calculate
/
calculate-utils-2.1-server
6
0
Fork 0
Code Issues 3 Pull Requests Releases 1 Wiki Activity

git-svn-id: http://svn.calculate.ru/calculate2/calculate-server/trunk@177 c91db197-33c1-4113-bf15-f8a5c547ca64

Browse Source
develop
asamoukin 16 years ago
parent 9bda1e3c11
commit 9d68bc303d
3 changed files with 222 additions and 91 deletions
Show Stats Download Patch File Download Diff File

2
profile/samba/etc/samba/smb.conf
Unescape View File

@ -23,7 +23,7 @@
#passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n"
# При смене пароля юзером через smbpasswd меняем его и в LDAP
ldap passwd sync = Yes
#ldap passwd sync = Yes
passdb backend = ldapsam:ldap://127.0.0.1/
ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))

304
pym/cl_ldap.py
Unescape View File

@ -256,6 +256,17 @@ class shareLdap(imp_cl_err, imp_cl_xml, imp_cl_help, imp_cl_smcon):
return False
return True
@foundConnect
def modifyElemDN(self, relDN, newFirstDn):
"""Изменяет основной элемент DN (uid, cn и др.)"""
DN = self.addDN(relDN,self.baseDN)
try:
self.conLdap.modrdn_s(DN, newFirstDn)
except ldap.LDAPError, e:
self.printERROR(e[0]['desc'])
return False
return True
@foundConnect
def delDN(self, relDN):
DN = self.addDN(relDN,self.baseDN)
@ -269,7 +280,7 @@ class shareLdap(imp_cl_err, imp_cl_xml, imp_cl_help, imp_cl_smcon):
def getMaxAttrDN(self, relDN, name, attr, numMin, numMax, attrSearch):
"""Находит максимальный добавленный аттрибут в LDAP DN"""
resSearch = self.searchLdapDN(name, relDN, attr)
resSearch = self.searchLdapDN(name, relDN, attr, [attrSearch])
lst = []
lst.append(0)
if resSearch:
@ -438,6 +449,8 @@ class servUnix(shareLdap):
self.fullNameUser = "Calculate user"
# Оболочка пользователя по умолчанию
self.userShell = "/bin/bash"
# Скелетная директория для создания пользователя
self.skelDir = "/etc/skel"
# Алгоритм шифрования пароля для LDAP пользователя
self.userCrypt = "{SSHA}"
# Используемые ldif файлы
@ -458,12 +471,11 @@ class servUnix(shareLdap):
# DN, компьютеров относительно базового DN
self.relComputersDN = self.servSambaObj.relComputersDN
def createHomeDir(self, userName, homeDir):
def createHomeDir(self, userName, homeDir, skelDir):
"""Создаем домашнюю директорию пользователя
создание происходит после создания пользователя
"""
skelDir = "/etc/skel"
resLdap = self.searchUnixUser(userName)
if resLdap:
uid = int(resLdap[0][0][1]['uidNumber'][0])
@ -696,16 +708,29 @@ class servUnix(shareLdap):
@foundConnect
def addGroupUnixServer(self, groupName, options):
"""Добавляет группу пользователей LDAP"""
self.clVars.Set("soft_ldap_group_name",groupName)
# Если группа существует выходим без ошибки
flagErrGrExist = True
if options.has_key('f'):
flagErrGrExist = False
if self.searchGroupGroupName(groupName):
self.printERROR(_("group name")+ " " + str(groupName) + " " +\
_("found in /etc/group") + " ...")
return False
if flagErrGrExist:
self.printERROR(_("group name")+ " " + str(groupName) + " " +\
_("found in /etc/group") + " ...")
return False
else:
self.printSUCCESS(_("group name")+ " " + str(groupName) +\
" " + _("found in /etc/group") + " ...")
return True
if self.searchUnixGroupName(groupName):
self.printERROR(_("group name")+ " " + str(groupName) + " " +\
_("found in LDAP") + " ...")
return False
if flagErrGrExist:
self.printERROR(_("group name")+ " " + str(groupName) + " " +\
_("found in LDAP") + " ...")
return False
else:
self.printSUCCESS(_("group name")+ " " + str(groupName) +\
" " + _("found in LDAP") + " ...")
return True
self.clVars.Set("soft_ldap_group_name",groupName)
# номер группы
gid = str(self.getMaxGid())
if options.has_key('g'):
@ -802,12 +827,16 @@ class servUnix(shareLdap):
# Базовая домашняя директория
if options.has_key('b'):
baseDir = options['b']
