3 # This script is an interactive way to manipulate fields in the LDAP directory.
4 # When run it connects to the directory using the current users ID and fetches
5 # all the attributes for that user. It then formats them nicely and allows
6 # the user to change them.
7 # It is possible to authenticate as someone differnt than you are viewing/changing
8 # this allows administrative functions and also allows users to view
9 # restricted information about others, such as phone numbers and addresses.
11 # Usage: userinfo -a <user> -u <user> -c <user> -r
12 # -a Set the authentication user (the user whose password you are
14 # -u Set the user to display
15 # -c Set both -a and -u, use this if your login uid is not in the
17 # -r Enable 'root' functions, do this if your uid has access to
18 # restricted variables.
20 # http://www.geocode.com/eagle.html-ssi
22 import string, time, posix, pwd, sys, getopt, ldap, crypt, whrandom, readline, copy;
23 from userdir_ldap import *;
26 AttrInfo = {"cn": ["First Name", 101],
27 "mn": ["Middle Name", 102],
28 "sn": ["Surname", 103],
29 "c": ["Country Code",1],
31 "ou": ["Membership",0],
32 "facsimiletelephonenumber": ["Fax Phone Number",3],
33 "telephonenumber": ["Phone Number",4],
34 "postaladdress": ["Mailing Address",5],
35 "postalcode": ["Postal Code",6],
36 "uid": ["Unix User ID",0],
37 "loginshell": ["Unix Shell",7],
38 "supplementarygid": ["Unix Groups",0],
39 "allowedhosts": ["Host ACL",0],
40 "member": ["LDAP Group",0],
41 "emailforward": ["Email Forwarding",8],
42 "ircnick": ["IRC Nickname",9],
43 "onvacation": ["Vacation Message",10],
44 "labeledurl": ["Home Page",11],
45 "latitude": ["Latitude",12],
46 "longitude": ["Longitude",13],
47 "comment": ["Comment",114],
48 "userpassword": ["Crypted Password",115],
49 "dnszoneentry": ["d.net Entry",116]};
51 AttrPrompt = {"cn": ["Common name or first name"],
52 "mn": ["Middle name (or initial if it ends in a dot)"],
53 "sn": ["Surname or last name"],
54 "c": ["ISO 2 letter country code, such as US, DE, etc"],
55 "l": ["City name, State/Provice (Locality)\n e.g. Dallas, Texas"],
56 "facsimiletelephonenumber": ["Fax phone number, with area code and country code"],
57 "telephonenumber": ["Voice phone number"],
58 "postaladdress": ["Complete mailing address including postal codes and country designations\nSeperate lines using a $ character"],
59 "postalcode": ["Postal Code or Zip Code"],
60 "loginshell": ["Login shell with full path (no check is done for validity)"],
61 "emailforward": ["EMail address to send all mail to or blank to disable"],
62 "ircnick": ["IRC nickname if you use IRC"],
63 "onvacation": ["A message if on vaction, indicating the time of departure and return"],
64 "userpassword": ["The users Crypt'd password"],
65 "comment": ["Admin Comment about the account"],
66 "supplementarygid": ["Groups the user is in"],
67 "allowedhosts": ["Grant access to certain hosts"],
68 "member": ["LDAP Group Member for slapd ACLs"],
69 "latitude": ["XEarth latitude in ISO 6709 format - see /usr/share/zoneinfo/zone.tab or etak.com"],
70 "longitude": ["XEarth latitude in ISO 6709 format - see /usr/share/zoneinfo/zone.tab or etak.com"],
71 "dnszoneentry": ["DNS Zone fragment associated this this user"],
72 "labeledurl": ["Web home page"]};
74 # Create a map of IDs to desc,value,attr
76 for at in AttrInfo.keys():
77 if (AttrInfo[at][1] != 0):
78 OrderedIndex[AttrInfo[at][1]] = [AttrInfo[at][0], "", at];
79 OrigOrderedIndex = copy.deepcopy(OrderedIndex);
81 # Show shadow information
82 def PrintShadow(Attrs):
83 Changed = int(GetAttr(Attrs,"shadowlastchange","0"));
84 MinDays = int(GetAttr(Attrs,"shadowmin","0"));
85 MaxDays = int(GetAttr(Attrs,"shadowmax","0"));
86 WarnDays = int(GetAttr(Attrs,"shadowwarning","0"));
87 InactDays = int(GetAttr(Attrs,"shadowinactive","0"));
88 Expire = int(GetAttr(Attrs,"shadowexpire","0"));
90 print "%-24s:" % ("Password last changed"),
91 print time.strftime("%a %d/%m/%Y %Z",time.localtime(Changed*24*60*60));
93 print "%-24s:" % ("Account expires on"),
94 print time.strftime("%a %d/%m/%Y %Z",time.localtime(Expire*24*60*60));
95 if (InactDays >= 0 and MaxDays < 99999):
96 print "Account aging is active, you must change your password every", MaxDays, "days."
