diff --git a/root/etc/e-smith/events/actions/create-machine-account b/root/etc/e-smith/events/actions/create-machine-account index fdd6103..390a0a1 100644 --- a/root/etc/e-smith/events/actions/create-machine-account +++ b/root/etc/e-smith/events/actions/create-machine-account @@ -1,6 +1,7 @@ #!/usr/bin/perl -w #---------------------------------------------------------------------- # copyright (C) 2001 Mitel Networks Corporation +# Copyright (C) 2024 Koozali Foundation inc. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -26,6 +27,9 @@ use Errno; use esmith::ConfigDB; use esmith::AccountsDB; use esmith::util; +use utf8; +use esmith::util::ldap; + my $a = esmith::AccountsDB->open || die "Couldn't open accounts db\n"; my $c = esmith::ConfigDB->open_ro || die "Could not open Config DB"; @@ -33,8 +37,8 @@ my $c = esmith::ConfigDB->open_ro || die "Could not open Config DB"; my $ldapauth = $c->get('ldap')->prop('Authentication') || 'disabled'; my $x = 0; # exit value -my $domain = $c->get('DomainName')->value(); -my $base = esmith::util::ldapBase ($domain); +# prepare LDAP bind +my $ldap=esmith::util::ldap->new(); my $event = $ARGV [0]; my $machineName = $ARGV [1]; @@ -101,34 +105,16 @@ if ($ldapauth ne 'enabled') } # Create the machine's unique group first (in ldap) -system( - "/usr/sbin/cpu", "-C/etc/cpu-system.conf", "groupadd", - "-g", $gid, - "-o", - "$machineName" - ) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) group $machineName.\n" ); +my $result = $ldap->ldapgroup($m); +$result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) group $machineName.\n" ); -# Now create the machine account (in ldap) -system( - "/usr/sbin/cpu", "-C/etc/cpu-system.conf", "useradd", - "-u", $uid, - "-g", $gid, - "--userbase=ou=Computers,$base", - "-c", "Hostname account for $machineName", - "-o", - "-d", "/noexistingpath", - "-s", "/bin/false", - "$machineName" - ) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) account $machineName.\n" ); +# Now create the machine account (in ldap). samba related action script will add more +$result = $ldap->ldapaddmachine($m); +$result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) account $machineName.\n" ); warn "create-machine-account $machineName: Locking account\n"; -system("/usr/sbin/cpu", "-C/etc/cpu-system.conf", "usermod", - "--userbase=ou=Computers,$base", - "-o", - "-L", - "$machineName" -) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed locking (ldap) password for $machineName\n" ); +# esmith::util::ldap ldapaddmachine already lock account on creation in LDAP if ($ldapauth ne 'enabled') { diff --git a/smeserver-samba.spec b/smeserver-samba.spec index 2fda078..c1a2415 100644 --- a/smeserver-samba.spec +++ b/smeserver-samba.spec @@ -4,7 +4,7 @@ Summary: smeserver specific Samba configuration files and templates %define name smeserver-samba Name: %{name} %define version 11.0.0 -%define release 5 +%define release 6 Version: %{version} Release: %{release}%{?dist} License: GPL @@ -18,7 +18,7 @@ Provides: e-smith-samba Obsoletes: e-smith-samba BuildRequires: smeserver-devtools >= 1.13.1-03 Obsoletes: e-smith-regedit -Requires: smeserver-lib >= 2.2.0-2 +Requires: smeserver-lib >= 11.0.0-7 Requires: smeserver-formmagick >= 1.4.0-9 Requires: samba >= 3.5.10 Requires: samba-client >= 3.5.10 @@ -41,6 +41,9 @@ Requires: /usr/bin/tdbbackup AutoReqProv: no %changelog +* Tue Aug 13 2024 Jean-Philippe Pialasse 11.0.0-6.sme +- use esmith::util::ldap for machines LDAP account [SME: 12687] + * Tue Apr 16 2024 Jean-Philippe Pialasse 11.0.0-5.sme - remove deprecated options [SME: 12630]