# Устанавливаем базовую домашнюю директорию
# Устанавливаем скелетную директорию
if options.has_key('k'):
homeDir = options['k']
skelDir = options['k']
else:
homeDir = os.path.join(baseDir,
self.clVars.Get("soft_ldap_user_login"))
skelDir = self.skelDir
# Устанавливаем домашнюю директорию
if options.has_key('d'):
homeDir = options['d']
else:
homeDir = os.path.join(baseDir, userName)
self.clVars.Set("soft_ldap_user_home",homeDir)
fullNameUser = self.fullNameUser
@ -933,7 +962,7 @@ class servUnix(shareLdap):
# Добавим домашнюю директорию
if options.has_key('m'):
if not os.path.exists(homeDir):
if not self.createHomeDir(userName, homeDir):
if not self.createHomeDir(userName, homeDir, skelDir):
self.printERROR (_("ERROR") + ": " + _("create HOME dir"))
return False
self.printSUCCESS(_("Create home dir")+ " " + homeDir + " ...")
@ -1219,11 +1248,33 @@ class servUnix(shareLdap):
" ...")
# Изменяемые аттрибуты пользователя
modAttrs = []
# Изменяем первичную группу пользователя
if options.has_key('g'):
newFirstGroup = options['g']
userGroupNames = self.searchGroupsUnix([newFirstGroup])
if not userGroupNames:
return False
groupName = userGroupNames[0]
resLdap = self.searchUnixGroupName(groupName)
resGroup = self.searchGroupGroupName(groupName)
if not (resLdap or resGroup):
self.printERROR (_("ERROR") + ": " +\
_("not found gid=") + userGid)
return False
if resGroup:
userGid = resGroup.split(":")[2]
if resLdap:
userGid = resLdap[0][0][1]['gidNumber'][0]
modAttrs += [(ldap.MOD_REPLACE, 'gidNumber', userGid)]
# Изменяем домашнюю директорию
if options.has_key('d'):
homeDir = options['d']
modAttrs += [(ldap.MOD_REPLACE, 'homeDirectory', homeDir)]
# Включаем пользователя
if options.has_key('e'):
if options.has_key('U'):
modAttrs += [(ldap.MOD_REPLACE, 'shadowExpire', "-1")]
# Выключаем пользователя
if options.has_key('d'):
if options.has_key('L'):
modAttrs += [(ldap.MOD_REPLACE, 'shadowExpire', "1")]
# Изменяем коментарий к пользователю
if options.has_key('c'):
@ -1257,16 +1308,18 @@ class servUnix(shareLdap):
self.printSUCCESS(_("Modify comment") + " ...")
if options.has_key('s'):
self.printSUCCESS(_("Modify shell") + " ...")
if options.has_key('d'):
self.printSUCCESS(_("Modify home directory") + " ...")
if options.has_key('P') or options.has_key('p'):
# Изменим время последнего измения пароля пользователя
if not self.setShadowLastChange(userName):
return False
self.printSUCCESS(_("Modify LDAP user password") + " ...")
if options.has_key('e'):
self.printSUCCESS(_("Enabled user") + " " + str(userName) +\
if options.has_key('U'):
self.printSUCCESS(_("Unlock user") + " " + str(userName) +\
" ...")
if options.has_key('d'):
self.printSUCCESS(_("Disabled user") + " " + str(userName) +\
if options.has_key('L'):
self.printSUCCESS(_("Lock user") + " " + str(userName) +\
" ...")
return True
@ -1334,9 +1387,9 @@ class servUnix(shareLdap):
self.printERROR(_("group name not found in LDAP ..."))
return False
# Добавляем список пользователей в группу
if options.has_key('m'):
if options.has_key('a'):
# добавляемые пользователи в группу
users = options['m'].split(',')
users = options['a'].split(',')
res = self.addUserGroupUnix(users, groupName)
if res:
self.printSUCCESS(_("Append list users to a group") + " " +\
@ -1346,9 +1399,9 @@ class servUnix(shareLdap):
" " + str(groupName) + " ...")
return False
# Удаляем список пользователей из группы
if options.has_key('x'):
if options.has_key('d'):
# удаляемые пользователи из группы
users = options['x'].split(',')
users = options['d'].split(',')
res = self.delUserGroupLdap(users, groupName)
if res:
self.printSUCCESS(_("Deleted list users to a group") + " " +\
@ -1357,6 +1410,38 @@ class servUnix(shareLdap):
