll.set_computer_name("server1")
48
+ enroll.delete()
49
+
50
+
51
+ # Create a computer account object in specific OU
52
+ enroll = Adcli::AdEnroll.new(adconn)
53
+ enroll.set_domain_ou('OU=Computers,OU=Foobar,DC=example,DC=com')
54
+ enroll.set_computer_name("server1")
55
+ enroll.set_host_fqdn("server1.example.com")
56
+ enroll.set_computer_password("password")
57
+ enroll.join()
metadata ADDED
@@ -0,0 +1,133 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: smart_proxy_realm_ad_plugin
3
+ version: !ruby/object:Gem::Version
4
+ version: '0.1'
5
+ platform: ruby
6
+ authors:
7
+ - Mårten Cassel
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2017-12-31 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: rake
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '0'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: '0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: mocha
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: '0'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: '0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: test-unit
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: rkerberos
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
62
+ type: :runtime
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: '0'
69
+ - !ruby/object:Gem::Dependency
70
+ name: radcli
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - ">="
74
+ - !ruby/object:Gem::Version
75
+ version: '0'
76
+ type: :runtime
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - ">="
81
+ - !ruby/object:Gem::Version
82
+ version: '0'
83
+ description: A realm ad provider plugin for Foreman's smart proxy
84
+ email:
85
+ - marten.cassel@gmail.com
86
+ executables: []
87
+ extensions: []
88
+ extra_rdoc_files: []
89
+ files:
90
+ - LICENSE
91
+ - README.md
92
+ - bundler.d/realm_ad_plugin.rb
93
+ - config/realm_ad.yml.example
94
+ - lib/smart_proxy_realm_ad/configuration_loader.rb
95
+ - lib/smart_proxy_realm_ad/plugin.rb
96
+ - lib/smart_proxy_realm_ad/provider.rb
97
+ - lib/smart_proxy_realm_ad/version.rb
98
+ - lib/smart_proxy_realm_ad_plugin.rb
99
+ - test/ad_provider_test.rb
100
+ - test/api_tests.sh
101
+ - test/setup_ad.md
102
+ - test/test_helper.rb
103
+ - test/test_radcli.rb
104
+ homepage: https://github.com/martencassel/smart_proxy_realm_ad_plugin
105
+ licenses:
106
+ - GPL-3.0
107
+ metadata: {}
108
+ post_install_message:
109
+ rdoc_options: []
110
+ require_paths:
111
+ - lib
112
+ required_ruby_version: !ruby/object:Gem::Requirement
113
+ requirements:
114
+ - - ">="
115
+ - !ruby/object:Gem::Version
116
+ version: '0'
117
+ required_rubygems_version: !ruby/object:Gem::Requirement
118
+ requirements:
119
+ - - ">="
120
+ - !ruby/object:Gem::Version
121
+ version: '0'
122
+ requirements: []
123
+ rubyforge_project:
124
+ rubygems_version: 2.5.1
125
+ signing_key:
126
+ specification_version: 4
127
+ summary: A realm ad provider plugin for Foreman's smart proxy
128
+ test_files:
129
+ - test/ad_provider_test.rb
130
+ - test/api_tests.sh
131
+ - test/setup_ad.md
132
+ - test/test_helper.rb
133
+ - test/test_radcli.rb