98 # Print out the automatic time stamp information
99 def PrintModTime(Attrs):
100 Stamp = GetAttr(Attrs,"modifytimestamp","");
102 Time = (int(Stamp[0:4]),int(Stamp[4:6]),int(Stamp[6:8]),
103 int(Stamp[8:10]),int(Stamp[10:12]),int(Stamp[12:14]),0,0,-1);
104 print "%-24s:" % ("Record last modified on"), time.strftime("%a %d/%m/%Y %X UTC",Time),
105 print "by",ldap.explode_dn(GetAttr(Attrs,"modifiersname"),1)[0];
107 Stamp = GetAttr(Attrs,"createtimestamp","");
109 Time = (int(Stamp[0:4]),int(Stamp[4:6]),int(Stamp[6:8]),
110 int(Stamp[8:10]),int(Stamp[10:12]),int(Stamp[12:14]),0,0,-1);
111 print "%-24s:" % ("Record created on"), time.strftime("%a %d/%m/%Y %X UTC",Time);
113 # Print the PGP key for a user
114 def PrintKeys(Attrs):
115 if Attrs[1].has_key("keyfingerprint") == 0:
118 for x in Attrs[1]["keyfingerprint"]:
120 print "%-24s:" % ("PGP/GPG Key Fingerprints"),
123 print "%-24s:" % (""),
137 print x[I]+x[I+1]+x[I+2]+x[I+3],
145 # Print the SSH RSA Authentication keys for a user
146 def PrintSshRSAKeys(Attrs):
147 if Attrs[1].has_key("sshrsaauthkey") == 0:
150 for x in Attrs[1]["sshrsaauthkey"]:
152 print "%-24s:" % ("SSH RSA Auth Keys"),
155 print "%-24s:" % (""),
156 Split = string.split(x," ");
160 print Split[0],Split[1],Split[2][:8]+".."+Split[2][-8:],string.join(Split[3:]);
162 # Display all of the attributes in a numbered list
163 def ShowAttrs(Attrs):
165 print EmailAddress(Attrs);
169 PrintSshRSAKeys(Attrs);
171 for at in Attrs[1].keys():
172 if AttrInfo.has_key(at):
173 if AttrInfo[at][1] == 0:
174 print " %-18s:" % (AttrInfo[at][0]),
175 for x in Attrs[1][at]:
178 print "(id=%s, gid=%s)" % (GetAttr(Attrs,"uidnumber","-1"),GetAttr(Attrs,"gidnumber","-1")),
181 OrderedIndex[AttrInfo[at][1]][1] = Attrs[1][at];
183 Keys = OrderedIndex.keys();
186 if at < 100 or RootMode != 0:
187 print " %3u) %-18s: " % (at,OrderedIndex[at][0]),
188 for x in OrderedIndex[at][1]:
189 print "'%s'" % (re.sub('[\n\r]','?',x)),
192 # Change a single attribute
193 def ChangeAttr(Attrs,Attr):
194 if (Attr == "supplementarygid" or Attr == "allowedhosts" or \
195 Attr == "member" or Attr == "dnszoneentry"):
196 return MultiChangeAttr(Attrs,Attr);
198 print "Old value: '%s'" % (GetAttr(Attrs,Attr,""));
199 print "Press enter to leave unchanged and a single space to set to empty";
200 NewValue = raw_input("New? ");
204 print "Leaving unchanged.";
207 # Single space designates delete, trap the delete error
208 if (NewValue == " "):
211 l.modify_s(UserDn,[(ldap.MOD_DELETE,Attr,None)]);
212 except ldap.NO_SUCH_ATTRIBUTE:
216 Attrs[1][Attr] = [""];
221 l.modify_s(UserDn,[(ldap.MOD_REPLACE,Attr,NewValue)]);
222 Attrs[1][Attr] = [NewValue];
225 def MultiChangeAttr(Attrs,Attr):
226 # Make sure that we have an entry
227 if not Attrs[1].has_key(Attr):
230 Attrs[1][Attr].sort();
231 print "Old values: ",Attrs[1][Attr];
233 Mode = string.upper(raw_input("[D]elete or [A]dd? "));
234 if (Mode != 'D' and Mode != 'A'):
237 NewValue = raw_input("Value? ");
240 print "Leaving unchanged.";
247 l.modify_s(UserDn,[(ldap.MOD_DELETE,Attr,NewValue)]);
248 except ldap.NO_SUCH_ATTRIBUTE:
252 Attrs[1][Attr].remove(NewValue);
257 l.modify_s(UserDn,[(ldap.MOD_ADD,Attr,NewValue)]);
258 Attrs[1][Attr].append(NewValue);
