# restricted variables.
# Copyright (c) 1999-2001 Jason Gunthorpe <jgg@debian.org>
-# Copyright (c) 2004-2005,7 Joey Schulze <joey@infodrom.org>
+# Copyright (c) 2004-2005,7,8 Joey Schulze <joey@infodrom.org>
# Copyright (c) 2001-2006 Ryan Murray <rmurray@debian.org>
-# Copyright (c) 2008 Peter Palfrader <peter@palfrader.org>
+# Copyright (c) 2008
,2009 Peter Palfrader <peter@palfrader.org>
# Copyright (c) 2008 Martin Zobel-Helas <zobel@debian.org>
# Copyright (c) 2008 Marc 'HE' Brockschmidt <he@debian.org>
# Copyright (c) 2008 Mark Hymers <mhy@debian.org>
+# Copyright (c) 2008 Thomas Viehmann <tv@beamnet.de>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-import time, os, pwd, sys, getopt, ldap, crypt, readline, copy;
+import time, os, pwd, sys, getopt, ldap, crypt, readline, copy, getpass
from userdir_ldap import *;
RootMode = 0;
"icqUin": ["ICQ UIN",14],
"jabberJID": ["Jabber ID",15],
"privateSub": ["Debian-Private",16],
- "gender": ["Gender",17],
"birthDate": ["Date of Birth",18],
"mailDisableMessage": ["Mail Disabled",19],
"mailGreylisting": ["Mail Greylisting",20],
"mailRBL": ["Mail RBLs",22],
"mailRHSBL": ["Mail RHSBLs",23],
"mailWhitelist": ["Mail Whitelist",24],
- "VoIP": ["VoIP Address",25],
+ "mailContentInspectionAction": ["mail C-I Action",25],
+ "VoIP": ["VoIP Address",26],
"comment": ["Comment",116],
"userPassword": ["Crypted Password",117],
"dnsZoneEntry": ["d.net Entry",118],
"supplementaryGid": ["Groups the user is in"],
"allowedHost": ["Grant access to certain hosts"],
"privateSub": ["Debian-Private mailing list subscription"],
- "gender": ["ISO5218 Gender code (1=male,2=female,9=unspecified)"],
"birthDate": ["Date of Birth (YYYYMMDD)"],
"mailDisableMessage": ["Error message to return via SMTP"],
"mailGreylisting": ["SMTP Greylisting (TRUE/FALSE)"],
"mailRBL": ["SMTP time RBL lists"],
"mailRHSBL": ["SMTP time RHSBL lists"],
"mailWhitelist": ["SMTP time whitelist from other checks"],
+ "mailContentInspectionAction": ["Content Inspection Action (reject, blackhole, markup)"],
"member": ["LDAP Group Member for slapd ACLs"],
"latitude": ["XEarth latitude in ISO 6709 format - see /usr/share/zoneinfo/zone.tab or etak.com"],
"longitude": ["XEarth latitude in ISO 6709 format - see /usr/share/zoneinfo/zone.tab or etak.com"],
Keys.sort();
for at in Keys:
if at < 100 or RootMode != 0:
- print " %3u) %-18s: " % (at,OrderedIndex[at][0]),
+ print " %3u) %-19s: " % (at,OrderedIndex[at][0]),
for x in OrderedIndex[at][1]:
print "'%s'" % (re.sub('[\n\r]','?',x)),
print;
Attrs[1][Attr] = [""];
return;
+ if (Attr == "mailGreylisting" or Attr == "mailCallout"):
+ if (NewValue.lower() != "true" and NewValue.lower() != "false"):
+ if (NewValue == "1"): NewValue = "true"
+ else:
+ if (NewValue == "0"): NewValue = "false"
+ else:
+ print "Need a boolean value"
+ return
+ NewValue = NewValue.upper()
+
# Set a new value
print "Setting.",;
l.modify_s(UserDn,[(ldap.MOD_REPLACE,Attr,NewValue)]);
(ldap.MOD_REPLACE,"shadowExpire","1")];
if DisableMail:
recs.append( (ldap.MOD_REPLACE,"mailDisableMessage","account locked") )
- Attrs[0][1]["shadowLastChange"] = [shadowLast];
+ Attrs[0][1]["mailDisableMessage"] = ["account locked"];
l.modify_s(UserDn,recs);
Attrs[0][1]["userPassword"] = ["{crypt}*LK*"];
- Attrs[0][1]["mailDisableMessage"] = ["account locked"];
+ Attrs[0][1]["shadowLastChange"] = [shadowLast];
Attrs[0][1]["shadowExpire"] = ["1"];
# Main program starts here
print "as '" + BindUser + "'";
else:
print;
-if (BindUser != ""):
- Password = getpass(BindUser + "'s password: ");
# Connect to the ldap server
l = connectLDAP()
-UserDn = "uid=" + BindUser + "," + BaseDn;
+UserDn = "uid=" + User + "," + BaseDn
if (BindUser != ""):
- l.simple_bind_s(UserDn,Password);
+ Password = getpass.getpass(BindUser + "'s password: ")
+ BindUserDn = "uid=" + BindUser + "," + BaseDn
else:
- l.simple_bind_s("","");
-UserDn = "uid=" + User + "," + BaseDn;
+ Password = ""
+ BindUserDn = ""
+try:
+ l.simple_bind_s(BindUserDn,Password)
+except ldap.LDAPError,e:
+ print >> sys.stderr, "LDAP error:", e.args[0]['desc']
+ print >> sys.stderr, " ", e.args[0]['info']
+ sys.exit(1)
# Enable changing of supplementary gid's
if (RootMode == 1):
print "contain spaces and other special characters. No checking is done on the";
print "strength of the passwords so pick good ones please!";
- Pass1 = getpass(User + "'s new password: ");
- Pass2 = getpass(User + "'s new password again: ");
+ Pass1 = getpass.getpass(User + "'s new password: ")
+ Pass2 = getpass.getpass(User + "'s new password again: ")
if Pass1 != Pass2:
print "Passwords did not match";
raw_input("Press a key");
print "Set account to:"
print " 1) retiring (lock account but do not disable mail):"
- print " 2) retired (lock account and disable mail):"
+ print " 2) inactive (removed/emeritus/... - lock account and disable mail):"
print " 3) memorial (lock account and disable mail):"
print " 4) active (do not change other settings, you will have to deal with them)"
print " q) return (no change)"
if Resp == "1":
newstatus = "retiring %s"%(time.strftime("%Y-%m-%d"))
else:
- newstatus = "retired %s"%(time.strftime("%Y-%m-%d"))
+ newstatus = "inactive %s"%(time.strftime("%Y-%m-%d"))
l.modify_s(UserDn,[(ldap.MOD_REPLACE,"accountStatus",newstatus)])
Attrs[0][1]["accountStatus"] = [newstatus]
projects / mirror / userdir-ldap.git / blobdiff