Initialisation depot

2026-02-10 12:12:11 +01:00
commit c3176e8d79
818 changed files with 52573 additions and 0 deletions
--- a/samba-api/README.md
+++ b/samba-api/README.md
@@ -0,0 +1,242 @@
+# Samba API
+
+A REST API for managing Samba Active Directory users, groups, organizational units, and computers. Built with FastAPI and designed to run in Kubernetes.
+
+## Features
+
+- **User Management**: Create, read, update, delete users with full LDAP integration
+- **Group Management**: Manage security and distribution groups with membership control
+- **Organizational Units**: Create and manage OU hierarchies
+- **Computer Management**: Handle computer accounts and domain joins
+- **JWT Authentication**: Secure API with token-based authentication
+- **LDAP Integration**: Direct integration with Samba/Active Directory via LDAP
+- **Kubernetes Ready**: Full Kubernetes deployment manifests included
+- **Docker Support**: Containerized application with Samba tools
+
+## Architecture
+
+```
+┌─────────────────┐    ┌──────────────┐    ┌─────────────────┐
+│   Frontend/     │    │  Samba API   │    │  Samba DC /     │
+│   Client App    │◄──►│  (FastAPI)   │◄──►│  Active         │
+│                 │    │              │    │  Directory      │
+└─────────────────┘    └──────────────┘    └─────────────────┘
+                              │
+                              ▼
+                      ┌──────────────┐
+                      │ samba-tool / │
+                      │ LDAP Queries │
+                      └──────────────┘
+```
+
+## Quick Start
+
+### Using Docker Compose
+
+1. Clone the repository:
+```bash
+git clone <repository-url>
+cd samba-api
+```
+
+2. Copy environment file:
+```bash
+cp .env.example .env
+```
+
+3. Update the configuration in `.env` file with your domain settings.
+
+4. Start the services:
+```bash
+docker-compose up -d
+```
+
+5. Access the API documentation at: http://localhost:8000/docs
+
+### Using Kubernetes
+
+1. Build and push the Docker image:
+```bash
+docker build -t your-registry/samba-api:latest .
+docker push your-registry/samba-api:latest
+```
+
+2. Update the image in `k8s/deployment.yaml`
+
+3. Update secrets and configuration in `k8s/configmap.yaml`
+
+4. Deploy to Kubernetes:
+```bash
+chmod +x k8s/deploy.sh
+./k8s/deploy.sh
+```
+
+5. Access the API:
+```bash
+kubectl port-forward svc/samba-api-service 8000:80 -n samba-api
+```
+
+## API Endpoints
+
+### Authentication
+- `POST /api/v1/auth/login` - Login and get JWT token
+- `GET /api/v1/auth/me` - Get current user info
+- `POST /api/v1/auth/logout` - Logout
+- `POST /api/v1/auth/refresh` - Refresh JWT token
+
+### Users
+- `GET /api/v1/users` - List users (with pagination and search)
+- `POST /api/v1/users` - Create new user
+- `GET /api/v1/users/{username}` - Get user details
+- `PUT /api/v1/users/{username}` - Update user
+- `DELETE /api/v1/users/{username}` - Delete user
+- `POST /api/v1/users/{username}/password` - Change password
+- `POST /api/v1/users/{username}/enable` - Enable user account
+- `POST /api/v1/users/{username}/disable` - Disable user account
+
+### Groups
+- `GET /api/v1/groups` - List groups
+- `POST /api/v1/groups` - Create new group
+- `GET /api/v1/groups/{group_name}` - Get group details
+- `PUT /api/v1/groups/{group_name}` - Update group
+- `DELETE /api/v1/groups/{group_name}` - Delete group
+- `POST /api/v1/groups/{group_name}/members` - Add members to group
+- `DELETE /api/v1/groups/{group_name}/members` - Remove members from group
+
+### Organizational Units
+- `GET /api/v1/ous` - List OUs
+- `POST /api/v1/ous` - Create new OU
+- `GET /api/v1/ous/tree` - Get OU tree structure
+- `GET /api/v1/ous/{ou_dn}` - Get OU details
+- `PUT /api/v1/ous/{ou_dn}` - Update OU
+- `DELETE /api/v1/ous/{ou_dn}` - Delete OU
+
