# -r Enable 'root' functions, do this if your uid has access to
# restricted variables.
+# Copyright (c) 1999-2001 Jason Gunthorpe <jgg@debian.org>
+# Copyright (c) 2004-2005,7 Joey Schulze <joey@infodrom.org>
+# Copyright (c) 2001-2006 Ryan Murray <rmurray@debian.org>
+# Copyright (c) 2008 Peter Palfrader <peter@palfrader.org>
+# Copyright (c) 2008 Martin Zobel-Helas <zobel@debian.org>
+# Copyright (c) 2008 Marc 'HE' Brockschmidt <he@debian.org>
+# Copyright (c) 2008 Mark Hymers <mhy@debian.org>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
import time, os, pwd, sys, getopt, ldap, crypt, readline, copy;
from userdir_ldap import *;
MinDays = int(GetAttr(Attrs,"shadowMin","0"));
MaxDays = int(GetAttr(Attrs,"shadowMax","0"));
WarnDays = int(GetAttr(Attrs,"shadowWarning","0"));
- InactDays = int(GetAttr(Attrs,"shadowinactive","0"));
- Expire = int(GetAttr(Attrs,"shadowexpire","0"));
+ InactDays = int(GetAttr(Attrs,"shadowInactive","0"));
+ Expire = int(GetAttr(Attrs,"shadowExpire","0"));
print "%-24s:" % ("Password last changed"),
print time.strftime("%a %d/%m/%Y %Z",time.localtime(Changed*24*60*60));
Password = getpass(BindUser + "'s password: ");
# Connect to the ldap server
-l = ldap.open(LDAPServer);
+l = connectLDAP()
UserDn = "uid=" + BindUser + "," + BaseDn;
if (BindUser != ""):
l.simple_bind_s(UserDn,Password);
print " a) Arbitary Change";
print " R) Randomize Password";
print " p) Change Password";
+ print " L) Lock account";
print " u) Switch Users";
print " x) Exit";
print "Setting password..";
Pass = "{crypt}" + Pass;
- l.modify_s(UserDn,[(ldap.MOD_REPLACE,"userPassword",Pass)]);
+ shadowLast = str(int(time.time()/24/60/60));
+ l.modify_s(UserDn,[(ldap.MOD_REPLACE,"userPassword",Pass),
+ (ldap.MOD_REPLACE,"shadowLastChange",shadowLast)]);
Attrs[0][1]["userPassword"] = [Pass];
+ Attrs[0][1]["shadowLastChange"] = [shadowLast];
continue;
# Randomize password
print "Setting password..";
Pass = "{crypt}" + Pass;
- l.modify_s(UserDn,[(ldap.MOD_REPLACE,"userPassword",Pass)]);
+ shadowLast = str(int(time.time()/24/60/60));
+ l.modify_s(UserDn,[(ldap.MOD_REPLACE,"userPassword",Pass),
+ (ldap.MOD_REPLACE,"shadowLastChange",shadowLast)]);
Attrs[0][1]["userPassword"] = [Pass];
+ Attrs[0][1]["shadowLastChange"] = [shadowLast];
+ continue;
+
+ # Lock account
+ if Response == 'L' and RootMode == 1:
+ Resp = raw_input("Really lock account? [no/yes]");
+ if Resp != "yes":
+ continue;
+
+ print "Setting password..";
+ shadowLast = str(int(time.time()/24/60/60));
+ l.modify_s(UserDn,[
+ (ldap.MOD_REPLACE,"userPassword","{crypt}*LK*"),
+ (ldap.MOD_REPLACE,"mailDisableMessage","account locked"),
+ (ldap.MOD_REPLACE,"shadowLastChange",shadowLast),
+ (ldap.MOD_REPLACE,"shadowExpire","1")]);
+ Attrs[0][1]["userPassword"] = ["{crypt}*LK*"];
+ Attrs[0][1]["mailDisableMessage"] = ["account locked"];
+ Attrs[0][1]["shadowLastChange"] = [shadowLast];
+ Attrs[0][1]["shadowExpire"] = ["1"];
continue;
# Handle changing an arbitary value