1# This file is part of CFEngine 3 - written and maintained by Northern.tech AS. 2 3# This program is free software; you can redistribute it and/or modify it 4# under the terms of the GNU General Public License as published by the 5# Free Software Foundation; version 3. 6 7# This program is distributed in the hope that it will be useful, 8# but WITHOUT ANY WARRANTY; without even the implied warranty of 9# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10# GNU General Public License for more details. 11 12# You should have received a copy of the GNU General Public License 13# along with this program; if not, write to the Free Software 14# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA 15 16# To the extent this program is licensed as part of the Enterprise 17# versions of Cfengine, the applicable Commercial Open Source License 18# (COSL) may apply to this file if you as a licensee so wish it. See 19# included file COSL.txt. 20 21######################################################################### 22# active_directory.cf - Extract Data From Windows Domain Controllers 23# 24# NOTE: Since we don't supply any credentials in this policy file, 25# the Domain Controller must allow anonymous bind. Also, 26# the user "NT AUTHORITY\ANONYMOUS LOGON" must be granted access 27# to the resources we want to read. 28# 29######################################################################### 30 31bundle agent active_directory 32{ 33 vars: 34 # NOTE: Edit this to your domain, e.g. "corp", may also need more DC's after it 35 "domain_name" string => "cftesting"; 36 "user_name" string => "Guest"; 37 38 39 # NOTE: We can also extract data from remote Domain Controllers 40 41 dummy.DomainController:: 42 "domain_controller" string => "localhost"; 43 44 "userlist" slist => ldaplist( 45 "ldap://$(domain_controller)", 46 "CN=Users,DC=$(domain_name),DC=com", 47 "(objectClass=user)", 48 "sAMAccountName", 49 "subtree", 50 "none"); 51 52 classes: 53 54 dummy.DomainController:: 55 56 "gotuser" expression => ldaparray( 57 "userinfo", 58 "ldap://$(domain_controller)", 59 "CN=$(user_name),CN=Users,DC=$(domain_name),DC=com", 60 "(name=*)", 61 "subtree", 62 "none"); 63 64 65 reports: 66 dummy.DomainController:: 67 "Username is \"$(userlist)\""; 68 69 dummy.gotuser:: 70 "Got user data; $(userinfo[name]) has logged on $(userinfo[logonCount]) times"; 71 72} 73 74