Difference between revisions of "GSOC cockpit samba ad dc"

m (DS ACLs manipulation)
(reworked to wiki-style)
 
(12 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
= Cockpit Samba AD DC Plugin Documentation =
 
= Cockpit Samba AD DC Plugin Documentation =
 
= What is Cockpit? =
 
= What is Cockpit? =
To work with the plugin, you need to have Cockpit installed.
+
According to Cockpit’s documentation, it’s an "''easy-to-use, integrated, glanceable, and open web-based interface for your servers''" (https://cockpit-project.org/).
As per Cockpit’s documentation it’s an "easy-to-use, integrated, glanceable, and open web-based interface for your servers" (https://cockpit-project.org/)
+
 
Cockpit helps you manage your Linux servers using a user interface that runs in a browser. It also lets developers develop their own plugins using an API cockpit provides for interacting with the server. This project sought to incorporate tasks done using the samba-tool command line utility for Samba AD DC in an intuitive UI for easier usage and administration.  
+
Cockpit helps you manage your Linux servers using a user interface that runs in a browser. It also lets developers develop their own plugins using an API cockpit provides for interacting with the server. This project sought to incorporate tasks done using the samba-tool command line utility for Samba AD DC in an intuitive UI for easier usage and administration.
  
 
= Installation =
 
= Installation =
 
 
== Fedora 32 Installation ==
 
== Fedora 32 Installation ==
 +
=== Prerequisite: Cockpit ===
  
''Prerequisite: Cockpit''
+
# Download the repository https://download.opensuse.org/repositories/home:/Hezekiah/Fedora_32/home:Hezekiah.repo
 
+
# Place it to /etc/yum.repos.d/
1. Download the repository https://download.opensuse.org/repositories/home:/Hezekiah/Fedora_32/home:Hezekiah.repo
+
# Run the following command
 
+
#:<pre># dnf install cockpit-samba-ad-dc</pre>
2. Place it to /etc/yum.repos.d/
+
# If you already have Cockpit on your server, point your web browser to: https://ip-address-of-machine:9090
 
+
# Use your system user account and password to log in.
3. Run the following command
 
# dnf install cockpit-samba-ad-dc
 
 
 
4. If you already have Cockpit on your server, point your web browser to: https://ip-address-of-machine:9090
 
 
 
5. Use your system user account and password to log in.
 
  
 
== Ubuntu 20.04 Installation ==
 
== Ubuntu 20.04 Installation ==
 +
===Prerequisite: Cockpit===
  
''Prerequisite: Cockpit''
+
# Update the apt package index and install packages to allow apt to use a repository over HTTPS:
 
+
#:<pre> $ sudo apt update
1. Update the apt package index and install packages to allow apt to use a repository over HTTPS:
+
  $ sudo apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common</pre>
$ sudo apt update
+
# Add Cockpit-Samba-AD-DC GPG key:
  $ sudo apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common
+
#:<pre> $ curl -fsSL https://download.opensuse.org/repositories/home:/Hezekiah/xUbuntu_20.04/Release.key | sudo apt-key add - </pre>
 
+
# Add the repository to the sources.list file
2. Add Cockpit-Samba-AD-DC GPG key:
+
#:<pre>$ sudo add-apt-repository "deb https://download.opensuse.org/repositories/home:/Hezekiah/xUbuntu_20.04 ./"</pre>
$ curl -fsSL https://download.opensuse.org/repositories/home:/Hezekiah/xUbuntu_20.04/Release.key | sudo apt-key add -
+
# Update the apt package index, and download the latest version of Cockpit-Samba-AD-DC plugin.
 
+
#:<pre>$ sudo apt-get update
3. Add the repository to the sources.list file
+
$ sudo apt-get install cockpit-samba-ad-dc</pre>
 
+
#If you already have Cockpit on your server, point your web browser to: https://ip-address-of-machine:9090
$ sudo add-apt-repository "deb https://download.opensuse.org/repositories/home:/Hezekiah/xUbuntu_20.04 ./"
+
#Use your system user account and password to log in.
 
