"icqUin": "^[0-9]*$",
"onVacation": ".*",
"labeledURI": ".*",
+ "birthDate": "^([0-9]{4})([01][0-9])([0-3][0-9])$",
"mailDisableMessage": ".*",
"mailGreylisting": "^(TRUE|FALSE)$",
"mailCallout": "^(TRUE|FALSE)$",
if re.match(ArbChanges[attrName],G[1]) == None:
raise Error, "Item does not match the required format"+ArbChanges[attrName];
+# if attrName == 'birthDate':
+# (re.match("^([0-9]{4})([01][0-9])([0-3][0-9])$",G[1]) {
+# $bd_yr = $1; $bd_mo = $2; $bd_day = $3;
+# if ($bd_mo > 0 and $bd_mo <= 12 and $bd_day > 0) {
+# if ($bd_mo == 2) {
+# if ($bd_day == 29 and ($bd_yr == 0 or ($bd_yr % 4 == 0 && ($bd_yr % 100 != 0 || $bd_yr % 400 == 0)))) {
+# $bd_ok = 1;
+# } elsif ($bd_day <= 28) {
+# $bd_ok = 1;
+# }
+# } elsif ($bd_mo == 4 or $bd_mo == 6 or $bd_mo == 9 or $bd_mo == 11) {
+# if ($bd_day <= 30) {
+# $bd_ok = 1;
+# }
+# } else {
+# if ($bd_day <= 31) {
+# $bd_ok = 1;
+# }
+# }
+# }
+# } elsif (not defined($query->param('birthdate')) or $query->param('birthdate') =~ /^\s*$/) {
+# $bd_ok = 1;
+# }
Attrs.append((ldap.MOD_REPLACE,attrName,G[1]));
return "Changed entry %s to %s"%(attrName,G[1]);
# Check for collisions
global l;
- Rec = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"dnsZoneEntry="+G[0]+" *",["uid"]);
+ # [JT 20070409 - search for both tab and space suffixed hostnames
+ # since we accept either. It'd probably be better to parse the
+ # incoming string in order to construct what we feed LDAP rather
+ # than just passing it through as is.]
+ filter = "(|(dnsZoneEntry=%s *)(dnsZoneEntry=%s *))" % (G[0], G[0])
+ Rec = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,filter,["uid"]);
for x in Rec:
if GetAttr(x,"uid") != GetAttr(DnRecord,"uid"):
return "DNS entry is already owned by " + GetAttr(x,"uid")
# Handle an RBL list (mailRBL, mailRHSBL, mailWhitelist)
def DoRBL(Str,Attrs):
- Match = re.compile('^mail(rbl|rhsbl|whitelist) ([\w.]+)$').match(string.lower(Str))
+ Match = re.compile('^mail(rbl|rhsbl|whitelist) ([-a-z0-9.]+)$').match(string.lower(Str))
if Match == None:
return None
# Modify the record
l.simple_bind_s("uid="+AccessPass[0]+","+BaseDn,AccessPass[1]);
oldAttrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid="+GetAttr(DnRecord,"uid"));
- if (string.find(GetAttr(oldAttrs[0],"userPassword"),"*LK*") != -1):
+ if ((string.find(GetAttr(oldAttrs[0],"userPassword"),"*LK*") != -1)
+ or GetAttr(oldAttrs[0],"userPassword").startswith("!")):
raise Error, "This account is locked";
Dn = "uid=" + GetAttr(DnRecord,"uid") + "," + BaseDn;
l.modify_s(Dn,Attrs);
# Check for a locked account
Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid="+GetAttr(DnRecord,"uid"));
- if (string.find(GetAttr(Attrs[0],"userPassword"),"*LK*") != -1):
+ if (string.find(GetAttr(Attrs[0],"userPassword"),"*LK*") != -1) \
+ or GetAttr(Attrs[0],"userPassword").startswith("!"):
raise Error, "This account is locked";
# Modify the password
projects / mirror / userdir-ldap.git / blobdiff