261 # Main program starts here
262 User = pwd.getpwuid(posix.getuid())[0];
265 (options, arguments) = getopt.getopt(sys.argv[1:], "nu:c:a:r")
266 for (switch, val) in options:
269 elif (switch == '-a'):
271 elif (switch == '-c'):
274 elif (switch == '-r'):
276 elif (switch == '-n'):
280 print "Accessing LDAP entry for '" + User + "'",
281 if (BindUser != User):
283 print "as '" + BindUser + "'";
287 Password = getpass(BindUser + "'s password: ");
289 # Connect to the ldap server
290 l = ldap.open(LDAPServer);
291 UserDn = "uid=" + BindUser + "," + BaseDn;
293 l.simple_bind_s(UserDn,Password);
295 l.simple_bind_s("","");
296 UserDn = "uid=" + User + "," + BaseDn;
298 # Enable changing of supplementary gid's
300 # Items that root can edit
301 list = ["supplementarygid","allowedhosts","member"];
304 AttrInfo[x][1] = 200 + Count;
305 OrderedIndex[AttrInfo[x][1]] = [AttrInfo[x][0], "",x];
306 OrigOrderedIndex[AttrInfo[x][1]] = [AttrInfo[x][0], "",x];
309 # Query the server for all of the attributes
310 Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid=" + User);
312 print "User",User,"was not found.";
315 # repeatedly show the account configuration
322 print " a) Arbitary Change";
323 print " p) Change Password";
324 print " u) Switch Users";
328 Response = raw_input("Change? ");
329 if (Response == "x" or Response == "X" or Response == "q" or
330 Response == "quit" or Response == "exit"):
333 # Change who we are looking at
334 if (Response == 'u' or Response == 'U'):
335 NewUser = raw_input("User? ");
338 NAttrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid=" + NewUser);
340 print "User",NewUser,"was not found.";
344 UserDn = "uid=" + User + "," + BaseDn;
345 OrderedIndex = copy.deepcopy(OrigOrderedIndex);
348 # Handle changing the password
349 if (Response == "p"):
350 print "Please enter a new password. Your password can be of unlimited length,";
351 print "contain spaces and other special characters. No checking is done on the";
352 print "strength of the passwords so pick good ones please!";
354 Pass1 = getpass(User + "'s new password: ");
355 Pass2 = getpass(User + "'s new password again: ");
357 print "Passwords did not match";
358 raw_input("Press a key");
361 # Hash it telling glibc to use the MD5 algorithm - if you dont have
362 # glibc then just change Salt = "$1$" to Salt = "";
363 SaltVals = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/.";
365 for x in range(0,10):
366 Salt = Salt + SaltVals[whrandom.randint(0,len(SaltVals)-1)];
367 Pass = crypt.crypt(Pass1,Salt);
369 print "Caution! MD5 Password hashing failed, not changing password!";
370 raw_input("Press a key");
373 print "Setting password..";
374 Pass = "{crypt}" + Pass;
375 l.modify_s(UserDn,[(ldap.MOD_REPLACE,"userpassword",Pass)]);
378 # Handle changing an arbitary value
379 if (Response == "a"):
380 Attr = raw_input("Attr? ");
381 ChangeAttr(Attrs[0],Attr);
384 # Convert the integer response
387 if (not OrderedIndex.has_key(ID) or (ID > 100 and RootMode == 0)):
393 # Print the what to do prompt
394 print "Changing LDAP entry '%s' (%s)" % (OrderedIndex[ID][0],OrderedIndex[ID][2]);
395 print AttrPrompt[OrderedIndex[ID][2]][0];
396 ChangeAttr(Attrs[0],OrderedIndex[ID][2]);