+### Computers
+- `GET /api/v1/computers` - List computers
+- `POST /api/v1/computers` - Create computer account
+- `GET /api/v1/computers/{computer_name}` - Get computer details
+- `PUT /api/v1/computers/{computer_name}` - Update computer
+- `DELETE /api/v1/computers/{computer_name}` - Delete computer
+- `POST /api/v1/computers/join` - Join computer to domain
+- `POST /api/v1/computers/{computer_name}/reset-password` - Reset computer password
+
+## Configuration
+
+### Environment Variables
+
+| Variable | Description | Default |
+|----------|-------------|---------|
+| `HOST` | API host | `0.0.0.0` |
+| `PORT` | API port | `8000` |
+| `DEBUG` | Debug mode | `false` |
+| `SECRET_KEY` | JWT secret key | Required |
+| `ACCESS_TOKEN_EXPIRE_MINUTES` | Token expiration | `30` |
+| `SAMBA_DOMAIN` | Samba domain | Required |
+| `SAMBA_DC` | Domain controller hostname | Required |
+| `SAMBA_ADMIN_USER` | Admin username | `Administrator` |
+| `SAMBA_ADMIN_PASSWORD` | Admin password | Required |
+| `SAMBA_BASE_DN` | Base DN | Required |
+| `LDAP_SERVER` | LDAP server URL | Required |
+| `LDAP_USE_SSL` | Use SSL for LDAP | `false` |
+| `LDAP_BIND_DN` | LDAP bind DN | Required |
+| `LDAP_BIND_PASSWORD` | LDAP bind password | Required |
+
+### Kubernetes Configuration
+
+The application is configured for Kubernetes deployment with:
+
+- **High Availability**: 3 replicas with pod disruption budget
+- **Auto Scaling**: HPA based on CPU and memory usage
+- **Security**: Non-root containers, read-only filesystem, RBAC
+- **Monitoring**: Health checks and readiness probes
+- **Storage**: Persistent volumes for Samba DC data
+
+## Development
+
+### Local Development Setup
+
+1. Install dependencies:
+```bash
+pip install -r requirements.txt
+```
+
+2. Set up environment variables:
+```bash
+cp .env.example .env
+# Edit .env with your configuration
+```
+
+3. Run the application:
+```bash
+python -m uvicorn main:app --reload --host 0.0.0.0 --port 8000
+```
+
+### Running Tests
+
+```bash
+pytest tests/ -v
+```
+
+### Code Structure
+
+```
+src/
+├── core/           # Core configuration and exceptions
+├── models/         # Pydantic models for API
+├── routers/        # API route handlers
+├── services/       # Business logic and Samba integration
+└── main.py         # FastAPI application setup
+```
+
+## Security Considerations
+
+- Change default passwords in production
+- Use strong JWT secret keys (minimum 32 characters)
+- Enable SSL/TLS for LDAP connections in production
+- Implement proper network segmentation
+- Use Kubernetes secrets for sensitive configuration
+- Regularly update base images and dependencies
+
+## Troubleshooting
+
+### Common Issues
+
+1. **LDAP Connection Failed**
+   - Check LDAP server URL and credentials
+   - Verify network connectivity to domain controller
+   - Check if LDAP service is running
+
+2. **Authentication Errors**
+   - Verify JWT secret key configuration
+   - Check user credentials and permissions
+   - Ensure domain controller is accessible
+
+3. **Samba Tool Errors**
+   - Verify samba-tool is installed in container
+   - Check domain configuration
+   - Ensure proper DNS resolution
+
+### Logs and Monitoring
+
+- Application logs are available in container stdout
+- Configure log level with `LOG_LEVEL` environment variable
+- Use Kubernetes logging and monitoring solutions for production
+
+## Contributing
+
+1. Fork the repository
+2. Create a feature branch
+3. Make your changes
+4. Add tests for new functionality
+5. Submit a pull request
+
+## License
+
+This project is licensed under the MIT License - see the LICENSE file for details.
+
+## Support
+
+For issues and questions:
+1. Check the troubleshooting section
+2. Search existing issues in the repository
+3. Create a new issue with detailed information