import pwd
import time
from userdir_ldap import *;
+import UDLdap
dry_run = False
sys.exit(1)
return l
-
-class Account:
- def __init__(self, user):
- searchresult = lc.search_s(BaseDn,ldap.SCOPE_SUBTREE, 'uid=%s'%(user))
- if len(searchresult) < 1:
- sys.stderr.write("No such user: %s\n"%(user))
- return
- elif len(searchresult) > 1:
- sys.stderr.write("More than one hit when getting %s\n"%(user))
- return
-
- self.dn, self.attributes = searchresult[0]
-
-
- def has_mail(self):
- if 'mailDisableMessage' in self.attributes:
- return False
- return True
-
- # not locked locked, just reset to something invalid like {crypt}*SSLRESET* is still active
- def pw_active(self):
- if self.attributes['userPassword'][0] == '{crypt}*LK*':
- return False
- return True
-
- # not expired
- def shadow_active(self):
- if 'shadowExpire' in self.attributes and \
- int(self.attributes['shadowExpire'][0]) < (time.time() / 3600 / 24):
- return False
- return True
-
- def numkeys(self):
- if 'keyFingerPrint' in self.attributes:
- return len(self.attributes['keyFingerPrint'])
- return 0
-
- def account_status(self):
- if 'accountStatus' in self.attributes:
- return self.attributes['accountStatus'][0]
- return 'active'
-
-
- def verbose_status(self):
- status = []
- status.append('mail: %s' %(['disabled', 'active'][ self.has_mail() ]))
- status.append('pw: %s' %(['locked', 'active'][ self.pw_active() ]))
- status.append('shadow: %s'%(['expired', 'active'][ self.shadow_active() ]))
- status.append('keys: %d' %( self.numkeys() ))
- status.append('status: %s'%( self.account_status() ))
-
- return '(%s)'%(', '.join(status))
-
- def get_dn(self):
- return self.dn
-
-def do_one_user(lc, user, ticket):
- u = Account(user)
- if not u.account_status() == 'active':
+def do_one_user(lc, user, ticket, status):
+ try:
+ u = UDLdap.Account.from_search(lc, BaseDn, user)
+ except IndexError, e:
+ sys.stderr.write("Cannot instantiate account from LDAP: %s"%(str(e)))
+ return
+ if not u['accountStatus'] == 'active':
sys.stderr.write('%s: Account is not active, skipping. (details: %s)\n'%(user, u.verbose_status()))
return
- print '%s: Setting to retiring:'%(user)
+ print '%s: Setting to %s:'%(user, status)
set = {}
set['userPassword'] = '{crypt}*LK*'
set['shadowLastChange'] = str(int(time.time()/24/60/60))
set['shadowExpire'] = '1'
- set['accountStatus'] = 'retiring %s'%(time.strftime('%Y-%m-%d'))
+ set['accountStatus'] = '%s %s'%(status, time.strftime('%Y-%m-%d'))
if not ticket is None:
set['accountComment'] = "RT#%s"%(ticket)
help="Do not actually change anything.")
parser.add_option("-r", "--rt-ticket", dest="ticket", metavar="ticket#",
help="Ticket number for accountComment.")
+parser.add_option("-s", "--status", dest="status", metavar="status",
+ default='retiring',
+ help="Set status to <status> (default: retiring).")
(options, args) = parser.parse_args()
lc = connect(options.admin)
for user in args:
- do_one_user(lc, user, options.ticket)
+ do_one_user(lc, user, options.ticket, options.status)
# vim:set et: