# -r Enable 'root' functions, do this if your uid has access to
# restricted variables.
-import string, time, os, pwd, sys, getopt, ldap, crypt, whrandom, readline, copy;
+# Copyright (c) 1999-2001 Jason Gunthorpe <jgg@debian.org>
+# Copyright (c) 2004-2005,7 Joey Schulze <joey@infodrom.org>
+# Copyright (c) 2001-2006 Ryan Murray <rmurray@debian.org>
+# Copyright (c) 2008 Peter Palfrader <peter@palfrader.org>
+# Copyright (c) 2008 Martin Zobel-Helas <zobel@debian.org>
+# Copyright (c) 2008 Marc 'HE' Brockschmidt <he@debian.org>
+# Copyright (c) 2008 Mark Hymers <mhy@debian.org>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+import time, os, pwd, sys, getopt, ldap, crypt, readline, copy;
from userdir_ldap import *;
RootMode = 0;
"icqUin": ["ICQ UIN",14],
"jabberJID": ["Jabber ID",15],
"privateSub": ["Debian-Private",16],
+ "gender": ["Gender",17],
+ "birthDate": ["Date of Birth",18],
+ "mailDisableMessage": ["Mail Disabled",19],
+ "mailGreylisting": ["Mail Greylisting",20],
+ "mailCallout": ["Mail Callouts",21],
+ "mailRBL": ["Mail RBLs",22],
+ "mailRHSBL": ["Mail RHSBLs",23],
+ "mailWhitelist": ["Mail Whitelist",24],
+ "VoIP": ["VoIP Address",25],
"comment": ["Comment",116],
"userPassword": ["Crypted Password",117],
- "dnsZoneEntry": ["d.net Entry",118]};
+ "dnsZoneEntry": ["d.net Entry",118],
+ "accountStatus": ["DD status",301],
+ "accountComment": ["DD status comment",302],
+ };
AttrPrompt = {"cn": ["Common name or first name"],
"mn": ["Middle name (or initial if it ends in a dot)"],
"supplementaryGid": ["Groups the user is in"],
"allowedHost": ["Grant access to certain hosts"],
"privateSub": ["Debian-Private mailing list subscription"],
+ "gender": ["ISO5218 Gender code (1=male,2=female,9=unspecified)"],
+ "birthDate": ["Date of Birth (YYYYMMDD)"],
+ "mailDisableMessage": ["Error message to return via SMTP"],
+ "mailGreylisting": ["SMTP Greylisting (TRUE/FALSE)"],
+ "mailCallout": ["SMTP Callouts (TRUE/FALSE)"],
+ "mailRBL": ["SMTP time RBL lists"],
+ "mailRHSBL": ["SMTP time RHSBL lists"],
+ "mailWhitelist": ["SMTP time whitelist from other checks"],
"member": ["LDAP Group Member for slapd ACLs"],
"latitude": ["XEarth latitude in ISO 6709 format - see /usr/share/zoneinfo/zone.tab or etak.com"],
"longitude": ["XEarth latitude in ISO 6709 format - see /usr/share/zoneinfo/zone.tab or etak.com"],
"dnsZoneEntry": ["DNS Zone fragment associated this this user"],
"labeledURI": ["Web home page"],
"jabberJID": ["Jabber ID"],
- "icqUin": ["ICQ UIN Number"]};
+ "icqUin": ["ICQ UIN Number"],
+ "VoIP": ["VoIP Address"]};
# Create a map of IDs to desc,value,attr
OrderedIndex = {};
MinDays = int(GetAttr(Attrs,"shadowMin","0"));
MaxDays = int(GetAttr(Attrs,"shadowMax","0"));
WarnDays = int(GetAttr(Attrs,"shadowWarning","0"));
- InactDays = int(GetAttr(Attrs,"shadowinactive","0"));
- Expire = int(GetAttr(Attrs,"shadowexpire","0"));
+ InactDays = int(GetAttr(Attrs,"shadowInactive","0"));
+ Expire = int(GetAttr(Attrs,"shadowExpire","0"));
print "%-24s:" % ("Password last changed"),
print time.strftime("%a %d/%m/%Y %Z",time.localtime(Changed*24*60*60));
# Change a single attribute
def ChangeAttr(Attrs,Attr):
if (Attr == "supplementaryGid" or Attr == "allowedHost" or \
- Attr == "member" or Attr == "dnsZoneEntry"):
+ Attr == "member" or Attr == "dnsZoneEntry" or Attr == "mailWhitelist" or \
+ Attr == "mailRBL" or Attr == "mailRHSBL"):
return MultiChangeAttr(Attrs,Attr);
print "Old value: '%s'" % (GetAttr(Attrs,Attr,""));
Attrs[1][Attr].sort();
print "Old values: ",Attrs[1][Attr];
- Mode = string.upper(raw_input("[D]elete or [A]dd? "));
+ Mode = raw_input("[D]elete or [A]dd? ").upper()
if (Mode != 'D' and Mode != 'A'):
return;
Attrs[1][Attr].append(NewValue);
print;
+def Lock(UserDn, Attrs, DisableMail=True):
+ shadowLast = str(int(time.time()/24/60/60));
+ recs = [
+ (ldap.MOD_REPLACE,"userPassword","{crypt}*LK*"),
+ (ldap.MOD_REPLACE,"shadowLastChange",shadowLast),