 
4. Update the apt package index, and download the latest version of Cockpit-Samba-AD-DC plugin.
 
$ sudo apt-get update
 
$ sudo apt-get install cockpit-samba-ad-dc
 
5. If you already have Cockpit on your server, point your web browser to: https://ip-address-of-machine:9090
 
 
 
6. Use your system user account and password to log in.
 
  
 
== Debian 10 Installation ==
 
== Debian 10 Installation ==
 +
=== Prerequisite: Cockpit===
  
''Prerequisite: Cockpit''
+
# Update the apt package index and install packages to allow apt to use a repository over HTTPS:
 
+
#:<pre>$ sudo apt update
1. Update the apt package index and install packages to allow apt to use a repository over HTTPS:
+
$ sudo apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common</pre>
$ sudo apt update
+
# Add Cockpit-Samba-AD-DC GPG key:
$ sudo apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common
+
#:<pre>$ curl -fsSL https://download.opensuse.org/repositories/home:/Hezekiah/Debian_10/Release.key | sudo apt-key add -</pre>
 
+
# Add the repository to the sources.list file
2. Add Cockpit-Samba-AD-DC GPG key:
+
#:<pre>$ sudo add-apt-repository "deb https://download.opensuse.org/repositories/home:/Hezekiah/Debian_10 ./"</pre>
$ curl -fsSL https://download.opensuse.org/repositories/home:/Hezekiah/Debian_10/Release.key | sudo apt-key add -
+
# Update the apt package index, and download the latest version of Cockpit-Samba-AD-DC plugin.
 
+
#:<pre>$ sudo apt-get update
3. Add the repository to the sources.list file
+
$sudo apt-get install cockpit-samba-ad-dc</pre>
$ sudo add-apt-repository "deb https://download.opensuse.org/repositories/home:/Hezekiah/Debian_10 ./"
+
# If you already have Cockpit on your server, point your web browser to: https://ip-address-of-machine:9090
 
+
# Use your system user account and password to log in
4. Update the apt package index, and download the latest version of Cockpit-Samba-AD-DC plugin.
 
$ sudo apt-get update
 
$ sudo apt-get install cockpit-samba-ad-dc
 
 
 
5. If you already have Cockpit on your server, point your web browser to: https://ip-address-of-machine:9090
 
 
 
6. Use your system user account and password to log in
 
  
 
= Using the Plugin =
 
= Using the Plugin =
 
== Provisioning an AD DC Domain ==
 
== Provisioning an AD DC Domain ==
  
When you run the plugin in cockpit, it first checks the Samba Configuration file to make sure that the server is set as an Active Directory Domain Controller (AD DC). If the server is not, the user is prompted to setup one.   
+
The plugin first checks the Samba configuration file (smb.conf) to make sure that the server is set as an Active Directory Domain Controller (AD DC). If the server is not, the user is prompted to setup one.   
 
   
 
   
 
[[File:Cockpit-plugin_provision_AD_DC.png|960px]]  
 
[[File:Cockpit-plugin_provision_AD_DC.png|960px]]  
Line 81: Line 63:
 
Using the plugin you can:
 
Using the plugin you can:
  
Create a computer
+
* Create a computer
 
+
* Delete a computer
Delete a computer
+
* Display a Computer Active Directory object
 
+
* List all computers
Display a Computer Active Directory object
+
* Move a computer to an organizational unit/container.
 
 
List all computers
 
 
 
Move a computer to an organizational unit/container.
 
