|
|
|
@ -75,7 +75,25 @@ class addLdif(LDIFParser):
|
|
|
|
|
self.ldapCon = ldapCon
|
|
|
|
|
|
|
|
|
|
def handle(self, dn, entry):
|
|
|
|
|
self.ldapCon.add_s(dn, entry.items())
|
|
|
|
|
findDN = False
|
|
|
|
|
try:
|
|
|
|
|
findDN = self.ldapCon.compare_s(dn,
|
|
|
|
|
dn.split(',')[0].split('=')[0],
|
|
|
|
|
dn.split(',')[0].split('=')[1])
|
|
|
|
|
except ldap.NO_SUCH_OBJECT:
|
|
|
|
|
pass
|
|
|
|
|
if findDN:
|
|
|
|
|
print "DELETE", dn
|
|
|
|
|
try:
|
|
|
|
|
print self.ldapCon.delete_s(dn)
|
|
|
|
|
except ldap.NOT_ALLOWED_ON_NONLEAF:
|
|
|
|
|
print "ERROR DELETE", dn
|
|
|
|
|
print "ADD_DN", dn
|
|
|
|
|
try:
|
|
|
|
|
self.ldapCon.add_s(dn, entry.items())
|
|
|
|
|
except ldap.LDAPError, e:
|
|
|
|
|
pass
|
|
|
|
|
print "ERROR ADD", e[0]['desc']
|
|
|
|
|
|
|
|
|
|
class ldapFunction(cl_profile._error):
|
|
|
|
|
'''Объект для работы с LDAP сервером'''
|
|
|
|
@ -146,8 +164,13 @@ class cl_ldap(imp_cl_err, imp_cl_xml, imp_cl_help, imp_cl_smcon):
|
|
|
|
|
def __init__(self, cmdName):
|
|
|
|
|
# объект для форматированного вывода
|
|
|
|
|
imp_cl_help.__init__(self, cmdName)
|
|
|
|
|
# Базовый DN всех сервисов относительно базового DN
|
|
|
|
|
servicesRelDN = "ou=Services"
|
|
|
|
|
# Базовый DN Samba сервиса относительно базового DN
|
|
|
|
|
self.sambaRelDN = "ou=Samba"
|
|
|
|
|
self.sambaRelDN = "ou=Samba,%s" %servicesRelDN
|
|
|
|
|
|
|
|
|
|
# Основная группа пользователей LDAP
|
|
|
|
|
self.nameBaseGroup = "Services"
|
|
|
|
|
# Алгоритм шифрования пароля для LDAP пользователя
|
|
|
|
|
self.userCrypt = "{SSHA}"
|
|
|
|
|
|
|
|
|
@ -185,6 +208,7 @@ class cl_ldap(imp_cl_err, imp_cl_xml, imp_cl_help, imp_cl_smcon):
|
|
|
|
|
'cl-userdel':4,
|
|
|
|
|
'cl-usermod':5,
|
|
|
|
|
'cl-setup':6,
|
|
|
|
|
'cl-passwd':7,
|
|
|
|
|
}
|
|
|
|
|
# Cвязь сервисов и действующих опций
|
|
|
|
|
self.relServices = {"samba":[_("Common options"),
|
|
|
|
@ -296,6 +320,17 @@ class cl_ldap(imp_cl_err, imp_cl_xml, imp_cl_help, imp_cl_smcon):
|
|
|
|
|
'helpChapter':_("Service LDAP options"),
|
|
|
|
|
'help':_("specify an alternative skel directory")
|
|
|
|
|
},
|
|
|
|
|
{'progAccess':(3,),
|
|
|
|
|
'shortOption':"p",
|
|
|
|
|
'longOption':"password",
|
|
|
|
|
'helpChapter':_("Service LDAP options"),
|
|
|
|
|
'help':_("use password for the user account (from dialog)")
|
|
|
|
|
},
|
|
|
|
|
{'progAccess':(3,),
|
|
|
|
|
'shortOption':"P",
|
|
|
|
|
'helpChapter':_("Service LDAP options"),
|
|
|
|
|
'help':_("use password for the user account (from standart input)")
|
|
|
|
|
},
|
|
|
|
|
#{'progAccess':(3,),
|
|
|
|
|
#'shortOption':"p",
|
|
|
|
|
#'longOption':"password",
|
|
|
|
@ -422,6 +457,26 @@ class cl_ldap(imp_cl_err, imp_cl_xml, imp_cl_help, imp_cl_smcon):
|
|
|
|
|
'helpChapter':_("Common options"),
|
|
|
|
|
'help':_("forced setup service")
|
|
|
|
|
},
|
|
|
|
|
# Опции cl-passwd
|
|
|
|
|
