3 # This script is an interactive way to manipulate fields in the LDAP directory.
4 # When run it connects to the directory using the current users ID and fetches
5 # all the attributes for that user. It then formats them nicely and allows
6 # the user to change them.
7 # It is possible to authenticate as someone differnt than you are viewing/changing
8 # this allows administrative functions and also allows users to view
9 # restricted information about others, such as phone numbers and addresses.
11 # Usage: userinfo -a <user> -u <user> -c <user> -r
12 # -a Set the authentication user (the user whose password you are
14 # -u Set the user to display
15 # -c Set both -a and -u, use this if your login uid is not in the
17 # -r Enable 'root' functions, do this if your uid has access to
18 # restricted variables.
20 import string, time, os, pwd, sys, getopt, ldap, crypt, whrandom, readline, copy;
21 from userdir_ldap import *;
24 AttrInfo = {"cn": ["First Name", 101],
25 "mn": ["Middle Name", 102],
26 "sn": ["Surname", 103],
27 "c": ["Country Code",1],
29 "ou": ["Membership",0],
30 "facsimileTelephoneNumber": ["Fax Phone Number",3],
31 "telephoneNumber": ["Phone Number",4],
32 "postalAddress": ["Mailing Address",5],
33 "postalCode": ["Postal Code",6],
34 "uid": ["Unix User ID",0],
35 "loginShell": ["Unix Shell",7],
36 "supplementaryGid": ["Unix Groups",0],
37 "allowedHost": ["Host ACL",0],
38 "member": ["LDAP Group",0],
39 "emailForward": ["Email Forwarding",8],
40 "ircNick": ["IRC Nickname",9],
41 "onVacation": ["Vacation Message",10],
42 "labledURI": ["Home Page",11],
43 "latitude": ["Latitude",12],
44 "longitude": ["Longitude",13],
45 "icqUin": ["ICQ UIN",14],
46 "jabberJID": ["Jabber ID",15],
47 "privateSub": ["Debian-Private",16],
48 "comment": ["Comment",116],
49 "userPassword": ["Crypted Password",117],
50 "dnsZoneEntry": ["d.net Entry",118]};
52 AttrPrompt = {"cn": ["Common name or first name"],
53 "mn": ["Middle name (or initial if it ends in a dot)"],
54 "sn": ["Surname or last name"],
55 "c": ["ISO 2 letter country code, such as US, DE, etc"],
56 "l": ["City name, State/Provice (Locality)\n e.g. Dallas, Texas"],
57 "facsimileTelephoneNumber": ["Fax phone number, with area code and country code"],
58 "telephoneNumber": ["Voice phone number"],
59 "postalAddress": ["Complete mailing address including postal codes and country designations\nSeperate lines using a $ character"],
60 "postalCode": ["Postal Code or Zip Code"],
61 "loginShell": ["Login shell with full path (no check is done for validity)"],
62 "emailForward": ["EMail address to send all mail to or blank to disable"],
63 "ircNick": ["IRC nickname if you use IRC"],
64 "onVacation": ["A message if on vaction, indicating the time of departure and return"],
65 "userPassword": ["The users Crypt'd password"],
66 "comment": ["Admin Comment about the account"],
67 "supplementaryGid": ["Groups the user is in"],
68 "allowedHost": ["Grant access to certain hosts"],
69 "privateSub": ["Debian-Private mailing list subscription"],
70 "member": ["LDAP Group Member for slapd ACLs"],
71 "latitude": ["XEarth latitude in ISO 6709 format - see /usr/share/zoneinfo/zone.tab or etak.com"],
72 "longitude": ["XEarth latitude in ISO 6709 format - see /usr/share/zoneinfo/zone.tab or etak.com"],
73 "dnsZoneEntry": ["DNS Zone fragment associated this this user"],
74 "labledURI": ["Web home page"],
75 "jabberJID": ["Jabber ID"],
76 "icqUin": ["ICQ UIN Number"]};
78 # Create a map of IDs to desc,value,attr
80 for at in AttrInfo.keys():
81 if (AttrInfo[at][1] != 0):
82 OrderedIndex[AttrInfo[at][1]] = [AttrInfo[at][0], "", at];
83 OrigOrderedIndex = copy.deepcopy(OrderedIndex);
85 # Show shadow information
86 def PrintShadow(Attrs):
87 Changed = int(GetAttr(Attrs,"shadowLastChange","0"));
88 MinDays = int(GetAttr(Attrs,"shadowMin","0"));
89 MaxDays = int(GetAttr(Attrs,"shadowMax","0"));
90 WarnDays = int(GetAttr(Attrs,"shadowWarning","0"));
91 InactDays = int(GetAttr(Attrs,"shadowinactive","0"));
92 Expire = int(GetAttr(Attrs,"shadowexpire","0"));
94 print "%-24s:" % ("Password last changed"),
95 print time.strftime("%a %d/%m/%Y %Z",time.localtime(Changed*24*60*60));
97 print "%-24s:" % ("Account expires on"),
98 print time.strftime("%a %d/%m/%Y %Z",time.localtime(Expire*24*60*60));
99 if (InactDays >= 0 and MaxDays < 99999):
100 print "Account aging is active, you must change your password every", MaxDays, "days."