 
  [[File:Cockpit-plugin_computer_magement.png|900px]]
 
  [[File:Cockpit-plugin_computer_magement.png|900px]]
  
 
== Contact Management ==
 
== Contact Management ==
  
Creating a Contact
+
* Creating a Contact
 
+
* Deleting a Contact
Deleting a Contact
+
* Listing all Contacts
 
+
* Showing a Contact
Listing all Contacts
 
 
 
Showing a Contact
 
  
 
[[File:Cockpit-plugin_contact_management.png|920px]]
 
[[File:Cockpit-plugin_contact_management.png|920px]]
Line 107: Line 82:
 
Use the plugin to:
 
Use the plugin to:
  
Add a service principal as msDS-AllowedToDelegateTo
+
* Add a service principal as msDS-AllowedToDelegateTo
 
+
* Delete a service principal as msDS-AllowedToDelegateTo
Delete a service principal as msDS-AllowedToDelegateTo
+
* Show the delegation setting of an account
 
+
* Set/unset UF_TRUSTED_FOR_DELEGATION for an account
Show the delegation setting of an account
+
* Set/unset UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION (S4U2Proxy) for an account
 
 
Set/unset UF_TRUSTED_FOR_DELEGATION for an account
 
 
 
Set/unset UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION (S4U2Proxy) for an account
 
  
 
[[File:Cockpit-plugin_delegation_management.png|950px]]
 
[[File:Cockpit-plugin_delegation_management.png|950px]]
Line 121: Line 92:
 
== DNS Management ==
 
== DNS Management ==
  
Creating a DNS record
+
*Creating a DNS record
 
+
* Deleting a DNS record
Deleting a DNS record
+
* Cleanup DNS records
 
+
* Query for server information
Cleanup DNS records
+
* Creating zones
 
+
* Deleting zones
Query for server information
+
* Showing zone information
 
 
Creating zones
 
 
 
Deleting zones
 
 
 
Showing zone information
 
  
 
[[File:Cockpit-plugin_DNS_management.png|960px]]
 
[[File:Cockpit-plugin_DNS_management.png|960px]]
Line 141: Line 106:
 
Using the plugin, you can:
 
Using the plugin, you can:
  
Promote an existing domain member or NT4 PDC to an AD DC
+
* Promote an existing domain member or NT4 PDC to an AD DC
 
+
* Get basic info about a domain
Get basic info about a domain
+
* Demote a Domain Controller
 
+
* Join domain as either member or backup domain controller
Demote a Domain Controller
+
* Upgrade from Samba classic (NT4-like) database to Samba AD DC database
 
+
* Create a domain or forest trust
Join domain as either member or backup domain controller
+
* Delete a domain trust
 
+
* List domain trusts
Upgrade from Samba classic (NT4-like) database to Samba AD DC database
+
* Show trusted domain details
 
+
* Validate a domain trust
Create a domain or forest trust
+
* Manage forest trust namespaces
 
+
* Copy a running DC's current DB into a backup tar file
Delete a domain trust
+
* Backup the local domain directories safely into a tar file
 
+
* Copy a running DC's DB to backup file, renaming the domain in the process
List domain trusts
+
* Restore the domain's DB from a backup-file
 
 
Show trusted domain details
 
 
 
Validate a domain trust
 
 
 
Manage forest trust namespaces
 
 
 
Copy a running DC's current DB into a backup tar file
 
 
 
Backup the local domain directories safely into a tar file
 
 
 
Copy a running DC's DB to backup file, renaming the domain in the process
 
 
 
Restore the domain's DB from a backup-file
 
  
 
[[File:Cockpit-plugin_domain_management.png|960px]]
 
[[File:Cockpit-plugin_domain_management.png|960px]]
Line 175: Line 126:
 
== Forest Management ==
 
== Forest Management ==
  
Show
+
* Show
 
+
* DSHeuristics
DSHeuristics
 
 
   
 
   
 
== FSMO Management ==
 
== FSMO Management ==
  
Seize Roles
+
* Seize Roles
 
+
* Show Roles
Show Roles
+
* Transfer Roles
 
 
Transfer Roles
 
 
   
 
   
== Group Policy Object Management ==
+
== Group Policy Object (GPO) Management ==
 
 
• Creating a GPO
 
 
 
• Deleting a GPO
 
 
 
• Backing up a GPO
 
 
 
• Deleting link
 
 
 
• Fetching
 
 
 
• Getting Inheritance
 
 
 