+ (ldap.MOD_REPLACE,"shadowExpire","1")];
+ if DisableMail:
+ recs.append( (ldap.MOD_REPLACE,"mailDisableMessage","account locked") )
+ Attrs[0][1]["shadowLastChange"] = [shadowLast];
+ l.modify_s(UserDn,recs);
+ Attrs[0][1]["userPassword"] = ["{crypt}*LK*"];
+ Attrs[0][1]["mailDisableMessage"] = ["account locked"];
+ Attrs[0][1]["shadowExpire"] = ["1"];
+
# Main program starts here
User = pwd.getpwuid(os.getuid())[0];
BindUser = User;
# Process options
-(options, arguments) = getopt.getopt(sys.argv[1:], "nu:c:a:r")
+try:
+ (options, arguments) = getopt.getopt(sys.argv[1:], "nu:c:a:r")
+except getopt.GetoptError, data:
+ print data
+ sys.exit(1)
+
for (switch, val) in options:
if (switch == '-u'):
User = val;
Password = getpass(BindUser + "'s password: ");
# Connect to the ldap server
-l = ldap.open(LDAPServer);
+l = connectLDAP()
UserDn = "uid=" + BindUser + "," + BaseDn;
if (BindUser != ""):
l.simple_bind_s(UserDn,Password);
if RootMode == 1:
print " a) Arbitary Change";
+ print " r) retire developer";
print " R) Randomize Password";
+ print " L) Lock account and disable mail";
print " p) Change Password";
print " u) Switch Users";
print " x) Exit";
print "Setting password..";
Pass = "{crypt}" + Pass;
- l.modify_s(UserDn,[(ldap.MOD_REPLACE,"userPassword",Pass)]);
+ shadowLast = str(int(time.time()/24/60/60));
+ l.modify_s(UserDn,[(ldap.MOD_REPLACE,"userPassword",Pass),
+ (ldap.MOD_REPLACE,"shadowLastChange",shadowLast)]);
Attrs[0][1]["userPassword"] = [Pass];
+ Attrs[0][1]["shadowLastChange"] = [shadowLast];
continue;
+ # retire DD
+ if Response == 'r' and RootMode == 1:
+ if Attrs[0][1].has_key("accountStatus") == 0:
+ curStatus = "<not set>"
+ else:
+ curStatus = Attrs[0][1]["accountStatus"][0]
+ if Attrs[0][1].has_key("accountComment") == 0:
+ curComment = "<not set>"
+ else:
+ curComment = Attrs[0][1]["accountComment"][0]
+ print "\n\nCurrent status is %s"%curStatus
+ print "Current comment is %s\n"%curComment
+
+ print "Set account to:"
+ print " 1) retiring (lock account but do not disable mail):"
+ print " 2) retired (lock account and disable mail):"
+ print " 3) memorial (lock account and disable mail):"
+ print " 4) active (do not change other settings, you will have to deal with them)"
+ print " q) return (no change)"
+ Resp = raw_input("Action? ")
+ if Resp == "1" or Resp == "2":
+ Lock(UserDn, Attrs, Resp == "2")
+ if Resp == "1":
+ newstatus = "retiring %s"%(time.strftime("%Y-%m-%d"))
+ else:
+ newstatus = "retired %s"%(time.strftime("%Y-%m-%d"))
+ l.modify_s(UserDn,[(ldap.MOD_REPLACE,"accountStatus",newstatus)])
+ Attrs[0][1]["accountStatus"] = [newstatus]
+
+ Resp2 = raw_input("Optional RT ticket number? ")
+ if (Resp2 != ''):
+ comment = "RT#%s"%(Resp2)
+ l.modify_s(UserDn,[(ldap.MOD_REPLACE,"accountComment",comment)])
+ Attrs[0][1]["accountComment"] = [comment]
+ elif Resp == "3":
+ Lock(UserDn, Attrs)
+ newstatus = "memorial"
+ l.modify_s(UserDn,[(ldap.MOD_REPLACE,"accountStatus",newstatus)])
+ Attrs[0][1]["accountStatus"] = [newstatus]
+ elif Resp == "4":
+ newstatus = "active"
+ l.modify_s(UserDn,[(ldap.MOD_REPLACE,"accountStatus",newstatus)])
+ Attrs[0][1]["accountStatus"] = [newstatus]
+
+ continue;
+
+
# Randomize password
if Response == 'R' and RootMode == 1:
Resp = raw_input("Randomize Users Password? [no/yes]");
print "Setting password..";
Pass = "{crypt}" + Pass;
- l.modify_s(UserDn,[(ldap.MOD_REPLACE,"userPassword",Pass)]);
+ shadowLast = str(int(time.time()/24/60/60));
+ l.modify_s(UserDn,[(ldap.MOD_REPLACE,"userPassword",Pass),
+ (ldap.MOD_REPLACE,"shadowLastChange",shadowLast)]);
Attrs[0][1]["userPassword"] = [Pass];
+ Attrs[0][1]["shadowLastChange"] = [shadowLast];
+ continue;
+
+ # Lock account
+ if Response == 'L' and RootMode == 1:
+ Resp = raw_input("Really lock account? [no/yes]");
+ if Resp != "yes":
+ continue;
+
+ print "Setting password..";
+ Lock(UserDn, Attrs)
continue;
# Handle changing an arbitary value
projects / mirror / userdir-ldap.git / blobdiff