#  This file is part of CFEngine 3 - written and maintained by Northern.tech AS.

#  This program is free software; you can redistribute it and/or modify it
#  under the terms of the GNU General Public License as published by the
#  Free Software Foundation; version 3.

#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.

# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA

# To the extent this program is licensed as part of the Enterprise
# versions of Cfengine, the applicable Commercial Open Source License
# (COSL) may apply to this file if you as a licensee so wish it. See
# included file COSL.txt.

#########################################################################
#   active_directory.cf - Extract Data From Windows Domain Controllers
#
#   NOTE: Since we don't supply any credentials in this policy file,
#         the Domain Controller must allow anonymous bind. Also,
#         the user "NT AUTHORITY\ANONYMOUS LOGON" must be granted access
#         to the resources we want to read.
#
#########################################################################

bundle agent active_directory
{
  vars:
      # NOTE: Edit this to your domain, e.g. "corp", may also need more DC's after it
      "domain_name" string => "cftesting";
      "user_name"    string => "Guest";

      
      # NOTE: We can also extract data from remote Domain Controllers

    dummy.DomainController::
      "domain_controller"  string => "localhost";

      "userlist"    slist => ldaplist(
                                       "ldap://$(domain_controller)",
                                       "CN=Users,DC=$(domain_name),DC=com",
                                       "(objectClass=user)",
                                       "sAMAccountName",
                                       "subtree",
                                       "none");

  classes:

    dummy.DomainController::

      "gotuser" expression => ldaparray(
					 "userinfo",
					 "ldap://$(domain_controller)",
					 "CN=$(user_name),CN=Users,DC=$(domain_name),DC=com",
					 "(name=*)",
					 "subtree",
					 "none");

      
  reports:
    dummy.DomainController::
      "Username is \"$(userlist)\"";

    dummy.gotuser::
      "Got user data; $(userinfo[name]) has logged on $(userinfo[logonCount]) times";

}