• Getting Link
 
 
 
• Listing GPOs
 
 
 
• Listing All GPOs
 
 
 
• Listing Containers
 
 
 
• Restoring a GPO
 
 
 
• Setting Inheritance
 
 
 
• Setting Link
 
  
• Showing a GPO Object
+
* Create an empty GPO
 +
* Deleting a GPO
 +
* Backing up a GPO
 +
* Delete GPO link from a container
 +
* Downloading a GPO
 +
* Get inheritance flag for a container
 +
* List GPO Links for a container
 +
* List GPOs for an account
 +
* List all GPOs
 +
* List all linked containers for a GPO
 +
* Restore a GPO to a new container
 +
* Set inheritance flag on a container
 +
* Add or update a GPO link to a container
 +
* Show information for a GPO
  
 
== Group Management ==
 
== Group Management ==
  
• Creating Groups
+
* Create a new AD group
 
+
* Delete an AD group
• Deleting Groups
+
* List all groups
 +
* List all members of an AD group
 +
* Move a group to an organizational unit/container
 +
* Remove members from an AD group
 +
* Display a group AD object
  
• Listing Groups
+
[[File:Cockpit-plugin_Group_management.png|960px]]
  
• Listing Members
 
 
• Moving groups
 
 
• Removing members
 
 
• Showing a Group Object
 
 
 
== Organization Unit (OU) Management ==
 
== Organization Unit (OU) Management ==
  
• Creating an OU
+
* Create an organizational unit
 +
* Delete an organizational unit
 +
* List all organizational units
 +
* List all objects in an organizational unit
 +
* Move an organizational unit
 +
* Rename an organizational unit
  
• Deleting an OU
+
[[File:Cockpit-plugin_OU_management.png|960px]]
  
• Listing OUs
 
 
• Listing Objects in an OU
 
 
• Renaming OUs
 
 
• Moving an OU
 
 
 
== Sites Management ==
 
== Sites Management ==
 
Use the plugin to:
 
Use the plugin to:
  
Create a new site
+
* Create a new site
 
+
* Delete an existing site
Delete an existing site
+
* Create a new subnet
 
+
* Delete an existing subnet
Create a new subnet
+
* Assign a subnet to a site
 
 
Delete an existing subnet
 
 
 
Assign a subnet to a site
 
  
 
[[File:Cockpit-plugin_sites_management.png|960px]]
 
[[File:Cockpit-plugin_sites_management.png|960px]]
Line 265: Line 189:
 
With the plugin, you can:
 
With the plugin, you can:
  
Create a new spn
+
* Create a new spn
 
+
* Delete a spn
Delete a spn
+
* List spns of a given user
 
 
List spns of a given user
 
  
 
[[File:Cockpit-plugin_SPN_Management.png|960px]]
 
[[File:Cockpit-plugin_SPN_Management.png|960px]]
Line 276: Line 198:
 
Using the plugin you can:
 
Using the plugin you can:
  
Create a new user
+
* Create a new user
 +
* Delete a user
 +
* Disable a user
 +
* Enable a user
 +
* List all users
 +
* Move a user to an organizational unit/container
 +
* Change password for a user account
 +
* Set or reset the password of a user account
 +
* Set the expiration of a user account
 +
* Display a user AD object
  
• Delete a user
+
[[File:Cockpit-plugin_user_management.png|960px]]
  
• Disable a user
+
== Server Time ==
 +
Retrieve the time on a server
 +
[[File:Cockpit-plugin_time.png|960px]]
  
• Enable a user
+
== DS ACLs manipulation ==
 +
Using the plugin, you can:
  
• List all users
+
* Get access list on a directory object
 +
* Modify access list on a directory object
  
• Move a user to an organizational unit/container
+
[[File:Cockpit-plugin_DS_ACLs_manipulation.png|960px]]
  
• Change password for a user account
+
== NT ACLs manipulation ==
  
• Set or reset the password of a user account
+
Use the plugin to:
  