102 # Print out the automatic time stamp information
103 def PrintModTime(Attrs):
104 Stamp = GetAttr(Attrs,"modifyTimestamp","");
106 Time = (int(Stamp[0:4]),int(Stamp[4:6]),int(Stamp[6:8]),
107 int(Stamp[8:10]),int(Stamp[10:12]),int(Stamp[12:14]),0,0,-1);
108 print "%-24s:" % ("Record last modified on"), time.strftime("%a %d/%m/%Y %X UTC",Time),
109 print "by",ldap.explode_dn(GetAttr(Attrs,"modifiersName"),1)[0];
111 Stamp = GetAttr(Attrs,"createTimestamp","");
113 Time = (int(Stamp[0:4]),int(Stamp[4:6]),int(Stamp[6:8]),
114 int(Stamp[8:10]),int(Stamp[10:12]),int(Stamp[12:14]),0,0,-1);
115 print "%-24s:" % ("Record created on"), time.strftime("%a %d/%m/%Y %X UTC",Time);
117 # Print the PGP key for a user
118 def PrintKeys(Attrs):
119 if Attrs[1].has_key("keyFingerPrint") == 0:
122 for x in Attrs[1]["keyFingerPrint"]:
124 print "%-24s:" % ("PGP/GPG Key Fingerprints"),
127 print "%-24s:" % (""),
128 print FormatPGPKey(x);
130 # Print the SSH RSA Authentication keys for a user
131 def PrintSshRSAKeys(Attrs):
132 if Attrs[1].has_key("sshRSAAuthKey") == 0:
135 for x in Attrs[1]["sshRSAAuthKey"]:
137 print "%-24s:" % ("SSH Auth Keys"),
140 print "%-24s:" % (""),
142 print FormatSSHAuth(x);
144 # Display all of the attributes in a numbered list
145 def ShowAttrs(Attrs):
147 print EmailAddress(Attrs);
151 PrintSshRSAKeys(Attrs);
153 for at in Attrs[1].keys():
154 if AttrInfo.has_key(at):
155 if AttrInfo[at][1] == 0:
156 print " %-18s:" % (AttrInfo[at][0]),
157 for x in Attrs[1][at]:
160 print "(id=%s, gid=%s)" % (GetAttr(Attrs,"uidNumber","-1"),GetAttr(Attrs,"gidNumber","-1")),
163 OrderedIndex[AttrInfo[at][1]][1] = Attrs[1][at];
165 Keys = OrderedIndex.keys();
168 if at < 100 or RootMode != 0:
169 print " %3u) %-18s: " % (at,OrderedIndex[at][0]),
170 for x in OrderedIndex[at][1]:
171 print "'%s'" % (re.sub('[\n\r]','?',x)),
174 # Change a single attribute
175 def ChangeAttr(Attrs,Attr):
176 if (Attr == "supplementaryGid" or Attr == "allowedHost" or \
177 Attr == "member" or Attr == "dnsZoneEntry"):
178 return MultiChangeAttr(Attrs,Attr);
180 print "Old value: '%s'" % (GetAttr(Attrs,Attr,""));
181 print "Press enter to leave unchanged and a single space to set to empty";
182 NewValue = raw_input("New? ");
186 print "Leaving unchanged.";
189 # Single space designates delete, trap the delete error
190 if (NewValue == " "):
193 l.modify_s(UserDn,[(ldap.MOD_DELETE,Attr,None)]);
194 except ldap.NO_SUCH_ATTRIBUTE:
198 Attrs[1][Attr] = [""];
203 l.modify_s(UserDn,[(ldap.MOD_REPLACE,Attr,NewValue)]);
204 Attrs[1][Attr] = [NewValue];
207 def MultiChangeAttr(Attrs,Attr):
208 # Make sure that we have an entry
209 if not Attrs[1].has_key(Attr):
212 Attrs[1][Attr].sort();
213 print "Old values: ",Attrs[1][Attr];
215 Mode = string.upper(raw_input("[D]elete or [A]dd? "));
216 if (Mode != 'D' and Mode != 'A'):
219 NewValue = raw_input("Value? ");
222 print "Leaving unchanged.";
229 l.modify_s(UserDn,[(ldap.MOD_DELETE,Attr,NewValue)]);
230 except ldap.NO_SUCH_ATTRIBUTE:
234 Attrs[1][Attr].remove(NewValue);
239 l.modify_s(UserDn,[(ldap.MOD_ADD,Attr,NewValue)]);
240 Attrs[1][Attr].append(NewValue);
243 # Main program starts here
244 User = pwd.getpwuid(os.getuid())[0];
247 (options, arguments) = getopt.getopt(sys.argv[1:], "nu:c:a:r")