self.printERROR(_("Not delete list users to a group") +\
" " + str(groupName) + " ...")
return False
# Изменяем имя группы
if options.has_key('n'):
newGroupName = options['n']
if self.searchUnixGroupName(newGroupName):
self.printERROR(_("group name")+ " " + str(newGroupName) +\
" " + _("found in LDAP") + " ...")
return False
newFirstDn = "cn=" + newGroupName
oldDN = self.addDN("cn=" + groupName, self.relGroupsDN)
res = self.modifyElemDN(oldDN, newFirstDn)
if res:
self.printSUCCESS(_("Rename group") + " ...")
else:
self.printERROR(_("Not rename group") + "...")
return False
modAttrs = []
# Изменяем коментарий к группе
if options.has_key('c'):
gecos = options['c']
modAttrs.append((ldap.MOD_REPLACE, 'description', gecos))
if modAttrs:
groupDN = self.addDN("cn="+groupName, self.relGroupsDN)
res = self.modAttrsDN(groupDN, modAttrs)
if res:
if options.has_key('c'):
self.printSUCCESS(_("Modified group comment") + " ...")
return True
else:
if options.has_key('c'):
self.printSUCCESS(_("Not modify group comment") + " ...")
return False
return True
def delUserInGroup(self, userName):
@ -1548,7 +1633,7 @@ class servSamba(shareLdap):
if not resSearch:
resSearch = self.servUnixObj.searchPasswdUser(userName)
if self.searchSambaUser(userName):
self.printERROR(_("SMB user exists"))
self.printERROR(_("Samba user exists"))
return False
#пароль пользователя
userPwd = ""
@ -1718,6 +1803,30 @@ Samba in backup directory")
return True
def modUserSambaPasswd(self, userName, options):
if not self.searchSambaUser(userName):
self.printERROR(_("Samba user") + " " +str(userName) + " " +\
_("not found") + " ...")
return False
# отключаем samba account
if options.has_key('l'):
textLine = self.execProg("smbpasswd -d %s" %(userName))
if "Disabled user %s" %userName in textLine:
self.printSUCCESS(_("Disabled samba user")+ " " +\
str(userName) + " ...")
else:
self.printERROR(_("Not disable samba user")+ " "+\
str(userName) + " ...")
return False
# включаем samba account
if options.has_key('u'):
textLine = self.execProg("smbpasswd -e %s" %(userName))
if "Enabled user %s" %userName in textLine:
self.printSUCCESS(_("Enabled samba user")+ " " +\
str(userName) + " ...")
else:
self.printERROR(_("Not enable samba user")+ " "+\
str(userName) + " ...")
return False
if not options:
optPasswd = {"p":""}
userPwd = self.getUserPassword(optPasswd, "p", False)
@ -1726,9 +1835,7 @@ Samba in backup directory")
if userPwd:
textLine = self.execProg("smbpasswd -a -s %s" %(userName),
"%s\n%s\n" %(userPwd,userPwd))
print sys.stderr.read()
print "TEXT", textLine, "#"
if not ("" in str(textLine)):
if not (textLine == None):
self.printERROR(_("Not change samba user password") +\
" ...")
return False
@ -1749,7 +1856,7 @@ Samba in backup directory")
_("not found in LDAP") + " ...")
return False
# отключаем samba account
if options.has_key('d'):
if options.has_key('L'):
textLine = self.execProg("smbpasswd -d %s" %(userName))
if "Disabled user %s" %userName in textLine:
self.printSUCCESS(_("Disabled samba user")+ " " +\
@ -1757,8 +1864,9 @@ Samba in backup directory")
else:
self.printERROR(_("Not disable samba user")+ " "+\
str(userName) + " ...")
return False
# включаем samba account
if options.has_key('e'):
elif options.has_key('U'):
textLine = self.execProg("smbpasswd -e %s" %(userName))
if "Enabled user %s" %userName in textLine:
self.printSUCCESS(_("Enabled samba user")+ " " +\
@ -1766,6 +1874,7 @@ Samba in backup directory")
else:
self.printERROR(_("Not enable samba user")+ " "+\
str(userName) + " ...")
return False
# модифицируем пароль
if options.has_key('P') or options.has_key('p'):
pwDialog = [_("New SMB password"),
@ -1779,7 +1888,7 @@ Samba in backup directory")
userPwd = pwdA
textLine = self.execProg("smbpasswd -s %s" %(userName),
