Attention : support for WAPT 1.8.2 ended on June the 30th 2022.

There are known vulnerabilities in WAPT dependencies in WAPT 1.8.2 branch. Please upgrade to the latest supported version. CVE listing (non exhaustive) :

• * python engine : python 2.7 (CVE-2020-10735, CVE-2015-20107, CVE-2022-0391, CVE-2021-23336, CVE-2021-3177, CVE-2020-27619, CVE-2020-26116, CVE-2019-20907, CVE-2020-8492, etc.)
• * cryptography : openssl : CVE-2022-2068, CVE-2022-1292, CVE-2022-0778, CVE-2021-4160, CVE-2021-3712, CVE-2021-23841, CVE-2021-23840, CVE-2021-23839, CVE-2020-1971, CVE-2020-1968, CVE-2019-1551
• * python dependencies : cryptography (CVE-2020-36242, CVE-2020-25659), eventlet (CVE-2021-21419), jinja2 (CVE-2020-28493), psutil (CVE-2019-18874), waitress (CVE-2022-31015), lxml (CVE-2021-4381, CVE-2021-28957, CVE-2020-27783, CVE-2018-19787), ujson (CVE-2022-31117, CVE-2022-31116, CVE-2021-45958), python-ldap (CVE-2021-46823)

New in version 1.7: Enterprise

Using Organizational Unit packages in WAPT

Hint

Feature only available with WAPT Enterprise.

Working principle

WAPT Enterprise offers organizational unit packages functionnality.

It automates software installations based on your Active Directory infrastructure.

The WAPT agent is aware of its position in the Active Directorytree structure, therefore it knows the hierarchy of Organizational Units that concerns it, for example:

DC=ad,DC=domain,DC=lan
OU=Paris,DC=ad,DC=domain,DC=lan
OU=computers,OU=Paris,DC=ad,DC=domain,DC=lan
OU=service1,OU=computers,OU=Paris,DC=ad,DC=domain,DC=lan

If an Organizational Unit package is defined on each level, WAPT agent will automtically download packages and configurations that are attached to each level, by inheritance, and apply attached packages and their dependencies.

Filters and actions available with Organizational Units

WAPT console showing options applicable to OU

Hint

You can see in the picture that update and upgrade actions can be performed through this menu, thus selecting hosts by their Organizational Unit.

In the Enterprise version, you may filter how hosts are displayed based on the Active Directory OU they belong to.

The checkbox Include hosts in subfolders allows to display hosts in subfolders.

Creating Organizational Unit packages in the WAPT console

You can create unit packages by Right clicking on an OU ‣ Create or edit the unit package.

Right-click on OU to create unit package.

A window opens and you are prompted to choose which packages must be in unit bundle.

Adding package to unit bundle.

Save the package and it will be uploaded to the WAPT server.

Faking organizational unit for WORKGROUP hosts

It can happen that some specific hosts cannot be joined to an Active Directory domain.

With that specificity, such hosts do not show up in your Active Directory Organizational Units in your WAPT Console.

To make all hosts show up in the console under the right Organizational Unit, whether they are joined to an AD domain or not, WAPT allows you to specify a fake Organizational Unit WAPT agent configuration file.

The benefits of this trick are:

• you can manage these hosts with WAPT as if they where joined to the AD;

• out-of-domain and workgroup hosts are now showing up in AD tree view;

• unit packages are usable on these hosts;

To setup a fake Organisational Unit on hosts, create an empty WAPT package;

wapt-get make-template demo-configure-fake-ou

Then use the following code:

# -*- coding: utf-8 -*-
from setuphelpers import *

uninstallkey = []

def install():

  print('Setting Fake Organizational Unit')
  fake_ou = "OU=TOTO,OU=TEST,DC=DEMO,DC=LAN"
  inifile_writestring(WAPT.config_filename,'global','host_organizational_unit_dn',fake_ou)

The host_organizational_unit_dn must be like below in wapt-get.ini:

[global]
host_organizational_unit_dn="OU=TOTO,OU=TEST,DC=DEMO,DC=LAN"

Note

Stick to a specific case with your host_organizational_unit_dn (don’t mix “dc”s and “DC”s, “ou”s and “OU”s…). Follow the case used in the DN/computer_ad_dn fields in the hosts grid.