X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fuserdir-ldap.git;a=blobdiff_plain;f=ud-lock;h=801ad718b2bc8528f755c3595a36bc1363a1ac2f;hp=6d56ddb5d097fe509d9dcf077dae62d70b6286d2;hb=6ee830ff583d3db2afa0044a378b1737853e54b0;hpb=d2388a189d5c4c80c8272e511fd8c95d4dc2fbc8 diff --git a/ud-lock b/ud-lock index 6d56ddb..801ad71 100755 --- a/ud-lock +++ b/ud-lock @@ -27,6 +27,7 @@ import os import pwd import time from userdir_ldap import *; +import UDLdap dry_run = False @@ -46,74 +47,22 @@ def connect(user): sys.exit(1) return l - -class Account: - def __init__(self, user): - searchresult = lc.search_s(BaseDn,ldap.SCOPE_SUBTREE, 'uid=%s'%(user)) - if len(searchresult) < 1: - sys.stderr.write("No such user: %s\n"%(user)) - return - elif len(searchresult) > 1: - sys.stderr.write("More than one hit when getting %s\n"%(user)) - return - - self.dn, self.attributes = searchresult[0] - - - def has_mail(self): - if 'mailDisableMessage' in self.attributes: - return False - return True - - # not locked locked, just reset to something invalid like {crypt}*SSLRESET* is still active - def pw_active(self): - if self.attributes['userPassword'][0] == '{crypt}*LK*': - return False - return True - - # not expired - def shadow_active(self): - if 'shadowExpire' in self.attributes and \ - int(self.attributes['shadowExpire'][0]) < (time.time() / 3600 / 24): - return False - return True - - def numkeys(self): - if 'keyFingerPrint' in self.attributes: - return len(self.attributes['keyFingerPrint']) - return 0 - - def account_status(self): - if 'accountStatus' in self.attributes: - return self.attributes['accountStatus'][0] - return 'active' - - - def verbose_status(self): - status = [] - status.append('mail: %s' %(['disabled', 'active'][ self.has_mail() ])) - status.append('pw: %s' %(['locked', 'active'][ self.pw_active() ])) - status.append('shadow: %s'%(['expired', 'active'][ self.shadow_active() ])) - status.append('keys: %d' %( self.numkeys() )) - status.append('status: %s'%( self.account_status() )) - - return '(%s)'%(', '.join(status)) - - def get_dn(self): - return self.dn - -def do_one_user(lc, user, ticket): - u = Account(user) - if not u.account_status() == 'active': +def do_one_user(lc, user, ticket, status): + try: + u = UDLdap.Account.from_search(lc, BaseDn, user) + except IndexError, e: + sys.stderr.write("Cannot instantiate account from LDAP: %s"%(str(e))) + return + if not u['accountStatus'] == 'active': sys.stderr.write('%s: Account is not active, skipping. (details: %s)\n'%(user, u.verbose_status())) return - print '%s: Setting to retiring:'%(user) + print '%s: Setting to %s:'%(user, status) set = {} set['userPassword'] = '{crypt}*LK*' set['shadowLastChange'] = str(int(time.time()/24/60/60)) set['shadowExpire'] = '1' - set['accountStatus'] = 'retiring %s'%(time.strftime('%Y-%m-%d')) + set['accountStatus'] = '%s %s'%(status, time.strftime('%Y-%m-%d')) if not ticket is None: set['accountComment'] = "RT#%s"%(ticket) @@ -144,6 +93,9 @@ parser.add_option("-n", "--no-do", action="store_true", help="Do not actually change anything.") parser.add_option("-r", "--rt-ticket", dest="ticket", metavar="ticket#", help="Ticket number for accountComment.") +parser.add_option("-s", "--status", dest="status", metavar="status", + default='retiring', + help="Set status to (default: retiring).") (options, args) = parser.parse_args() @@ -152,7 +104,7 @@ if options.no_do: lc = connect(options.admin) for user in args: - do_one_user(lc, user, options.ticket) + do_one_user(lc, user, options.ticket, options.status) # vim:set et: