# If the account is locked, do not write it.
# This is a partial stop-gap. The ssh also needs to change this
# to ignore ~/.ssh/authorized* files.
- if (string.find(GetAttr(x,"userPassword"),"*LK*") != -1):
+ if (string.find(GetAttr(x,"userPassword"),"*LK*") != -1) \
+ or GetAttr(x,"userPassword").startswith("!"):
continue;
if x[1].has_key("uidNumber") == 0 or \
# If the account is locked, do not write it
if (string.find(GetAttr(x,"userPassword"),"*LK*") != -1) \
- or (string.find(GetAttr(x,"userPassword"),"*PK*") != -1):
+ or GetAttr(x,"userPassword").startswith("!"):
continue;
# If the account has no PGP key, do not write it
# If the account is locked, disable incoming mail
if (string.find(GetAttr(x,"userPassword"),"*LK*") != -1):
- Reason = "user account locked"
+ if GetAttr(x,"uid") == "luther":
+ continue
+ else:
+ Reason = "user account locked"
else:
if x[1].has_key("mailDisableMessage"):
Reason = GetAttr(x,"mailDisableMessage")
+++ /dev/null
-#!/usr/bin/env python
-# -*- mode: python -*-
-
-# Copyright (c) 2001 Jason Gunthorpe <jgg@debian.org>
-# Copyright (c) 2004 Joey Schulze <joey@debian.org>
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-
-import string, re, time, ldap, getopt, sys, pwd, os, posix;
-from userdir_ldap import *;
-
-# Main program starts here
-User = pwd.getpwuid(posix.getuid())[0];
-BindUser = User;
-(options, arguments) = getopt.getopt(sys.argv[1:], "au:")
-for (switch, val) in options:
- if (switch == '-u'):
- User = val;
- if (switch == '-a'):
- Anon = 1;
-
-# Connect to the ldap server
-l = passwdAccessLDAP(LDAPServer, BaseDn, User)
-
-Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"userpassword=*",\
- ["uid","cn","mn","sn","userpassword"]);
-
-Attrs.sort();
-for x in Attrs:
- if x[1].has_key("userpassword") == 0: continue;
- Passwd = x[1]["userpassword"][0];
- if string.find(Passwd,"*LK*") != -1 or string.find(Passwd,"}*") != -1:
- continue;
- if len(Passwd) > 21: continue;
-
- print EmailAddress(x);
-
- UserDn = "uid=" + x[1]["uid"][0] + "," + BaseDn;
- Password = GenPass();
- Pass = "{crypt}" + HashPass(Password);
- l.modify_s(UserDn,[(ldap.MOD_REPLACE,"userpassword",Pass)]);
"icqUin": "^[0-9]*$",
"onVacation": ".*",
"labeledURI": ".*",
+ "birthDate": "^([0-9]{4})([01][0-9])([0-3][0-9])$",
"mailDisableMessage": ".*",
"mailGreylisting": "^(TRUE|FALSE)$",
"mailCallout": "^(TRUE|FALSE)$",
if re.match(ArbChanges[attrName],G[1]) == None:
raise Error, "Item does not match the required format"+ArbChanges[attrName];
+# if attrName == 'birthDate':
+# (re.match("^([0-9]{4})([01][0-9])([0-3][0-9])$",G[1]) {
+# $bd_yr = $1; $bd_mo = $2; $bd_day = $3;
+# if ($bd_mo > 0 and $bd_mo <= 12 and $bd_day > 0) {
+# if ($bd_mo == 2) {
+# if ($bd_day == 29 and ($bd_yr == 0 or ($bd_yr % 4 == 0 && ($bd_yr % 100 != 0 || $bd_yr % 400 == 0)))) {
+# $bd_ok = 1;
+# } elsif ($bd_day <= 28) {
+# $bd_ok = 1;
+# }
+# } elsif ($bd_mo == 4 or $bd_mo == 6 or $bd_mo == 9 or $bd_mo == 11) {
+# if ($bd_day <= 30) {
+# $bd_ok = 1;
+# }
+# } else {
+# if ($bd_day <= 31) {
+# $bd_ok = 1;
+# }
+# }
+# }
+# } elsif (not defined($query->param('birthdate')) or $query->param('birthdate') =~ /^\s*$/) {
+# $bd_ok = 1;
+# }
Attrs.append((ldap.MOD_REPLACE,attrName,G[1]));
return "Changed entry %s to %s"%(attrName,G[1]);
# Modify the record
l.simple_bind_s("uid="+AccessPass[0]+","+BaseDn,AccessPass[1]);
oldAttrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid="+GetAttr(DnRecord,"uid"));
- if (string.find(GetAttr(oldAttrs[0],"userPassword"),"*LK*") != -1):
+ if (string.find(GetAttr(oldAttrs[0],"userPassword"),"*LK*") != -1) \
+ or GetAttr(x,"userPassword").startswith("!"):
raise Error, "This account is locked";
Dn = "uid=" + GetAttr(DnRecord,"uid") + "," + BaseDn;
l.modify_s(Dn,Attrs);
# Check for a locked account
Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid="+GetAttr(DnRecord,"uid"));
- if (string.find(GetAttr(Attrs[0],"userPassword"),"*LK*") != -1):
+ if (string.find(GetAttr(Attrs[0],"userPassword"),"*LK*") != -1) \
+ or GetAttr(x,"userPassword").startswith("!"):
raise Error, "This account is locked";
# Modify the password