• Set the expiration of a user account
+
* Change the domain SID for ACLs
 +
* Get ACLs of a file
 +
* Get DOS info of a file from xattr
 +
* Set ACLs on a file
 +
* Check sysvol ACLs match defaults
 +
* Reset sysvol ACLs to defaults
  
• Display a user AD object
+
[[File:Cockpit-plugin_NT_ACLs_manipulation.png|960px]]
  
[[File:Cockpit-plugin_user_management.png|960px]]
+
= Project Design =
 +
 
 +
The plugin uses:
 +
 
 +
* React - A Javascript library for building user interfaces (https://reactjs.org/)
 +
* Cockpit - https://cockpit-project.org/
 +
* PatternFly - https://www.patternfly.org/v4/
 +
* Open Build Service - https://openbuildservice.org/
 +
* Webpack - https://webpack.js.org/
 +
 
 +
The plugin is built on top of the Cockpit's Starter Kit (https://github.com/cockpit-project/starter-kit).
 +
Starter Kit makes it easy to get started building plugins for Cockpit. This blog post (https://cockpit-project.org/blog/cockpit-starter-kit.html) gives more explanation on why developers might need the Starter Kit when building plugins for Cockpit.
 +
 
 +
= Building the Source Code =
 +
Make sure you have npm available (usually from your distribution package). These commands check out the source and build it into the dist/ directory:
  
== Server Time ==
+
git clone https://gitlab.com/HezekiahM/samba-ad-dc.git
Retrieve the time on a server
+
cd samba-ad-dc
[[File:Cockpit-plugin_time.png|960px]]
+
make
  
== DS ACLs manipulation ==
+
''make install'' compiles and installs the package in ''/usr/share/cockpit/''.
Using the plugin, you can:
 
  
•    Get access list on a directory object
+
For development, you usually want to run your module straight out of the git tree. To do that, link that to the location were cockpit-bridge looks for packages:
  
•    Modify access list on a directory object
+
mkdir -p ~/.local/share/cockpit
 +
ln -s `pwd`/dist ~/.local/share/cockpit/starter-kit
 +
After changing the code and running make again, reload the Cockpit page in your browser.
  
[[File:Cockpit-plugin_DS_ACLs_manipulation.png|960px]]
+
You can also use watch mode to automatically update the webpack on every code change with
  
== NT ACLs manipulation ==
+
npm run watch
 +
or
  
•      Change the domain SID for ACLs
+
make watch
  
•      Get ACLs of a file
+
To contibute to the project, clone the repository, make your changes in a feature branch and make a merge request to the master branch.
  
•      Get DOS info of a file from xattr
+
= Automated Releases =
  
•      Set ACLs on a file
+
The plugin utilises Open Build Service for automated releases currently for these distributions:
 +
* Fedora 32
 +
* Ubuntu 20.04
 +
* Debian 10
  
•      Check sysvol ACLs match defaults
+
The OBS package can be found here: https://build.opensuse.org/package/show/home:Hezekiah/samba-ad-dc. A webhook in gitlab pushes any code changes in the master branch to OBS repo where it gets built and released for the various distributions.
  
•      Reset sysvol ACLs to defaults
+
----
 +
[[Category:Active Directory]]

Latest revision as of 17:13, 15 May 2021

Cockpit Samba AD DC Plugin Documentation

What is Cockpit?

According to Cockpit’s documentation, it’s an "easy-to-use, integrated, glanceable, and open web-based interface for your servers" (https://cockpit-project.org/).

Cockpit helps you manage your Linux servers using a user interface that runs in a browser. It also lets developers develop their own plugins using an API cockpit provides for interacting with the server. This project sought to incorporate tasks done using the samba-tool command line utility for Samba AD DC in an intuitive UI for easier usage and administration.

Installation

Fedora 32 Installation

Prerequisite: Cockpit

  1. Download the repository https://download.opensuse.org/repositories/home:/Hezekiah/Fedora_32/home:Hezekiah.repo
  2. Place it to /etc/yum.repos.d/
  3. Run the following command
    # dnf install cockpit-samba-ad-dc
  4. If you already have Cockpit on your server, point your web browser to: https://ip-address-of-machine:9090
  5. Use your system user account and password to log in.

