verdnatura/salix
verdnatura
/
salix
3
4
Fork 0
Code Issues Pull Requests 59 Releases Wiki Activity

fix: refs #6432 account sync fixes
gitea/salix/pipeline/head This commit looks good Details

This commit is contained in:
Juan Ferrer 2023-11-17 08:56:25 +01:00
parent c2e295f777
commit bb6f3b4cfd
4 changed files with 26 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile
View File

@ -31,7 +31,7 @@ RUN apt-get update \
RUN apt-get update \ RUN apt-get update \
&& apt-get install -y --no-install-recommends \ && apt-get install -y --no-install-recommends \
samba-common-bin \ samba-common-bin samba-dsdb-modules\
&& rm -rf /var/lib/apt/lists/* \ && rm -rf /var/lib/apt/lists/* \
&& npm -g install pm2 && npm -g install pm2

20
modules/account/back/models/samba-config.js
View File

@ -33,16 +33,17 @@ module.exports = Self => {
.split('.') .split('.')
.map(part => `dc=${part}`) .map(part => `dc=${part}`)
.join(','); .join(',');
const ldapUser = `cn=${this.adUser},cn=Users,${baseDn}`; const bindDn = `cn=${this.adUser},cn=Users,${baseDn}`;
const adClient = ldap.createClient({ const adClient = ldap.createClient({
url: `ldaps://${this.adController}:636`, url: `ldaps://${this.adController}:636`,
tlsOptions: {rejectUnauthorized: this.verifyCert} tlsOptions: {rejectUnauthorized: this.verifyCert}
}); });
await adClient.bind(ldapUser, this.adPassword); await adClient.bind(bindDn, this.adPassword);
Object.assign(this, { Object.assign(this, {
adClient, adClient,
fullUsersDn: `${this.userDn},${baseDn}` fullUsersDn: `${this.userDn},${baseDn}`,
bindDn
}); });
}, },
@ -51,11 +52,14 @@ module.exports = Self => {
}, },
async sambaTool(command, args = []) { async sambaTool(command, args = []) {
const authArgs = [ let authArgs = [
'--URL', `ldap://${this.adController}`, '--URL', `ldaps://${this.adController}`,
'--username', this.adUser, '--simple-bind-dn', this.bindDn,
'--password', this.adPassword '--password', this.adPassword
]; ];
if (!this.verifyCert)
authArgs.push('--option', 'tls verify peer = no_check');
const allArgs = [command].concat( const allArgs = [command].concat(
args, authArgs args, authArgs
); );
@ -151,8 +155,8 @@ module.exports = Self => {
*/ */
async getUsers(usersToSync) { async getUsers(usersToSync) {
const LDAP_MATCHING_RULE_BIT_AND = '1.2.840.113556.1.4.803'; const LDAP_MATCHING_RULE_BIT_AND = '1.2.840.113556.1.4.803';
// eslint-disable-next-line max-len const filter = `!(userAccountControl:${LDAP_MATCHING_RULE_BIT_AND}`
const filter = `!(userAccountControl:${LDAP_MATCHING_RULE_BIT_AND}:=${UserAccountControlFlags.ACCOUNTDISABLE})`; + `:=${UserAccountControlFlags.ACCOUNTDISABLE})`;
const opts = { const opts = {
scope: 'sub', scope: 'sub',

5
modules/account/front/samba/index.html
View File

@ -40,6 +40,11 @@
type="password" type="password"
rule="SambaConfig"> rule="SambaConfig">
</vn-textfield> </vn-textfield>
<vn-textfield
label="User DN (without domain part)"
ng-model="$ctrl.config.userDn"
rule="SambaConfig">
</vn-textfield>
<vn-check <vn-check
label="Verify certificate" label="Verify certificate"
ng-model="$ctrl.config.verifyCert"> ng-model="$ctrl.config.verifyCert">

1
modules/account/front/samba/locale/es.yml
View File

@ -3,6 +3,7 @@ Domain controller: Controlador de dominio
AD domain: Dominio AD AD domain: Dominio AD
AD user: Usuario AD AD user: Usuario AD
AD password: Contraseña AD AD password: Contraseña AD
User DN (without domain part): DN usuarios (sin la parte del dominio)
Verify certificate: Verificar certificado Verify certificate: Verificar certificado
Test connection: Probar conexión Test connection: Probar conexión
Samba connection established!: ¡Conexión con Samba establecida! Samba connection established!: ¡Conexión con Samba establecida!