verdnatura/salix
verdnatura
/
salix
3
4
Fork 0
Code Issues Pull Requests 57 Releases Wiki Activity

fix: refs #6432 account sync fixes
gitea/salix/pipeline/head This commit looks good Details

This commit is contained in:
Juan Ferrer 2023-11-17 08:56:25 +01:00
parent c2e295f777
commit bb6f3b4cfd
4 changed files with 26 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile
View File

@ -31,7 +31,7 @@ RUN apt-get update \
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
samba-common-bin \
samba-common-bin samba-dsdb-modules\
&& rm -rf /var/lib/apt/lists/* \
&& npm -g install pm2

20
modules/account/back/models/samba-config.js
View File

@ -33,16 +33,17 @@ module.exports = Self => {
.split('.')
.map(part => `dc=${part}`)
.join(',');
const ldapUser = `cn=${this.adUser},cn=Users,${baseDn}`;
const bindDn = `cn=${this.adUser},cn=Users,${baseDn}`;
const adClient = ldap.createClient({
url: `ldaps://${this.adController}:636`,
tlsOptions: {rejectUnauthorized: this.verifyCert}
});
await adClient.bind(ldapUser, this.adPassword);
await adClient.bind(bindDn, this.adPassword);
Object.assign(this, {
adClient,
fullUsersDn: `${this.userDn},${baseDn}`
fullUsersDn: `${this.userDn},${baseDn}`,
bindDn
});
},
@ -51,11 +52,14 @@ module.exports = Self => {
},
async sambaTool(command, args = []) {
const authArgs = [
'--URL', `ldap://${this.adController}`,
'--username', this.adUser,
let authArgs = [
'--URL', `ldaps://${this.adController}`,
'--simple-bind-dn', this.bindDn,
'--password', this.adPassword
];
if (!this.verifyCert)
authArgs.push('--option', 'tls verify peer = no_check');
const allArgs = [command].concat(
args, authArgs
);
@ -151,8 +155,8 @@ module.exports = Self => {
*/
async getUsers(usersToSync) {
const LDAP_MATCHING_RULE_BIT_AND = '1.2.840.113556.1.4.803';
// eslint-disable-next-line max-len
const filter = `!(userAccountControl:${LDAP_MATCHING_RULE_BIT_AND}:=${UserAccountControlFlags.ACCOUNTDISABLE})`;
const filter = `!(userAccountControl:${LDAP_MATCHING_RULE_BIT_AND}`
+ `:=${UserAccountControlFlags.ACCOUNTDISABLE})`;
const opts = {
scope: 'sub',

19
modules/account/front/samba/index.html
View File

@ -12,7 +12,7 @@
<vn-card class="vn-pa-lg" vn-focus>
<vn-vertical>
<vn-check
label="Enable synchronization"
label="Enable synchronization"
ng-model="watcher.hasData">
</vn-check>
</vn-vertical>
@ -20,28 +20,33 @@
ng-if="watcher.hasData"
class="vn-mt-md">
<vn-textfield
label="AD domain"
label="AD domain"
ng-model="$ctrl.config.adDomain"
rule="SambaConfig">
</vn-textfield>
<vn-textfield
label="Domain controller"
label="Domain controller"
ng-model="$ctrl.config.adController"
rule="SambaConfig">
</vn-textfield>
<vn-textfield
label="AD user"
label="AD user"
ng-model="$ctrl.config.adUser"
rule="SambaConfig">
</vn-textfield>
<vn-textfield
label="AD password"
label="AD password"
ng-model="$ctrl.config.adPassword"
type="password"
rule="SambaConfig">
</vn-textfield>
<vn-textfield
label="User DN (without domain part)"
ng-model="$ctrl.config.userDn"
rule="SambaConfig">
</vn-textfield>
<vn-check
label="Verify certificate"
label="Verify certificate"
ng-model="$ctrl.config.verifyCert">
</vn-check>
</vn-vertical>
@ -63,4 +68,4 @@
ng-click="watcher.loadOriginalData()">
</vn-button>
</vn-button-bar>
</form>
</form>

1
modules/account/front/samba/locale/es.yml
View File

@ -3,6 +3,7 @@ Domain controller: Controlador de dominio
AD domain: Dominio AD
AD user: Usuario AD
AD password: Contraseña AD
User DN (without domain part): DN usuarios (sin la parte del dominio)
Verify certificate: Verificar certificado
Test connection: Probar conexión
Samba connection established!: ¡Conexión con Samba establecida!