# LDAP пользователь
|
|
|
|
|
{'progAccess':(7,),
|
|
|
|
|
'shortOption':"d",
|
|
|
|
|
'longOption':"delete",
|
|
|
|
|
'helpChapter':_("Service LDAP options"),
|
|
|
|
|
'help':_("delete the password for the named account")
|
|
|
|
|
},
|
|
|
|
|
{'progAccess':(7,),
|
|
|
|
|
'shortOption':"l",
|
|
|
|
|
'longOption':"lock",
|
|
|
|
|
'helpChapter':_("Service LDAP options"),
|
|
|
|
|
'help':_("lock the named account")
|
|
|
|
|
},
|
|
|
|
|
{'progAccess':(7,),
|
|
|
|
|
'shortOption':"u",
|
|
|
|
|
'longOption':"unlock",
|
|
|
|
|
'helpChapter':_("Service LDAP options"),
|
|
|
|
|
'help':_("unlock the named account")
|
|
|
|
|
},
|
|
|
|
|
#{'progAccess':(0,1,2,4,5,6),
|
|
|
|
|
#'shortOption':"s",
|
|
|
|
|
#'longOption':"set",
|
|
|
|
@ -514,6 +569,12 @@ class cl_ldap(imp_cl_err, imp_cl_xml, imp_cl_help, imp_cl_smcon):
|
|
|
|
|
'help': cmdName + " " + " [" + _("options") + "] "+\
|
|
|
|
|
" " + _("service")
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
'progAccess':(7,),
|
|
|
|
|
'helpChapter':_("Usage"),
|
|
|
|
|
'help': cmdName + " " + " [" + _("options") + "] " + _("user") +\
|
|
|
|
|
" " + _("service")
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
'progAccess':(0,),
|
|
|
|
|
'helpChapter':"Function",
|
|
|
|
@ -549,6 +610,11 @@ class cl_ldap(imp_cl_err, imp_cl_xml, imp_cl_help, imp_cl_smcon):
|
|
|
|
|
'helpChapter':"Function",
|
|
|
|
|
'help':_("Sets service in the system")
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
'progAccess':(7,),
|
|
|
|
|
'helpChapter':"Function",
|
|
|
|
|
'help':_("Change user password")
|
|
|
|
|
},
|
|
|
|
|
# Примеры
|
|
|
|
|
{
|
|
|
|
|
'progAccess':(0,),
|
|
|
|
@ -557,13 +623,6 @@ class cl_ldap(imp_cl_err, imp_cl_xml, imp_cl_help, imp_cl_smcon):
|
|
|
|
|
"# " + _("add group guest in service")+":\n# LDAP",
|
|
|
|
|
self.consolewidth-self.column_width )
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
'progAccess':(2,),
|
|
|
|
|
'helpChapter':_("Examples"),
|
|
|
|
|
'help':pcs( " cl-groupmod -m guest test ldap", self.column_width,
|
|
|
|
|
"# " + _("add user test to a group guest in service")+":\n# LDAP",
|
|
|
|
|
self.consolewidth-self.column_width )
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
'progAccess':(1,),
|
|
|
|
|
'helpChapter':_("Examples"),
|
|
|
|
@ -574,7 +633,9 @@ class cl_ldap(imp_cl_err, imp_cl_xml, imp_cl_help, imp_cl_smcon):
|
|
|
|
|
{
|
|
|
|
|
'progAccess':(2,),
|
|
|
|
|
'helpChapter':_("Examples"),
|
|
|
|
|
'help':""
|
|
|
|
|
'help':pcs( " cl-groupmod -m guest test ldap", self.column_width,
|
|
|
|
|
"# " + _("add user test to a group guest in service")+":\n# LDAP",
|
|
|
|
|
self.consolewidth-self.column_width )
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
'progAccess':(3,),
|
|
|
|
@ -606,6 +667,13 @@ class cl_ldap(imp_cl_err, imp_cl_xml, imp_cl_help, imp_cl_smcon):
|
|
|
|
|
"# "+_("set service") + " samba "+_("in the system") + ".",
|
|
|
|
|
self.consolewidth-self.column_width)
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
'progAccess':(7,),
|
|
|
|
|
'helpChapter':_("Examples"),
|
|
|
|
|
'help':pcs(" cl-passwd test samba", self.column_width,
|
|
|
|
|
"# "+_("change password for Samba service user test") + ".",
|
|
|
|
|
self.consolewidth-self.column_width)
|
|
|
|
|
},
|
|
|
|
|
#{
|
|
|
|
|
#'helpChapter':_("Examples"),
|
|
|
|
|
#'help':pcs(" " + cmdName + " --env boot", self.column_width,
|
|
|
|
@ -718,9 +786,7 @@ class cl_ldap(imp_cl_err, imp_cl_xml, imp_cl_help, imp_cl_smcon):
|
|
|
|
|
forceOptions = False
|
|
|
|
|
if options.has_key("f"):
|
|
|
|
|
forceOptions = True
|
|
|
|
|
clVars = cl_base.DataVars()
|
|
|
|
|
clVars.flServer()
|
|
|
|
|
clVars.flIniFile()
|
|
|
|
|
clVars = self.createClVars()
|
|
|
|
|
# прервать если была неудачная попытка установить новые параметры
|
|
|
|
|
# или были опция вывода на печать
|
|
|
|
|
#if not self.processOptionsForDatavars(options,clVars):
|
|
|
|
@ -798,9 +864,7 @@ LDAP in backup directory")
|
|
|
|
|
forceOptions = False
|
|
|
|
|
if options.has_key("f"):
|
|
|
|
|
forceOptions = True
|
|
|
|
|
clVars = cl_base.DataVars()
|
|
|
|
|
clVars.flServer()
|
|
|
|
|
clVars.flIniFile()
|
|
|
|
|
clVars = self.createClVars()
|
|
|
|
|
# прервать если была неудачная попытка установить новые параметры
|
|
|
|
|
# или были опция вывода на печать
|
|
|
|
|
#if not self.processOptionsForDatavars(options,clVars):
|
|
|
|
@ -889,16 +953,13 @@ Samba in backup directory")
|
|
|
|
|
|
|
|
|
|
def addMashineSambaServer(self, machineName, options, clVars=False):
|
|
|
|
|
"""Добавляет Samba машину в LDAP-сервер"""
|
|
|
|
|
if not clVars:
|
|
|
|
|
clVars = cl_base.DataVars()
|
|
|
|
|
clVars.flServer()
|
|
|
|
|
clVars.flIniFile()
|
|
|
|
|
clVars = self.createClVars(clVars)
|
|
|
|
|
ldapObj = self.getLdapObjInFile()
|
|
|
|
|
if not ldapObj:
|
|
|
|
|
return False
|
|
|
|
|
machineLogin = machineName.replace('$','') + "$"
|
|
|
|
|
res = self.searchLdapUser(machineLogin, ldapObj,
|
|
|
|
|
clVars,"ou=Computers" + self.sambaRelDN)
|
|
|
|
|
clVars,"ou=Computers" + "," + self.sambaRelDN)
|
|
|
|
|
if res:
|
|
|
|
|
if res[0][0][1].has_key('sambaSID'):
|
|
|
|
|
self.printERROR(_("machine")+" "+machineLogin+" "+\
|
|
|
|
@ -927,10 +988,7 @@ Samba in backup directory")
|
|
|
|
|
|
|
|
|
|
def addMashineLdapServer(self, machineName, options, clVars=False):
|
|
|
|
|
"""Добавляет LDAP машину в LDAP-сервер"""
|
|
|
|
|
if not clVars:
|
|
|
|
|
clVars = cl_base.DataVars()
|
|
|
|
|
clVars.flServer()
|
|
|
|
|
clVars.flIniFile()
|
|
|
|
|
clVars = self.createClVars(clVars)
|
|
|
|
|
ldapObj = self.getLdapObjInFile()
|
|
|
|
|
if not ldapObj:
|
|
|
|
|
return False
|
|
|
|
@ -1000,10 +1058,7 @@ Samba in backup directory")
|
|
|
|
|
if options.has_key('r'):
|
|
|
|
|
self.printERROR (_("Options r not valid in service Samba"))
|
|
|
|
|
return False
|
|
|
|
|
if not clVars:
|
|
|
|
|
clVars = cl_base.DataVars()
|
|
|
|
|
clVars.flServer()
|
|
|
|
|
clVars.flIniFile()
|
|
|
|
|
clVars = self.createClVars(clVars)
|
|
|
|
|
ldapObj = self.getLdapObjInFile()
|
|
|
|
|
if not ldapObj:
|
|
|
|
|
return False
|
|
|
|
@ -1051,10 +1106,7 @@ Samba in backup directory")
|
|
|
|
|
def delUserLdapServer(self, userName, options, clVars=False,
|
|
|
|
|
orgUnit="ou=Users"):
|
|
|
|
|
"""Удаляем LDAP пользователя"""
|
|
|
|
|
if not clVars:
|
|
|
|
|
clVars = cl_base.DataVars()
|
|
|
|
|
clVars.flServer()
|
|
|
|
|
clVars.flIniFile()
|
|
|
|
|
clVars = self.createClVars(clVars)
|
|
|
|
|
ldapObj = self.getLdapObjInFile()
|
|
|
|
|
if not ldapObj:
|
|
|
|
|
return False
|
|
|
|
@ -1116,17 +1168,7 @@ Samba in backup directory")
|
|
|
|
|
def addUserLdapServer(self, userName, options, clVars=False,optOut=False,
|
|
|
|
|
pwDialog=False):
|
|
|
|
|
"""Добавляет LDAP пользователя в LDAP-сервер"""
|
|
|
|
|
if not clVars:
|
|
|
|
|
clVars = cl_base.DataVars()
|
|
|
|
|
clVars.flServer()
|
|
|
|
|
clVars.flIniFile()
|
|
|
|
|
# прервать если была неудачная попытка установить новые параметры
|
|
|
|
|
# или были опция вывода на печать
|
|
|
|
|
#if not self.processOptionsForDatavars(options,clVars):
|
|
|
|
|
#return ""
|
|
|
|
|
#userId = clVars.Get("soft_ldap_user_id")
|
|
|
|
|
#if not userId:
|
|
|
|
|
|
|
|
|
|
clVars = self.createClVars(clVars)
|
|
|
|
|
ldapObj = self.getLdapObjInFile()
|
|
|
|
|
if not ldapObj:
|
|
|
|
|
return False
|
|
|
|
@ -1228,24 +1270,27 @@ Samba in backup directory")
|
|
|
|
|
_("found in LDAP") + " ...")
|
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
#userPwd = "crypt{xxx}"
|
|
|
|
|
userPwd = ""
|
|
|
|
|
# Пароль пользователя зашифрованный
|
|
|
|
|
if options.has_key('p'):
|
|
|
|
|
userPwd = options['p']
|
|
|
|
|
else:
|
|
|
|
|
if pwDialog:
|
|
|
|
|
pwdA = getpass.getpass(pwDialog[0]+":")
|
|
|
|
|
pwdB = getpass.getpass(pwDialog[1]+":")
|
|
|
|
|
else:
|
|
|
|
|
pwdA = getpass.getpass(_("New password")+":")
|
|
|
|
|
pwdB = getpass.getpass(_("Retype new password")+":")
|
|
|
|
|
if options.has_key('P'):
|
|
|
|
|
pwdA = sys.stdin.readline().rstrip()
|
|
|
|
|
pwdB = sys.stdin.readline().rstrip()
|
|
|
|
|
elif options.has_key('p'):
|
|
|
|
|
if not pwDialog:
|
|
|
|
|
pwDialog = [_("New password"),
|
|
|
|
|
_("Retype new password")]
|
|
|
|
|
pwdA = getpass.getpass(pwDialog[0]+":")
|
|
|
|
|
pwdB = getpass.getpass(pwDialog[1]+":")
|
|
|
|
|
if options.has_key('P') or options.has_key('p'):
|
|
|
|
|
if not (pwdA == pwdB):
|
|
|
|
|
self.printERROR (_("ERROR") + ": " +\
|
|
|
|
|
_("password incorrect")+ ": " + _("try again"))
|
|
|
|
|
return False
|
|
|
|
|
userPwd = pwdA
|
|
|
|
|
|
|
|
|
|
userPwdHash =\
|
|
|
|
|
if not userPwd:
|
|
|
|
|
userPwdHash = "crypt{xxx}"
|
|
|
|
|
else:
|
|
|
|
|
userPwdHash =\
|
|
|
|
|
self.execProg("slappasswd -s %s -h %s" %(userPwd,self.userCrypt))
|
|
|
|
|
if not userPwdHash:
|
|
|
|
|
self.printERROR (_("ERROR") + ": " +\
|
|
|
|
@ -1267,15 +1312,19 @@ Samba in backup directory")
|
|
|
|
|
if resLdap:
|
|
|
|
|
userGid = resLdap[0][0][1]['gidNumber'][0]
|
|
|
|
|
else:
|
|
|
|
|
if not self.addGroupLdapServer(userName,{},clVars):
|
|
|
|
|
if not self.addGroupLdapServer(self.nameBaseGroup,{},clVars):
|
|
|
|
|
return False
|
|
|
|
|
clVars.Set("soft_ldap_user_gid",userGid)
|
|
|
|
|
|
|
|
|
|
ldifFile = "/usr/lib/calculate/calculate-server/ldif/ldap_user.ldif"
|
|
|
|
|
userLdif = self.createLdif(ldifFile, clVars)
|
|
|
|
|
#ldifFile1 = \
|
|
|
|
|
#"/usr/lib/calculate/calculate-server/ldif/ldap_account.ldif"
|
|
|
|
|
#userLdif1 = self.createLdif(ldifFile1, clVars)
|
|
|
|
|
if not ldapObj.getError():
|
|
|
|
|
#Добавляем пользователя в LDAP
|
|
|
|
|
ldapObj.ldapAdd(userLdif)
|
|
|
|
|
#ldapObj.ldapAdd(userLdif1)
|
|
|
|
|
#Добавляем его в другие группы (опция G)
|
|
|
|
|
if options.has_key('G') and userGroupNames:
|
|
|
|
|
for group in userGroupNames:
|
|
|
|
@ -1345,11 +1394,7 @@ Samba in backup directory")
|
|
|
|
|
|
|
|
|
|
def addGroupLdapServer(self, groupName, options, clVars=False):
|
|
|
|
|
"""Добавляет группу пользователей LDAP"""
|
|
|
|
|
if not clVars:
|
|
|
|
|
clVars = cl_base.DataVars()
|
|
|
|
|
clVars.flServer()
|
|
|
|
|
clVars.flIniFile()
|
|
|
|
|
|
|
|
|
|
clVars = self.createClVars(clVars)
|
|
|
|
|
# прервать если была неудачная попытка установить новые параметры
|
|
|
|
|
# или были опция вывода на печать
|
|
|
|
|
#if not self.processOptionsForDatavars(options,clVars):
|
|
|
|
@ -1414,10 +1459,7 @@ Samba in backup directory")
|
|
|
|
|
def delGroupLdapServer(self, groupName, options, clVars=False,
|
|
|
|
|
orgUnit="ou=Groups"):
|
|
|
|
|
"""Удаляет группу пользователей LDAP"""
|
|
|
|
|
if not clVars:
|
|
|
|
|
clVars = cl_base.DataVars()
|
|
|
|
|
clVars.flServer()
|
|
|
|
|
clVars.flIniFile()
|
|
|
|
|
clVars = self.createClVars(clVars)
|
|
|
|
|
|
|
|
|
|
#gid = clVars.Get("soft_ldap_group_id")
|
|
|
|
|
ldapObj = self.getLdapObjInFile()
|
|
|
|
@ -1909,7 +1951,8 @@ Samba in backup directory")
|
|
|
|
|
if scope[0][1].has_key('gidNumber'):
|
|
|
|
|
# Пропускаем группы компьютеров
|
|
|
|
|
if scope[0][1].has_key('description') and\
|
|
|
|
|
scope[0][1]['description'][0] == "Computer group":
|
|
|
|
|
scope[0][1]['description'][0] == "Computer group" and\
|
|
|
|
|
scope[0][1]['description'][0] == "Service group":
|
|
|
|
|
continue
|
|
|
|
|
gid = int(scope[0][1]['gidNumber'][0])
|
|
|
|
|
if gid<=gidMax and gid>=gidMin:
|
|
|
|
@ -1927,7 +1970,8 @@ Samba in backup directory")
|
|
|
|
|
adminPw = ldapParser.getVar("admin","PASS")
|
|
|
|
|
ldapObj = ldapFunction(adminDn, adminPw)
|
|
|
|
|
if ldapObj.getError():
|
|
|
|
|
cl_printERROR (_("LDAP connect error") + ": " + ldapObj.getError())
|
|
|
|
|
self.printERROR (_("LDAP connect error") + ": " +\
|
|
|
|
|
ldapObj.getError())
|
|
|
|
|
return False
|
|
|
|
|
return ldapObj
|
|
|
|
|
|
|
|
|
@ -2034,10 +2078,7 @@ Samba in backup directory")
|
|
|
|
|
|
|
|
|
|
def modGroupLdapServer(self, groupName, options, clVars=False):
|
|
|
|
|
"""Модифицирует настройки группы пользователей LDAP"""
|
|
|
|
|
if not clVars:
|
|
|
|
|
clVars = cl_base.DataVars()
|
|
|
|
|
clVars.flServer()
|
|
|
|
|
clVars.flIniFile()
|
|
|
|
|
clVars = self.createClVars(clVars)
|
|
|
|
|
ldapObj = self.getLdapObjInFile()
|
|
|
|
|
if not ldapObj:
|
|
|
|
|
return False
|
|
|
|
@ -2072,10 +2113,7 @@ Samba in backup directory")
|
|
|
|
|
|
|
|
|
|
def modUserSambaServer(self, userName, options, clVars=False):
|
|
|
|
|
"""Модифицирует настройки пользователя samba в LDAP"""
|
|
|
|
|
if not clVars:
|
|
|
|
|
clVars = cl_base.DataVars()
|
|
|
|
|
clVars.flServer()
|
|
|
|
|
clVars.flIniFile()
|
|
|
|
|
clVars = self.createClVars(clVars)
|
|
|
|
|
ldapObj = self.getLdapObjInFile()
|
|
|
|
|
if not ldapObj:
|
|
|
|
|
return False
|
|
|
|
@ -2126,10 +2164,7 @@ Samba in backup directory")
|
|
|
|
|
def modUserLdapServer(self, userName, options, clVars=False ,optOut=False,
|
|
|
|
|
pwDialog=False):
|
|
|
|
|
"""Модифицирует настройки пользователя LDAP в LDAP"""
|
|
|
|
|
if not clVars:
|
|
|
|
|
clVars = cl_base.DataVars()
|
|
|
|
|
clVars.flServer()
|
|
|
|
|
clVars.flIniFile()
|
|
|
|
|
clVars = self.createClVars(clVars)
|
|
|
|
|
ldapObj = self.getLdapObjInFile()
|
|
|
|
|
if not ldapObj:
|
|
|
|
|
return False
|
|
|
|
@ -2251,17 +2286,93 @@ Samba in backup directory")
|
|
|
|
|
return userPwd
|
|
|
|
|
return True
|
|
|
|
|
|
|
|
|
|
def createClVars(self, clVars=False):
|
|
|
|
|
"""Создает объект Vars"""
|
|
|
|
|
if not clVars:
|
|
|
|
|
clVars = cl_base.DataVars()
|
|
|
|
|
clVars.flServer()
|
|
|
|
|
clVars.flIniFile()
|
|
|
|
|
return clVars
|
|
|
|
|
|
|
|
|
|
def modUserLdapPasswd(self, userName, options, clVars=False):
|
|
|
|
|
"""Устанавливает пароль LDAP пользователя и меняет его опции"""
|
|
|
|
|
clVars = self.createClVars(clVars)
|
|
|
|
|
ldapObj = self.getLdapObjInFile()
|
|
|
|
|
if not ldapObj:
|
|
|
|
|
return False
|
|
|
|
|
res = self.searchLdapUser(userName, ldapObj, clVars)
|
|
|
|
|
if not res:
|
|
|
|
|
self.printERROR(_("User") + " " + str(userName) + " " +\
|
|
|
|
|
_("not found in LDAP") + " ...")
|
|
|
|
|
return False
|
|
|
|
|
# Изменяемые аттрибуты пользователя
|
|
|
|
|
modAttrs = []
|
|
|
|
|
# Удаляем пароль пользователя
|
|
|
|
|
if options.has_key('d'):
|
|
|
|
|
if res[0][0][1].has_key('userPassword'):
|
|
|
|
|
modAttrs += [(ldap.MOD_DELETE, 'userPassword', None)]
|
|
|
|
|
else:
|
|
|
|
|
self.printERROR(_("Not found LDAP password from user") + " "+\
|
|
|
|
|
str(userName) + " ...")