"%s\n%s\n" %(userPwd,userPwd))
if not ("" in str(textLine)):
if not (textLine == None):
self.printERROR(_("Not modify samba user password") + " ...")
return False
self.printSUCCESS(_("Modify samba user password") + " ...")
@ -1990,39 +2099,60 @@ class cl_ldap(shareLdap):
'helpChapter':_("Common options"),
'help':_("display help options all services")
},
{'progAccess':(0,),
'shortOption':"f",
'longOption':"force",
'helpChapter':_("Service Unix options"),
'help':_("force exit with success status if the specified \
group already exists")
},
{'progAccess':(0,),
'shortOption':"g",
'longOption':"gid",
'optVal':"GID",
'helpChapter':_("Common options"),
'helpChapter':_("Service Unix options"),
'help':_("use GID for the new group")
},
{'progAccess':(0,),
'shortOption':"c",
'longOption':"comment",
'optVal':"COMMENT",
'helpChapter':_("Common options"),
'help':_("set the GECOS field for the new group")
'helpChapter':_("Service Unix options"),
'help':_("set the description field for the new group")
},
{'progAccess':(0,),
'shortOption':"p",
'helpChapter':_("Common options"),
'helpChapter':_("Service Unix options"),
'help':_("print the gidNumber to stdout")
},
{'progAccess':(2,),
'shortOption':"m",
'longOption':"member",
'optVal':"ADD_USERS",
'shortOption':"a",
'longOption':"add",
'optVal':"USERS",
'helpChapter':_("Common options"),
'help':_("add members (comma delimited)")
},
{'progAccess':(2,),
'shortOption':"x",
'longOption':"member",
'optVal':"DEL_USERS",
'shortOption':"c",
'longOption':"comment",
'optVal':"COMMENT",
'helpChapter':_("Common options"),
'help':_("set the description field for the new group")
},
{'progAccess':(2,),
'shortOption':"d",
'longOption':"delete",
'optVal':"USERS",
'helpChapter':_("Common options"),
'help':_("delete members (comma delimted)")
},
{'progAccess':(2,),
'shortOption':"n",
'longOption':"new-name",
'optVal':"NEW_GROUP",
'helpChapter':_("Common options"),
'help':_("force use NEW_GROUP name by GROUP")
},
{'progAccess':(3,),
'shortOption':"b",
'longOption':"base-dir",
@ -2037,6 +2167,13 @@ class cl_ldap(shareLdap):
'helpChapter':_("Service Unix options"),
'help':_("set the GECOS field for the new user account")
},
{'progAccess':(3,),
'shortOption':"d",
'longOption':"home-dir",
'optVal':"HOME_DIR",
'helpChapter':_("Service Unix options"),
'help':_("home directory for the new user account")
},
{'progAccess':(3,),
'shortOption':"g",
'longOption':"gid",
@ -2044,11 +2181,6 @@ class cl_ldap(shareLdap):
'helpChapter':_("Service Samba options"),
'help':_("force use GROUP for the new user Unix service account")
},
{'progAccess':(3,),
'shortOption':"w",
'helpChapter':_("Service Samba options"),
'help':_("set the trust account (Windows Workstation)")
},
{'progAccess':(3,),
'shortOption':"g",
'longOption':"gid",
@ -2070,6 +2202,12 @@ class cl_ldap(shareLdap):
'helpChapter':_("Service Unix options"),
'help':_("specify an alternative skel directory")
},
{'progAccess':(3,),
'shortOption':"m",
'longOption':"create-home",
'helpChapter':_("Service Unix options"),
'help':_("create home directory for the new user account")
},
{'progAccess':(3,),
'shortOption':"p",
'longOption':"password",
@ -2092,18 +2230,10 @@ class cl_ldap(shareLdap):
'helpChapter':_("Service Samba options"),
'help':_("use password for the user account (from standart input)")
},
#{'progAccess':(3,),
#'shortOption':"p",
#'longOption':"password",
#'optVal':"PASSWORD",
#'helpChapter':_("Common options"),
#'help':_("use encrypted password for the new user account")
#},
{'progAccess':(3,),
'shortOption':"m",
'longOption':"create-home",
'helpChapter':_("Service Unix options"),
'help':_("create home directory for the new user account")
'shortOption':"w",
'helpChapter':_("Service Samba options"),
