except: pass;
posix.link(From+File,To+File);
+def IsRetired(DnRecord):
+ """
+ Looks for accountStatus in the LDAP record and tries to
+ match it against one of the known retired statuses
+ """
+
+ status = GetAttr(DnRecord,"accountStatus", None)
+ if status is None:
+ return False
+
+ if status.find("inactive") != -1:
+ return True
+
+ if status.find("memorial") != -1:
+ return True
+
+ if status.find("retiring") != -1:
+ line = status.split()
+ # We'll give them a few extra days over what we said
+ age = 6 * 31 * 24 * 60 * 60
+ if (time.time() - time.mktime(time.strptime(line[1], "%Y-%m-%d")) > (age):
+ return True
+
+ return False
+
# See if this user is in the group list
def IsInGroup(DnRecord):
if Allowed == None:
I = 0;
for x in PasswdAttrs:
+ if IsRetired(x):
+ continue
+
if x[1].has_key("uidNumber") == 0 or IsInGroup(x) == 0:
continue;
I = 0;
for x in PasswdAttrs:
+ if IsRetired(x):
+ continue
+
if x[1].has_key("uidNumber") == 0 or IsInGroup(x) == 0:
continue;
raise "No Users";
for x in PasswdAttrs:
+ if IsRetired(x):
+ continue
+
Pass = '*'
if x[1].has_key("uidNumber") == 0 or IsInGroup(x) == 0:
continue;
safe_makedirs(os.path.join(GlobalDir, 'userkeys'))
for x in PasswdAttrs:
+ if IsRetired(x):
+ continue
+
# If the account is locked, do not write it.
# This is a partial stop-gap. The ssh also needs to change this
# to ignore ~/.ssh/authorized* files.
# Write out the email address for each user
for x in PasswdAttrs:
+ if IsRetired(x):
+ continue
+
if x[1].has_key("emailForward") == 0 or IsInGroup(x) == 0:
continue;
# Write out the email address for each user
for x in PasswdAttrs:
+ if IsRetired(x):
+ continue
+
if x[1].has_key("emailForward") == 0:
continue;
# Write out the position for each user
for x in PasswdAttrs:
+ if IsRetired(x):
+ continue
+
if x[1].has_key("latitude") == 0 or x[1].has_key("longitude") == 0:
continue;
try:
# Write out the position for each user
for x in PasswdAttrs:
+ if IsRetired(x):
+ continue
+
if x[1].has_key("privateSub") == 0:
continue;
raise "No Users";
for x in PasswdAttrs:
+ if IsRetired(x):
+ continue
+
Reason = None
if x[1].has_key("mailDisableMessage"):
raise "No Users";
for x in PasswdAttrs:
+ if IsRetired(x):
+ continue
+
Reason = None
if x[1].has_key(Key) == 0:
raise "No Users";
for x in PasswdAttrs:
+ if IsRetired(x):
+ continue
+
Reason = None
if x[1].has_key(Key) == 0:
"allowedHost","sshRSAAuthKey","dnsZoneEntry","cn","sn",\
"keyFingerPrint","privateSub","mailDisableMessage",\
"mailGreylisting","mailCallout","mailRBL","mailRHSBL",\
- "mailWhitelist", "sudoPassword", "objectClass"]);
+ "mailWhitelist", "sudoPassword", "objectClass", "accountStatus"]);
# Fetch all the hosts
HostAttrs = l.search_s(HostBaseDn,ldap.SCOPE_ONELEVEL,"sshRSAHostKey=*",\
["hostname","sshRSAHostKey","purpose"]);