#!/usr/bin/env python
# -*- mode: python -*-
-import string, re, time, ldap, getopt, sys, posix, pwd;
+import string, re, time, ldap, getopt, sys, os, pwd;
from userdir_ldap import *;
from userdir_gpg import *;
-AddressSplit = re.compile("(.*).*<([^@]*)@([^>]*)>");
-
# This tries to search for a free UID. There are two possible ways to do
# this, one is to fetch all the entires and pick the highest, the other
-# is to randomly guess uids until one is free. This uses the formar.
+# is to randomly guess uids until one is free. This uses the former.
# Regrettably ldap doesn't have an integer attribute comparision function
# so we can only cut the search down slightly
def GetFreeID(l):
HighestUID = 1400;
- Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uidnumber>="+str(HighestUID),["uidnumber"]);
+ Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,
+ "uidnumber>="+str(HighestUID),["uidNumber"]);
HighestUID = 0;
for I in Attrs:
- ID = int(GetAttr(I,"uidnumber","0"));
- if ID > HighestUID:
+ ID = int(GetAttr(I,"uidNumber","0"));
+ if ID > HighestUID:
HighestUID = ID;
return HighestUID + 1;
# Main starts here
+AdminUser = pwd.getpwuid(os.getuid())[0];
# Process options
-(options, arguments) = getopt.getopt(sys.argv[1:], "u:")
+ForceMail = 0;
+OldGPGKeyRings = GPGKeyRings;
+userdir_gpg.GPGKeyRings = [];
+(options, arguments) = getopt.getopt(sys.argv[1:], "u:ma")
for (switch, val) in options:
if (switch == '-u'):
- AdminUser = val
+ AdminUser = val;
+ elif (switch == '-m'):
+ ForceMail = 1;
+ elif (switch == '-a'):
+ userdir_gpg.GPGKeyRings = OldGPGKeyRings;
print "Accessing LDAP directory as '" + AdminUser + "'";
Password = getpass(AdminUser + "'s password: ");
print "A matching key was found:"
GPGPrintKeyInfo(Keys[0]);
break;
-
-# Crack up the email address from the key into a best guess
+
+# Crack up the email address from the key into a best guess
# first/middle/last name
-Match = AddressSplit.match(Keys[0][2]);
-if Match == None:
- (cn,mn,sn,email,account) = ('','','','','');
-else:
- (cn,mn,sn) = NameSplit(re.sub('["]','',Match.groups()[0]))
- email = Match.groups()[1] + '@' + Match.groups()[2];
- account = Match.groups()[1];
+Addr = SplitEmail(Keys[0][2]);
+(cn,mn,sn) = NameSplit(re.sub('["]','',Addr[0]))
+email = Addr[1] + '@' + Addr[2];
+account = Addr[1];
privsub = email;
-gidnumber = str(DefaultGID);
-uidnumber = 0;
+gidNumber = str(DefaultGID);
+uidNumber = 0;
# Decide if we should use IDEA encryption
UsePGP2 = 0;
if Res == "":
break;
+Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"keyFingerPrint=" + Keys[0][1]);
+if len(Attrs) != 0:
+ print "*** This key already belongs to",GetAttr(Attrs[0],"uid");
+ account = GetAttr(Attrs[0],"uid");
+
# Try to get a uniq account name
Update=0
while 1:
account = Res;
Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid=" + account);
if len(Attrs) == 0:
+ privsub = "%s@debian.org"%(account);
break;
Res = raw_input("That account already exists, update [no]? ");
if Res == "yes":
# Update mode, fetch the default values from the directory
Update = 1;
- privsub = GetAttr(Attrs[0],"privatesub");
- gidnumber = GetAttr(Attrs[0],"gidnumber");
- uidnumber = GetAttr(Attrs[0],"uidnumber");
- email = GetAttr(Attrs[0],"emailforward");
+ privsub = GetAttr(Attrs[0],"privateSub");
+ gidNumber = GetAttr(Attrs[0],"gidNumber");
+ uidNumber = GetAttr(Attrs[0],"uidNumber");
+ email = GetAttr(Attrs[0],"emailForward");
cn = GetAttr(Attrs[0],"cn");
sn = GetAttr(Attrs[0],"sn");
mn = GetAttr(Attrs[0],"mn");
privsub = Res;
# GID
-Res = raw_input("Group ID Number [" + gidnumber + "]? ");
+Res = raw_input("Group ID Number [" + gidNumber + "]? ");
if Res != "":
- gidnumber = Res;
+ gidNumber = Res;
# UID
-if uidnumber == 0:
- uidnumber = GetFreeID(l);
+if uidNumber == 0:
+ uidNumber = GetFreeID(l);
# Generate a random password
-if Update == 0:
+if Update == 0 or ForceMail == 1:
Password = raw_input("User's Password (Enter for random)? ");
if Password == "":
print "Randomizing and encrypting password"
Password = GenPass();
Pass = HashPass(Password);
- print "PASS: ", Password;
# Use GPG to encrypt it, pass the fingerprint to ID it
CryptedPass = GPGEncrypt("Your new password is '" + Password + "'\n",\
Pass = None;