Ubuntu 20.04 Installation

Prerequisite: Cockpit

  1. Update the apt package index and install packages to allow apt to use a repository over HTTPS:
     $ sudo apt update

$ sudo apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common

  1. Add Cockpit-Samba-AD-DC GPG key:
     $ curl -fsSL https://download.opensuse.org/repositories/home:/Hezekiah/xUbuntu_20.04/Release.key | sudo apt-key add - 
  2. Add the repository to the sources.list file
    $ sudo add-apt-repository "deb https://download.opensuse.org/repositories/home:/Hezekiah/xUbuntu_20.04 ./"
  3. Update the apt package index, and download the latest version of Cockpit-Samba-AD-DC plugin.
    $ sudo apt-get update

$ sudo apt-get install cockpit-samba-ad-dc

  1. If you already have Cockpit on your server, point your web browser to: https://ip-address-of-machine:9090
  2. Use your system user account and password to log in.

Debian 10 Installation

Prerequisite: Cockpit

  1. Update the apt package index and install packages to allow apt to use a repository over HTTPS:
    $ sudo apt update

$ sudo apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common

  1. Add Cockpit-Samba-AD-DC GPG key:
    $ curl -fsSL https://download.opensuse.org/repositories/home:/Hezekiah/Debian_10/Release.key | sudo apt-key add -
  2. Add the repository to the sources.list file
    $ sudo add-apt-repository "deb https://download.opensuse.org/repositories/home:/Hezekiah/Debian_10 ./"
  3. Update the apt package index, and download the latest version of Cockpit-Samba-AD-DC plugin.
    $ sudo apt-get update

$sudo apt-get install cockpit-samba-ad-dc

  1. If you already have Cockpit on your server, point your web browser to: https://ip-address-of-machine:9090
  2. Use your system user account and password to log in

Using the Plugin

Provisioning an AD DC Domain

The plugin first checks the Samba configuration file (smb.conf) to make sure that the server is set as an Active Directory Domain Controller (AD DC). If the server is not, the user is prompted to setup one.

Cockpit-plugin provision AD DC.png

Once provisioned, a page with a list of actions you can perform with the plugin appears.

Cockpit-samba-ad-dc main page.png

Computer Management

Using the plugin you can:

  • Create a computer
  • Delete a computer
  • Display a Computer Active Directory object
  • List all computers
  • Move a computer to an organizational unit/container.
Cockpit-plugin computer magement.png

Contact Management

  • Creating a Contact
  • Deleting a Contact
  • Listing all Contacts
  • Showing a Contact

Cockpit-plugin contact management.png

Delegation Management

Use the plugin to:

  • Add a service principal as msDS-AllowedToDelegateTo
  • Delete a service principal as msDS-AllowedToDelegateTo
  • Show the delegation setting of an account
  • Set/unset UF_TRUSTED_FOR_DELEGATION for an account
  • Set/unset UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION (S4U2Proxy) for an account

Cockpit-plugin delegation management.png

DNS Management

  • Creating a DNS record
  • Deleting a DNS record
  • Cleanup DNS records
  • Query for server information
  • Creating zones
  • Deleting zones
  • Showing zone information

Cockpit-plugin DNS management.png

Domain Management

Using the plugin, you can:

  • Promote an existing domain member or NT4 PDC to an AD DC
  • Get basic info about a domain
  • Demote a Domain Controller
  • Join domain as either member or backup domain controller
  • Upgrade from Samba classic (NT4-like) database to Samba AD DC database
  • Create a domain or forest trust
  • Delete a domain trust
  • List domain trusts
  • Show trusted domain details
  • Validate a domain trust
  • Manage forest trust namespaces
  • Copy a running DC's current DB into a backup tar file
  • Backup the local domain directories safely into a tar file
  • Copy a running DC's DB to backup file, renaming the domain in the process
  • Restore the domain's DB from a backup-file

