Cfengine 3 example active_directory.html

######################################################################### # # active_directory.cf - Extract Data From Windows Domain Controllers # # NOTE: Since we don't supply any credentials in this policy file, # the Domain Controller must allow anonymous bind. Also, # the user "NT AUTHORITY\ANONYMOUS LOGON" must be granted access # to the resources we want to read. # ######################################################################### bundle agent active_directory { vars: # NOTE: Edit this to your domain, e.g. "corp", may also need more DC's after it "domain_name" string => "cftesting"; "user_name" string => "Guest"; # NOTE: We can also extract data from remote Domain Controllers dummy.DomainController:: "domain_controller" string => "localhost"; "userlist" slist => ldaplist( "ldap://$(domain_controller)", "CN=Users,DC=$(domain_name),DC=com", "(objectClass=user)", "sAMAccountName", "subtree", "none"); classes: dummy.DomainController:: "gotuser" expression => ldaparray( "userinfo", "ldap://$(domain_controller)", "CN=$(user_name),CN=Users,DC=$(domain_name),DC=com", "(name=*)", "subtree", "none"); reports: dummy.DomainController:: "Username is \"$(userlist)\""; dummy.gotuser:: "Got user data; $(userinfo[name]) has logged on $(userinfo[logonCount]) times"; }