|
|
|
|
|
# Включаем пользователя
|
|
|
|
|
if options.has_key('u'):
|
|
|
|
|
modAttrs += [(ldap.MOD_REPLACE, 'shadowExpire', "-1")]
|
|
|
|
|
# Выключаем пользователя
|
|
|
|
|
elif options.has_key('l'):
|
|
|
|
|
modAttrs += [(ldap.MOD_REPLACE, 'shadowExpire', "1")]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if not options:
|
|
|
|
|
pwDialog = [_("New password"),
|
|
|
|
|
_("Retype new password")]
|
|
|
|
|
pwdA = getpass.getpass(pwDialog[0]+":")
|
|
|
|
|
pwdB = getpass.getpass(pwDialog[1]+":")
|
|
|
|
|
if not (pwdA == pwdB):
|
|
|
|
|
self.printERROR (_("ERROR") + ": " +\
|
|
|
|
|
_("password incorrect")+ ": " + _("try again"))
|
|
|
|
|
return False
|
|
|
|
|
userPwd = pwdA
|
|
|
|
|
userPwdHash =\
|
|
|
|
|
self.execProg("slappasswd -s %s -h %s"\
|
|
|
|
|
%(userPwd, self.userCrypt))
|
|
|
|
|
if res[0][0][1].has_key('userPassword'):
|
|
|
|
|
modAttrs.append((ldap.MOD_REPLACE, 'userPassword',
|
|
|
|
|
userPwdHash))
|
|
|
|
|
else:
|
|
|
|
|
modAttrs.append((ldap.MOD_ADD, 'userPassword',
|
|
|
|
|
userPwdHash))
|
|
|
|
|
|
|
|
|
|
if modAttrs:
|
|
|
|
|
try:
|
|
|
|
|
ldapObj.conLdap.modify_s("uid=%s,%s,%s"\
|
|
|
|
|
%(userName,"ou=Users",clVars.Get("soft_ldap_base")),
|
|
|
|
|
modAttrs)
|
|
|
|
|
except ldap.LDAPError, e:
|
|
|
|
|
self.printERROR(e[0]['desc'])
|
|
|
|
|
return False
|
|
|
|
|
if options.has_key('d'):
|
|
|
|
|
self.printSUCCESS(_("Deleted LDAP password from user") +\
|
|
|
|
|
" "+ str(userName) + " ...")
|
|
|
|
|
if options.has_key('l'):
|
|
|
|
|
self.printSUCCESS(_("Lock LDAP user") + " " + str(userName) +\
|
|
|
|
|
" ...")
|
|
|
|
|
if options.has_key('u'):
|
|
|
|
|
self.printSUCCESS(_("Unlock LDAP user") + " " +\
|
|
|
|
|
str(userName) + " ...")
|
|
|
|
|
if not options:
|
|
|
|
|
self.printSUCCESS(_("Change LDAP user password") + " ...")
|
|
|
|
|
# Изменим время последнего измения пароля пользователя
|
|
|
|
|
if not self.setShadowLastChange(userName, ldapObj, clVars):
|
|
|
|
|
return False
|
|
|
|
|
return True
|
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
def addUserSambaServer(self, userName, options, clVars=False):
|
|
|
|
|
"""Добавляет LDAP пользователя в LDAP-сервер"""
|
|
|
|
|
#print self.getUidMax()
|
|
|
|
|
#print self.getMaxUidPasswd()
|
|
|
|
|
#return False
|
|
|
|
|
if not clVars:
|
|
|
|
|
clVars = cl_base.DataVars()
|
|
|
|
|
clVars.flServer()
|
|
|
|
|
clVars.flIniFile()
|
|
|
|
|
clVars = self.createClVars(clVars)
|
|
|
|
|
# прервать если была неудачная попытка установить новые параметры
|
|
|
|
|
# или были опция вывода на печать
|
|
|
|
|
#if not options['s']:
|
|
|
|
@ -2316,6 +2427,7 @@ Samba in backup directory")
|
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
class tsOpt:
|
|
|
|
|
"""Класс для обработки параметров и вывода help"""
|
|
|
|
|
def __init__(self, obj, parBeforeService):
|
|
|
|
|
service = sys.argv[-1:][0].rstrip()
|
|
|
|
|
shortOpt = obj.getAllOpt('short', obj.relOptions['h'])
|
|
|
|
|