248 for (switch, val) in options:
251 elif (switch == '-a'):
253 elif (switch == '-c'):
256 elif (switch == '-r'):
258 elif (switch == '-n'):
262 print "Accessing LDAP entry for '" + User + "'",
263 if (BindUser != User):
265 print "as '" + BindUser + "'";
269 Password = getpass(BindUser + "'s password: ");
271 # Connect to the ldap server
272 l = ldap.open(LDAPServer);
273 UserDn = "uid=" + BindUser + "," + BaseDn;
275 l.simple_bind_s(UserDn,Password);
277 l.simple_bind_s("","");
278 UserDn = "uid=" + User + "," + BaseDn;
280 # Enable changing of supplementary gid's
282 # Items that root can edit
283 list = ["supplementaryGid","allowedHost","member"];
286 AttrInfo[x][1] = 200 + Count;
287 OrderedIndex[AttrInfo[x][1]] = [AttrInfo[x][0], "",x];
288 OrigOrderedIndex[AttrInfo[x][1]] = [AttrInfo[x][0], "",x];
291 # Query the server for all of the attributes
292 Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid=" + User);
294 print "User",User,"was not found.";
297 # repeatedly show the account configuration
304 print " a) Arbitary Change";
305 print " R) Randomize Password";
306 print " p) Change Password";
307 print " u) Switch Users";
311 Response = raw_input("Change? ");
312 if (Response == "x" or Response == "X" or Response == "q" or
313 Response == "quit" or Response == "exit"):
316 # Change who we are looking at
317 if (Response == 'u' or Response == 'U'):
318 NewUser = raw_input("User? ");
321 NAttrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid=" + NewUser);
323 print "User",NewUser,"was not found.";
327 UserDn = "uid=" + User + "," + BaseDn;
328 OrderedIndex = copy.deepcopy(OrigOrderedIndex);
331 # Handle changing the password
332 if (Response == "p"):
333 print "Please enter a new password. Your password can be of unlimited length,";
334 print "contain spaces and other special characters. No checking is done on the";
335 print "strength of the passwords so pick good ones please!";
337 Pass1 = getpass(User + "'s new password: ");
338 Pass2 = getpass(User + "'s new password again: ");
340 print "Passwords did not match";
341 raw_input("Press a key");
345 Pass = HashPass(Pass1);
347 print "%s: %s\n" %(sys.exc_type,sys.exc_value);
348 raw_input("Press a key");
351 print "Setting password..";
352 Pass = "{crypt}" + Pass;
353 l.modify_s(UserDn,[(ldap.MOD_REPLACE,"userPassword",Pass)]);
354 Attrs[0][1]["userPassword"] = [Pass];
358 if Response == 'R' and RootMode == 1:
359 Resp = raw_input("Randomize Users Password? [no/yes]");
363 # Generate a random password
365 Password = GenPass();
366 Pass = HashPass(Password);
368 print "%s: %s\n" %(sys.exc_type,sys.exc_value);
369 raw_input("Press a key");
372 print "Setting password..";
373 Pass = "{crypt}" + Pass;
374 l.modify_s(UserDn,[(ldap.MOD_REPLACE,"userPassword",Pass)]);
375 Attrs[0][1]["userPassword"] = [Pass];
378 # Handle changing an arbitary value
379 if (Response == "a"):
380 Attr = raw_input("Attr? ");
381 ChangeAttr(Attrs[0],Attr);
384 # Convert the integer response
387 if (not OrderedIndex.has_key(ID) or (ID > 100 and RootMode == 0)):
393 # Print the what to do prompt
394 print "Changing LDAP entry '%s' (%s)" % (OrderedIndex[ID][0],OrderedIndex[ID][2]);
395 print AttrPrompt[OrderedIndex[ID][2]][0];
396 ChangeAttr(Attrs[0],OrderedIndex[ID][2]);