3 # This script is an interactive way to manipulate fields in the LDAP directory.
4 # When run it connects to the directory using the current users ID and fetches
5 # all the attributes for that user. It then formats them nicely and allows
6 # the user to change them.
7 # It is possible to authenticate as someone differnt than you are viewing/changing
8 # this allows administrative functions and also allows users to view
9 # restricted information about others, such as phone numbers and addresses.
11 # Usage: userinfo -a <user> -u <user> -c <user> -r
12 # -a Set the authentication user (the user whose password you are
14 # -u Set the user to display
15 # -c Set both -a and -u, use this if your login uid is not in the
17 # -r Enable 'root' functions, do this if your uid has access to
18 # restricted variables.
20 import string, time, os, pwd, sys, getopt, ldap, crypt, whrandom, readline, copy;
21 from userdir_ldap import *;
24 AttrInfo = {"cn": ["First Name", 101],
25 "mn": ["Middle Name", 102],
26 "sn": ["Surname", 103],
27 "c": ["Country Code",1],
29 "ou": ["Membership",0],
30 "facsimileTelephoneNumber": ["Fax Phone Number",3],
31 "telephoneNumber": ["Phone Number",4],
32 "postalAddress": ["Mailing Address",5],
33 "postalCode": ["Postal Code",6],
34 "uid": ["Unix User ID",0],
35 "loginShell": ["Unix Shell",7],
36 "supplementaryGid": ["Unix Groups",0],
37 "allowedHost": ["Host ACL",0],
38 "member": ["LDAP Group",0],
39 "emailForward": ["Email Forwarding",8],
40 "ircNick": ["IRC Nickname",9],
41 "onVacation": ["Vacation Message",10],
42 "labeledURI": ["Home Page",11],
43 "latitude": ["Latitude",12],
44 "longitude": ["Longitude",13],
45 "icqUin": ["ICQ UIN",14],
46 "jabberJID": ["Jabber ID",15],
47 "privateSub": ["Debian-Private",16],
48 "comment": ["Comment",116],
49 "userPassword": ["Crypted Password",117],
50 "dnsZoneEntry": ["d.net Entry",118]};
52 AttrPrompt = {"cn": ["Common name or first name"],
53 "mn": ["Middle name (or initial if it ends in a dot)"],
54 "sn": ["Surname or last name"],
55 "c": ["ISO 2 letter country code, such as US, DE, etc"],
56 "l": ["City name, State/Provice (Locality)\n e.g. Dallas, Texas"],
57 "facsimileTelephoneNumber": ["Fax phone number, with area code and country code"],
58 "telephoneNumber": ["Voice phone number"],
59 "postalAddress": ["Complete mailing address including postal codes and country designations\nSeperate lines using a $ character"],
60 "postalCode": ["Postal Code or Zip Code"],
61 "loginShell": ["Login shell with full path (no check is done for validity)"],
62 "emailForward": ["EMail address to send all mail to or blank to disable"],
63 "ircNick": ["IRC nickname if you use IRC"],
64 "onVacation": ["A message if on vaction, indicating the time of departure and return"],
65 "userPassword": ["The users Crypt'd password"],
66 "comment": ["Admin Comment about the account"],
67 "supplementaryGid": ["Groups the user is in"],
68 "allowedHost": ["Grant access to certain hosts"],
69 "privateSub": ["Debian-Private mailing list subscription"],
70 "member": ["LDAP Group Member for slapd ACLs"],
71 "latitude": ["XEarth latitude in ISO 6709 format - see /usr/share/zoneinfo/zone.tab or etak.com"],
72 "longitude": ["XEarth latitude in ISO 6709 format - see /usr/share/zoneinfo/zone.tab or etak.com"],
73 "dnsZoneEntry": ["DNS Zone fragment associated this this user"],
74 "labeledURI": ["Web home page"],
75 "jabberJID": ["Jabber ID"],
76 "icqUin": ["ICQ UIN Number"]};
78 # Create a map of IDs to desc,value,attr
80 for at in AttrInfo.keys():
81 if (AttrInfo[at][1] != 0):
82 OrderedIndex[AttrInfo[at][1]] = [AttrInfo[at][0], "", at];
83 OrigOrderedIndex = copy.deepcopy(OrderedIndex);
85 # Show shadow information
86 def PrintShadow(Attrs):
87 Changed = int(GetAttr(Attrs,"shadowLastChange","0"));
88 MinDays = int(GetAttr(Attrs,"shadowMin","0"));
89 MaxDays = int(GetAttr(Attrs,"shadowMax","0"));
90 WarnDays = int(GetAttr(Attrs,"shadowWarning","0"));
91 InactDays = int(GetAttr(Attrs,"shadowinactive","0"));
92 Expire = int(GetAttr(Attrs,"shadowexpire","0"));
94 print "%-24s:" % ("Password last changed"),
95 print time.strftime("%a %d/%m/%Y %Z",time.localtime(Changed*24*60*60));
97 print "%-24s:" % ("Account expires on"),
98 print time.strftime("%a %d/%m/%Y %Z",time.localtime(Expire*24*60*60));
99 if (InactDays >= 0 and MaxDays < 99999):
100 print "Account aging is active, you must change your password every", MaxDays, "days."
102 # Print out the automatic time stamp information
103 def PrintModTime(Attrs):
104 Stamp = GetAttr(Attrs,"modifyTimestamp","");
106 Time = (int(Stamp[0:4]),int(Stamp[4:6]),int(Stamp[6:8]),
107 int(Stamp[8:10]),int(Stamp[10:12]),int(Stamp[12:14]),0,0,-1);
108 print "%-24s:" % ("Record last modified on"), time.strftime("%a %d/%m/%Y %X UTC",Time),
109 print "by",ldap.explode_dn(GetAttr(Attrs,"modifiersName"),1)[0];
111 Stamp = GetAttr(Attrs,"createTimestamp","");
113 Time = (int(Stamp[0:4]),int(Stamp[4:6]),int(Stamp[6:8]),
114 int(Stamp[8:10]),int(Stamp[10:12]),int(Stamp[12:14]),0,0,-1);
115 print "%-24s:" % ("Record created on"), time.strftime("%a %d/%m/%Y %X UTC",Time);
117 # Print the PGP key for a user
118 def PrintKeys(Attrs):
119 if Attrs[1].has_key("keyFingerPrint") == 0:
122 for x in Attrs[1]["keyFingerPrint"]:
124 print "%-24s:" % ("PGP/GPG Key Fingerprints"),
127 print "%-24s:" % (""),
128 print FormatPGPKey(x);
130 # Print the SSH RSA Authentication keys for a user
131 def PrintSshRSAKeys(Attrs):
132 if Attrs[1].has_key("sshRSAAuthKey") == 0:
135 for x in Attrs[1]["sshRSAAuthKey"]:
137 print "%-24s:" % ("SSH Auth Keys"),
140 print "%-24s:" % (""),
142 print FormatSSHAuth(x);
144 # Display all of the attributes in a numbered list
145 def ShowAttrs(Attrs):
147 print EmailAddress(Attrs);
151 PrintSshRSAKeys(Attrs);
153 for at in Attrs[1].keys():
154 if AttrInfo.has_key(at):
155 if AttrInfo[at][1] == 0:
156 print " %-18s:" % (AttrInfo[at][0]),
157 for x in Attrs[1][at]:
160 print "(id=%s, gid=%s)" % (GetAttr(Attrs,"uidNumber","-1"),GetAttr(Attrs,"gidNumber","-1")),
163 OrderedIndex[AttrInfo[at][1]][1] = Attrs[1][at];
165 Keys = OrderedIndex.keys();
168 if at < 100 or RootMode != 0:
169 print " %3u) %-18s: " % (at,OrderedIndex[at][0]),
170 for x in OrderedIndex[at][1]:
171 print "'%s'" % (re.sub('[\n\r]','?',x)),
174 # Change a single attribute
175 def ChangeAttr(Attrs,Attr):
176 if (Attr == "supplementaryGid" or Attr == "allowedHost" or \
177 Attr == "member" or Attr == "dnsZoneEntry"):
178 return MultiChangeAttr(Attrs,Attr);
180 print "Old value: '%s'" % (GetAttr(Attrs,Attr,""));
181 print "Press enter to leave unchanged and a single space to set to empty";
182 NewValue = raw_input("New? ");
186 print "Leaving unchanged.";
189 # Single space designates delete, trap the delete error
190 if (NewValue == " "):
193 l.modify_s(UserDn,[(ldap.MOD_DELETE,Attr,None)]);
194 except ldap.NO_SUCH_ATTRIBUTE:
198 Attrs[1][Attr] = [""];
203 l.modify_s(UserDn,[(ldap.MOD_REPLACE,Attr,NewValue)]);
204 Attrs[1][Attr] = [NewValue];
207 def MultiChangeAttr(Attrs,Attr):
208 # Make sure that we have an entry
209 if not Attrs[1].has_key(Attr):
212 Attrs[1][Attr].sort();
213 print "Old values: ",Attrs[1][Attr];
215 Mode = string.upper(raw_input("[D]elete or [A]dd? "));
216 if (Mode != 'D' and Mode != 'A'):
219 NewValue = raw_input("Value? ");
222 print "Leaving unchanged.";
229 l.modify_s(UserDn,[(ldap.MOD_DELETE,Attr,NewValue)]);
230 except ldap.NO_SUCH_ATTRIBUTE:
234 Attrs[1][Attr].remove(NewValue);
239 l.modify_s(UserDn,[(ldap.MOD_ADD,Attr,NewValue)]);
240 Attrs[1][Attr].append(NewValue);
243 # Main program starts here
244 User = pwd.getpwuid(os.getuid())[0];
248 (options, arguments) = getopt.getopt(sys.argv[1:], "nu:c:a:r")
249 except getopt.GetoptError, data:
253 for (switch, val) in options:
256 elif (switch == '-a'):
258 elif (switch == '-c'):
261 elif (switch == '-r'):
263 elif (switch == '-n'):
267 print "Accessing LDAP entry for '" + User + "'",
268 if (BindUser != User):
270 print "as '" + BindUser + "'";
274 Password = getpass(BindUser + "'s password: ");
276 # Connect to the ldap server
277 l = ldap.open(LDAPServer);
278 UserDn = "uid=" + BindUser + "," + BaseDn;
280 l.simple_bind_s(UserDn,Password);
282 l.simple_bind_s("","");
283 UserDn = "uid=" + User + "," + BaseDn;
285 # Enable changing of supplementary gid's
287 # Items that root can edit
288 list = ["supplementaryGid","allowedHost","member"];
291 AttrInfo[x][1] = 200 + Count;
292 OrderedIndex[AttrInfo[x][1]] = [AttrInfo[x][0], "",x];
293 OrigOrderedIndex[AttrInfo[x][1]] = [AttrInfo[x][0], "",x];
296 # Query the server for all of the attributes
297 Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid=" + User);
299 print "User",User,"was not found.";
302 # repeatedly show the account configuration
309 print " a) Arbitary Change";
310 print " R) Randomize Password";
311 print " p) Change Password";
312 print " u) Switch Users";
316 Response = raw_input("Change? ");
317 if (Response == "x" or Response == "X" or Response == "q" or
318 Response == "quit" or Response == "exit"):
321 # Change who we are looking at
322 if (Response == 'u' or Response == 'U'):
323 NewUser = raw_input("User? ");
326 NAttrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid=" + NewUser);
328 print "User",NewUser,"was not found.";
332 UserDn = "uid=" + User + "," + BaseDn;
333 OrderedIndex = copy.deepcopy(OrigOrderedIndex);
336 # Handle changing the password
337 if (Response == "p"):
338 print "Please enter a new password. Your password can be of unlimited length,";
339 print "contain spaces and other special characters. No checking is done on the";
340 print "strength of the passwords so pick good ones please!";
342 Pass1 = getpass(User + "'s new password: ");
343 Pass2 = getpass(User + "'s new password again: ");
345 print "Passwords did not match";
346 raw_input("Press a key");
350 Pass = HashPass(Pass1);
352 print "%s: %s\n" %(sys.exc_type,sys.exc_value);
353 raw_input("Press a key");
356 print "Setting password..";
357 Pass = "{crypt}" + Pass;
358 l.modify_s(UserDn,[(ldap.MOD_REPLACE,"userPassword",Pass)]);
359 Attrs[0][1]["userPassword"] = [Pass];
363 if Response == 'R' and RootMode == 1:
364 Resp = raw_input("Randomize Users Password? [no/yes]");
368 # Generate a random password
370 Password = GenPass();
371 Pass = HashPass(Password);
373 print "%s: %s\n" %(sys.exc_type,sys.exc_value);
374 raw_input("Press a key");
377 print "Setting password..";
378 Pass = "{crypt}" + Pass;
379 l.modify_s(UserDn,[(ldap.MOD_REPLACE,"userPassword",Pass)]);
380 Attrs[0][1]["userPassword"] = [Pass];
383 # Handle changing an arbitary value
384 if (Response == "a"):
385 Attr = raw_input("Attr? ");
386 ChangeAttr(Attrs[0],Attr);
389 # Convert the integer response
392 if (not OrderedIndex.has_key(ID) or (ID > 100 and RootMode == 0)):
398 # Print the what to do prompt
399 print "Changing LDAP entry '%s' (%s)" % (OrderedIndex[ID][0],OrderedIndex[ID][2]);
400 print AttrPrompt[OrderedIndex[ID][2]][0];
401 ChangeAttr(Attrs[0],OrderedIndex[ID][2]);