'help':_("set the trust account (Windows Workstation)")
},
{'progAccess':(3,),
'shortOption':"s",
@ -2122,8 +2252,8 @@ class cl_ldap(shareLdap):
{'progAccess':(4,),
'shortOption':"r",
'longOption':"remove",
'helpChapter':_("Common options"),
'help':_("remove home directory (LDAP service only)")
'helpChapter':_("Service Unix options"),
'help':_("remove home directory")
},
{'progAccess':(5,),
'shortOption':"c",
@ -2132,20 +2262,20 @@ class cl_ldap(shareLdap):
'helpChapter':_("Service Unix options"),
'help':_("new value of the GECOS field")
},
#{'progAccess':(5,),
#'shortOption':"d",
#'longOption':"home",
#'optVal':"HOME_DIR",
#'helpChapter':_("Common options"),
#'help':_("new home directory for the user account")
#},
#{'progAccess':(5,),
#'shortOption':"g",
#'longOption':"gid",
#'optVal':"GROUP",
#'helpChapter':_("Common options"),
#'help':_("force use GROUP as new primary group")
#},
{'progAccess':(5,),
'shortOption':"d",
'longOption':"home",
'optVal':"HOME_DIR",
'helpChapter':_("Service Unix options"),
'help':_("new home directory for the user account")
},
{'progAccess':(5,),
'shortOption':"g",
'longOption':"gid",
'optVal':"GROUP",
'helpChapter':_("Service Unix options"),
'help':_("force use GROUP as new primary group")
},
{'progAccess':(5,),
'shortOption':"G",
'longOption':"groups",
@ -2193,16 +2323,16 @@ class cl_ldap(shareLdap):
'help':_("new login shell for the user account")
},
{'progAccess':(5,),
'shortOption':"d",
'longOption':"userDisable",
'shortOption':"L",
'longOption':"lock",
'helpChapter':_("Common options"),
'help':_("disable user")
'help':_("lock the user account")
},
{'progAccess':(5,),
'shortOption':"e",
'longOption':"userEnable",
'shortOption':"U",
'longOption':"unlock",
'helpChapter':_("Common options"),
'help':_("enable user")
'help':_("unlock the user account")
},
#{'progAccess':(5,),
#'shortOption':"u",
@ -2229,13 +2359,13 @@ class cl_ldap(shareLdap):
{'progAccess':(7,),
'shortOption':"l",
'longOption':"lock",
'helpChapter':_("Service Unix options"),
'helpChapter':_("Common options"),
'help':_("lock the named account")
},
{'progAccess':(7,),
'shortOption':"u",
'longOption':"unlock",
'helpChapter':_("Service Unix options"),
'helpChapter':_("Common options"),
'help':_("unlock the named account")
},
#{'progAccess':(0,1,2,4,5,6),
@ -2393,15 +2523,15 @@ class cl_ldap(shareLdap):
{
'progAccess':(1,),
'helpChapter':_("Examples"),
'help':pcs( " cl-groupdel guest samba", self.column_width,
"# " + _("delete group guest in service samba") + "."
'help':pcs( " cl-groupdel guest unix", self.column_width,
"# " + _("delete group guest in service Unix") + "."
, self.consolewidth-self.column_width)
},
{
'progAccess':(2,),
'helpChapter':_("Examples"),
'help':pcs( " cl-groupmod -m guest test ldap", self.column_width,
"# " + _("add user test to a group guest in service")+":\n# LDAP",
'help':pcs( " cl-groupmod -a guest test unix", self.column_width,
"# " + _("add user test to a group guest in service")+":\n# Unix",
self.consolewidth-self.column_width )
},
{

7
scripts/cl-usermod
Unescape View File

@ -34,15 +34,16 @@ if __name__ == "__main__":
optObj.params.has_key('user'):
flagError = True
if optObj.params['service'] == "unix":
obj = cl_ldap.servUnix()
# Добавляем LDAP пользователя
if ldapObj.modUserLdapServer(optObj.params['user'], optObj.opt):
if obj.modUserUnixServer(optObj.params['user'], optObj.opt):
flagError = False
elif optObj.params['service'] == "samba":
obj = cl_ldap.servSamba()
# Добавляем Samba пользователя
if ldapObj.modUserSambaServer(optObj.params['user'], optObj.opt):
if obj.modUserSambaServer(optObj.params['user'], optObj.opt):
flagError = False
if flagError:
sys.exit(1)
else:
sys.exit(0)

Write Preview
Loading…
Cancel
Save