1#  This file is part of CFEngine 3 - written and maintained by Northern.tech AS.
2
3#  This program is free software; you can redistribute it and/or modify it
4#  under the terms of the GNU General Public License as published by the
5#  Free Software Foundation; version 3.
6
7#  This program is distributed in the hope that it will be useful,
8#  but WITHOUT ANY WARRANTY; without even the implied warranty of
9#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
10#  GNU General Public License for more details.
11
12# You should have received a copy of the GNU General Public License
13# along with this program; if not, write to the Free Software
14# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA
15
16# To the extent this program is licensed as part of the Enterprise
17# versions of Cfengine, the applicable Commercial Open Source License
18# (COSL) may apply to this file if you as a licensee so wish it. See
19# included file COSL.txt.
20
21#########################################################################
22#   active_directory.cf - Extract Data From Windows Domain Controllers
23#
24#   NOTE: Since we don't supply any credentials in this policy file,
25#         the Domain Controller must allow anonymous bind. Also,
26#         the user "NT AUTHORITY\ANONYMOUS LOGON" must be granted access
27#         to the resources we want to read.
28#
29#########################################################################
30
31bundle agent active_directory
32{
33  vars:
34      # NOTE: Edit this to your domain, e.g. "corp", may also need more DC's after it
35      "domain_name" string => "cftesting";
36      "user_name"    string => "Guest";
37
38
39      # NOTE: We can also extract data from remote Domain Controllers
40
41    dummy.DomainController::
42      "domain_controller"  string => "localhost";
43
44      "userlist"    slist => ldaplist(
45                                       "ldap://$(domain_controller)",
46                                       "CN=Users,DC=$(domain_name),DC=com",
47                                       "(objectClass=user)",
48                                       "sAMAccountName",
49                                       "subtree",
50                                       "none");
51
52  classes:
53
54    dummy.DomainController::
55
56      "gotuser" expression => ldaparray(
57					 "userinfo",
58					 "ldap://$(domain_controller)",
59					 "CN=$(user_name),CN=Users,DC=$(domain_name),DC=com",
60					 "(name=*)",
61					 "subtree",
62					 "none");
63
64
65  reports:
66    dummy.DomainController::
67      "Username is \"$(userlist)\"";
68
69    dummy.gotuser::
70      "Got user data; $(userinfo[name]) has logged on $(userinfo[logonCount]) times";
71
72}
73
74