diff --git a/README.md b/README.md index 54ae23c..1db3581 100644 --- a/README.md +++ b/README.md @@ -54,7 +54,20 @@ resource "ad_computer_to_ou" "bar" { resource "ad_group_to_ou" "baz" { ou_distinguished_name = "${var.ad_ou_dn}" group_name = "terraformGroupSample" + + # optional group params description = "terraform sample group to OU" + managed_by = "" # Expects DN format + member = "" # Can add a single member in DN format + + group_scope = "global" + # accepts [global, universal, domain_local] global set by default + + # optional parameters for distribution groups + distribution_group = false + mail_address = "" + mail_nickname = "" + } ``` diff --git a/ad/active_directory_group_helper.go b/ad/active_directory_group_helper.go index 625f33f..15358a1 100644 --- a/ad/active_directory_group_helper.go +++ b/ad/active_directory_group_helper.go @@ -2,10 +2,18 @@ package ad import ldap "gopkg.in/ldap.v2" -func addGroupToAD(groupName string, dnName string, adConn *ldap.Conn, desc string) error { +func addGroupToAD(groupName string, dnName string, groupType string, + mailAddress string, mailNickname string, member string, + managedBy string, adConn *ldap.Conn, desc string) error { + addRequest := ldap.NewAddRequest(dnName) addRequest.Attribute("objectClass", []string{"group"}) addRequest.Attribute("sAMAccountName", []string{groupName}) + addRequest.Attribute("groupType", []string{groupType}) + addRequest.Attribute("mail", []string{mailAddress}) + addRequest.Attribute("mailNickname", []string{mailNickname}) + addRequest.Attribute("member", []string{member}) + addRequest.Attribute("managedBy", []string{managedBy}) if desc != "" { addRequest.Attribute("description", []string{desc}) } diff --git a/ad/resource_active_directory_group_to_ou.go b/ad/resource_active_directory_group_to_ou.go index 2f7fc26..a52ac0a 100644 --- a/ad/resource_active_directory_group_to_ou.go +++ b/ad/resource_active_directory_group_to_ou.go @@ -32,6 +32,48 @@ func resourceGroupToOU() *schema.Resource { Default: nil, ForceNew: true, }, + "distribution_group": { + Type: schema.TypeBool, + Optional: true, + Description: "Sets group type to distribution", + Default: false, + ForceNew: true, + }, + "managed_by": { + Type: schema.TypeString, + Optional: true, + Description: "Sets managed by attribute to specified DN", + Default: nil, + ForceNew: true, + }, + "mail_address": { + Type: schema.TypeString, + Optional: true, + Description: "Sets email address attribute for group", + Default: nil, + ForceNew: true, + }, + "member": { + Type: schema.TypeString, + Optional: true, + Description: "Sets group membership to specified DN(s)", + Default: nil, + ForceNew: true, + }, + "mail_nickname": { + Type: schema.TypeString, + Optional: true, + Description: "Sets mail nickname attribute", + Default: nil, + ForceNew: true, + }, + "group_scope": { + Type: schema.TypeString, + Optional: true, + Description: "Sets group scope attribute [global, universal, domain_local]", + Default: "global", + ForceNew: true, + }, }, } } @@ -42,13 +84,36 @@ func resourceADGroupToOUCreate(d *schema.ResourceData, meta interface{}) error { groupName := d.Get("group_name").(string) OUDistinguishedName := d.Get("ou_distinguished_name").(string) description := d.Get("description").(string) + mailAddress := d.Get("mail_address").(string) + mailNickname := d.Get("mail_nickname").(string) + managedBy := d.Get("managed_by").(string) + member := d.Get("member").(string) + groupScope := d.Get("group_scope").(string) + distGroup := d.Get("distribution_group").(bool) + var dnOfGroup string dnOfGroup += "cn=" + groupName + "," + OUDistinguishedName + var groupType string + var groupScopeVal int + + // Compute groupType attr value based on scope and type + if groupScope == "universal" { + groupScopeVal = 8 + } else if groupScope == "domain_local" { + groupScopeVal = 4 + } else { + groupScopeVal = 2 + } + if distGroup == true { + groupType = strconv.Itoa(0 + groupScopeVal) + } else { + groupType = strconv.Itoa(-2147483648 + groupScopeVal) + } log.Printf("[DEBUG] Name of the DN is : %s ", dnOfGroup) log.Printf("[DEBUG] Adding the Group to the AD : %s ", groupName) - err := addGroupToAD(groupName, dnOfGroup, client, description) + err := addGroupToAD(groupName, dnOfGroup, groupType, mailAddress, mailNickname, member, managedBy, client, description) if err != nil { log.Printf("[ERROR] Error while adding a Group to the AD : %s ", err) return fmt.Errorf("Error while adding a Group to the AD %s", err)