fix: refs #6432 account sync fixes

Dockerfile

@@ -31,7 +31,7 @@ RUN apt-get update \
 
 RUN apt-get update \
     && apt-get install -y --no-install-recommends \
-        samba-common-bin \
+        samba-common-bin samba-dsdb-modules\
     && rm -rf /var/lib/apt/lists/* \
     && npm -g install pm2
 

modules/account/back/models/samba-config.js

@@ -33,16 +33,17 @@ module.exports = Self => {
                 .split('.')
                 .map(part => `dc=${part}`)
                 .join(',');
-            const ldapUser = `cn=${this.adUser},cn=Users,${baseDn}`;
+            const bindDn = `cn=${this.adUser},cn=Users,${baseDn}`;
 
             const adClient = ldap.createClient({
                 url: `ldaps://${this.adController}:636`,
                 tlsOptions: {rejectUnauthorized: this.verifyCert}
             });
-            await adClient.bind(ldapUser, this.adPassword);
+            await adClient.bind(bindDn, this.adPassword);
             Object.assign(this, {
                 adClient,
-                fullUsersDn: `${this.userDn},${baseDn}`
+                fullUsersDn: `${this.userDn},${baseDn}`,
+                bindDn
             });
         },
 
@@ -51,11 +52,14 @@ module.exports = Self => {
         },
 
         async sambaTool(command, args = []) {
-            const authArgs = [
-                '--URL', `ldap://${this.adController}`,
-                '--username', this.adUser,
+            let authArgs = [
+                '--URL', `ldaps://${this.adController}`,
+                '--simple-bind-dn', this.bindDn,
                 '--password', this.adPassword
             ];
+            if (!this.verifyCert)
+                authArgs.push('--option', 'tls verify peer = no_check');
+
             const allArgs = [command].concat(
                 args, authArgs
             );
@@ -151,8 +155,8 @@ module.exports = Self => {
          */
         async getUsers(usersToSync) {
             const LDAP_MATCHING_RULE_BIT_AND = '1.2.840.113556.1.4.803';
-            // eslint-disable-next-line max-len
-            const filter = `!(userAccountControl:${LDAP_MATCHING_RULE_BIT_AND}:=${UserAccountControlFlags.ACCOUNTDISABLE})`;
+            const filter = `!(userAccountControl:${LDAP_MATCHING_RULE_BIT_AND}`
+                + `:=${UserAccountControlFlags.ACCOUNTDISABLE})`;
 
             const opts = {
                 scope: 'sub',

modules/account/front/samba/index.html

@@ -40,6 +40,11 @@
                 type="password"
                 rule="SambaConfig">
             </vn-textfield>
+            <vn-textfield
+                label="User DN (without domain part)"
+                ng-model="$ctrl.config.userDn"
+                rule="SambaConfig">
+            </vn-textfield>
             <vn-check
                 label="Verify certificate"
                 ng-model="$ctrl.config.verifyCert">

modules/account/front/samba/locale/es.yml

@@ -3,6 +3,7 @@ Domain controller: Controlador de dominio
 AD domain: Dominio AD
 AD user: Usuario AD
 AD password: Contraseña AD
+User DN (without domain part): DN usuarios (sin la parte del dominio)
 Verify certificate: Verificar certificado
 Test connection: Probar conexión
 Samba connection established!: ¡Conexión con Samba establecida!