Cockpit-plugin domain management.png

Forest Management

  • Show
  • DSHeuristics

FSMO Management

  • Seize Roles
  • Show Roles
  • Transfer Roles

Group Policy Object (GPO) Management

  • Create an empty GPO
  • Deleting a GPO
  • Backing up a GPO
  • Delete GPO link from a container
  • Downloading a GPO
  • Get inheritance flag for a container
  • List GPO Links for a container
  • List GPOs for an account
  • List all GPOs
  • List all linked containers for a GPO
  • Restore a GPO to a new container
  • Set inheritance flag on a container
  • Add or update a GPO link to a container
  • Show information for a GPO

Group Management

  • Create a new AD group
  • Delete an AD group
  • List all groups
  • List all members of an AD group
  • Move a group to an organizational unit/container
  • Remove members from an AD group
  • Display a group AD object

Cockpit-plugin Group management.png

Organization Unit (OU) Management

  • Create an organizational unit
  • Delete an organizational unit
  • List all organizational units
  • List all objects in an organizational unit
  • Move an organizational unit
  • Rename an organizational unit

Cockpit-plugin OU management.png

Sites Management

Use the plugin to:

  • Create a new site
  • Delete an existing site
  • Create a new subnet
  • Delete an existing subnet
  • Assign a subnet to a site

Cockpit-plugin sites management.png

SPN Management

With the plugin, you can:

  • Create a new spn
  • Delete a spn
  • List spns of a given user

Cockpit-plugin SPN Management.png

User Management

Using the plugin you can:

  • Create a new user
  • Delete a user
  • Disable a user
  • Enable a user
  • List all users
  • Move a user to an organizational unit/container
  • Change password for a user account
  • Set or reset the password of a user account
  • Set the expiration of a user account
  • Display a user AD object

Cockpit-plugin user management.png

Server Time

Retrieve the time on a server Cockpit-plugin time.png

DS ACLs manipulation

Using the plugin, you can:

  • Get access list on a directory object
  • Modify access list on a directory object

Cockpit-plugin DS ACLs manipulation.png

NT ACLs manipulation

Use the plugin to:

  • Change the domain SID for ACLs
  • Get ACLs of a file
  • Get DOS info of a file from xattr
  • Set ACLs on a file
  • Check sysvol ACLs match defaults
  • Reset sysvol ACLs to defaults

Cockpit-plugin NT ACLs manipulation.png

Project Design

The plugin uses:

The plugin is built on top of the Cockpit's Starter Kit (https://github.com/cockpit-project/starter-kit). Starter Kit makes it easy to get started building plugins for Cockpit. This blog post (https://cockpit-project.org/blog/cockpit-starter-kit.html) gives more explanation on why developers might need the Starter Kit when building plugins for Cockpit.

Building the Source Code

Make sure you have npm available (usually from your distribution package). These commands check out the source and build it into the dist/ directory:

git clone https://gitlab.com/HezekiahM/samba-ad-dc.git
cd samba-ad-dc
make

make install compiles and installs the package in /usr/share/cockpit/.

For development, you usually want to run your module straight out of the git tree. To do that, link that to the location were cockpit-bridge looks for packages:

mkdir -p ~/.local/share/cockpit
ln -s `pwd`/dist ~/.local/share/cockpit/starter-kit

After changing the code and running make again, reload the Cockpit page in your browser.

You can also use watch mode to automatically update the webpack on every code change with

npm run watch

or

make watch

To contibute to the project, clone the repository, make your changes in a feature branch and make a merge request to the master branch.

Automated Releases

The plugin utilises Open Build Service for automated releases currently for these distributions:

  • Fedora 32
  • Ubuntu 20.04
  • Debian 10

The OBS package can be found here: https://build.opensuse.org/package/show/home:Hezekiah/samba-ad-dc. A webhook in gitlab pushes any code changes in the master branch to OBS repo where it gets built and released for the various distributions.