# Now we have all the bits of information.
-if mn != "":
+if mn != "":
FullName = "%s %s %s" % (cn,mn,sn);
else:
FullName = "%s %s" % (cn,sn);
print "------------";
print "Final information collected:"
print " %s <%s@%s>:" % (FullName,account,EmailAppend);
-print " Assigned UID:",uidnumber," GID:", gidnumber;
+print " Assigned UID:",uidNumber," GID:", gidNumber;
print " Email forwarded to:",email;
print " Private Subscription:",privsub;
print " GECOS Field: \"%s,,,,\"" % (FullName);
# Initialize the substitution Map
Subst = {}
Subst["__REALNAME__"] = FullName;
-Subst["__WHOAMI__"] = pwd.getpwuid(posix.getuid())[0];
+Subst["__WHOAMI__"] = pwd.getpwuid(os.getuid())[0];
Subst["__DATE__"] = time.strftime("%a, %d %b %Y %H:%M:%S +0000",time.gmtime(time.time()));
Subst["__LOGIN__"] = account;
Subst["__PRIVATE__"] = privsub;
Subst["__EMAIL__"] = email;
Subst["__PASSWORD__"] = CryptedPass;
-Subst["__LISTPASS__"] = string.strip(open(pwd.getpwuid(posix.getuid())[5]+"/.debian-lists_passwd","r").read());
+#Subst["__LISTPASS__"] = string.strip(open(pwd.getpwuid(os.getuid())[5]+"/.debian-lists_passwd","r").read());
# Generate the LDAP request
Rec = [(ldap.MOD_REPLACE,"uid",account),
- (ldap.MOD_REPLACE,"uidNumber",str(uidnumber)),
- (ldap.MOD_REPLACE,"gidNumber",str(gidnumber)),
+ (ldap.MOD_REPLACE,"uidNumber",str(uidNumber)),
+ (ldap.MOD_REPLACE,"gidNumber",str(gidNumber)),
(ldap.MOD_REPLACE,"gecos",FullName+",,,,"),
(ldap.MOD_REPLACE,"loginShell","/bin/bash"),
- (ldap.MOD_REPLACE,"keyfingerprint",Keys[0][1]),
+ (ldap.MOD_REPLACE,"keyFingerPrint",Keys[0][1]),
(ldap.MOD_REPLACE,"cn",cn),
(ldap.MOD_REPLACE,"mn",mn),
(ldap.MOD_REPLACE,"sn",sn),
- (ldap.MOD_REPLACE,"emailforward",email),
+ (ldap.MOD_REPLACE,"emailForward",email),
(ldap.MOD_REPLACE,"shadowLastChange",str(int(time.time()/24/60/60))),
(ldap.MOD_REPLACE,"shadowMin","0"),
(ldap.MOD_REPLACE,"shadowMax","99999"),
(ldap.MOD_REPLACE,"shadowInactive",""),
(ldap.MOD_REPLACE,"shadowExpire","")];
if privsub != " ":
- Rec.append((ldap.MOD_REPLACE,"privatesub",privsub));
+ Rec.append((ldap.MOD_REPLACE,"privateSub",privsub));
if Pass != None:
Rec.append((ldap.MOD_REPLACE,"userPassword","{crypt}"+Pass));
-# Submit the modification request
+# Submit the modification request
Dn = "uid=" + account + "," + BaseDn;
print "Updating LDAP directory..",
sys.stdout.flush();
print;
# Abort email sends for an update operation
-if Update == 1:
+if Update == 1 and ForceMail == 0:
print "Account is not new, Not sending mails"
sys.exit(0);
# Do the subscription/welcome message
-if privsub != " ":
- print TemplateSubst(Subst,open("templates/list-subscribe","r").read());
+#if privsub != " ":
+# Sub = TemplateSubst(Subst,open(TemplatesDir+"/list-subscribe","r").read());
+# Child = os.popen("/usr/sbin/sendmail -t","w");
+# Child.write(Sub);
+# if Child.close() != None:
+# raise Error, "Sendmail gave a non-zero return code";
# Send the Welcome message
print "Sending Welcome Email"
-Reply = TemplateSubst(Subst,open("templates/welcome-message-"+gidnumber,"r").read());
-Child = posix.popen("/usr/sbin/sendmail -t","w");
-#Child = posix.popen("cat","w");
+Reply = TemplateSubst(Subst,open(TemplatesDir+"/welcome-message-"+gidNumber,"r").read());
+Child = os.popen("/usr/sbin/sendmail -t","w");
+#Child = os.popen("cat","w");
Child.write(Reply);
if Child.close() != None:
raise Error, "Sendmail gave a non-zero return code";
projects / mirror / userdir-ldap.git / blobdiff