Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
120 lines (111 sloc) 3.06 KB
{
use NethServer::SSSD;
my $sssd = new NethServer::SSSD();
my $baseDN = $sssd->baseDN();
my $bindDN = $sssd->bindDN();
$bindDN =~ s/\\/\\\\/g;
my $userDN = $sssd->userDN();
my $groupDN = $sssd->groupDN();
my $bindPassword = $sssd->bindPassword();
my $host = $sssd->host();
my $ldapURI = $sssd->ldapURI();
# We must check if starttls is used
$tls = $sssd->startTls();
if ($tls){
$ldapURI = $ldapURI . '/????!StartTLS';
}
# select the email field in case of Microsotf AD bind
my $CustomEmailField = $sogod{'CustomEmailField'} || 'userPrincipalName';
if ($sssd->isLdap){
# user source: ldap
$OUT .= <<EOF
/* 45 ldap authentication */
SOGoUserSources =(
\{
id = groups;
type = ldap;
CNFieldName = cn;
UIDFieldName = cn;
IDFieldName = cn;
baseDN = "$groupDN";
bindDN = "$bindDN";
bindPassword = "$bindPassword";
scope = ONE;
canAuthenticate = YES;
MailFieldNames = ("mail");
displayName = "$SystemName groups";
hostname = $ldapURI;
isAddressBook = YES;
\},
\{
id = users;
type = ldap;
CNFieldName = cn;
UIDFieldName = uid;
IDFieldName = mail;
bindFields = (
mail,
uid
);
IMAPLoginFieldName = mail;
baseDN = "$userDN";
bindDN = "$bindDN";
bindPassword = "$bindPassword";
scope = ONE;
MailFieldNames = ("mail");
canAuthenticate = YES;
displayName = "$SystemName users";
hostname = $ldapURI;
isAddressBook = YES;
\}
);
EOF
} elsif($sssd->isAD){
# user source: AD
$bindPassword =~ s/"/\"/;
$OUT .= <<EOF
/* 45 AD authentication */
SOGoUserSources =(
\{
id = AD_Users;
type = ldap;
CNFieldName = cn;
IDFieldName = sAMAccountName;
UIDFieldName = sAMAccountName;
IMAPLoginFieldName = $CustomEmailField;
canAuthenticate = YES;
bindDN = "$bindDN";
bindPassword = "$bindPassword";
baseDN = "$userDN";
bindFields = (
sAMAccountName,
$CustomEmailField
);
hostname = $ldapURI;
filter = "(objectClass='user') AND (sAMAccountType=805306368)";
MailFieldNames = ("$CustomEmailField");
scope = SUB;
displayName = "$DomainName users";
isAddressBook = YES;
\},
\{
id = AD_Groups;
type = ldap;
CNFieldName = name;
IDFieldName = sAMAccountName;
UIDFieldName = sAMAccountName;
canAuthenticate = YES;
bindDN = "$bindDN";
bindPassword = "$bindPassword";
baseDN = "$groupDN";
hostname = $ldapURI;
filter = "(objectClass='group') AND (sAMAccountType=268435456)";
MailFieldNames = ("mail");
scope = SUB;
displayName = "$DomainName groups";
isAddressBook = YES;
\}
);
EOF
}
}
You can’t perform that action at this time.