From: Peter Palfrader Date: Sun, 25 May 2008 23:29:09 +0000 (+0200) Subject: ud-info: Add "retire developer" option that sets accountStatus properly to X-Git-Tag: userdir-ldap-0.3.33~4 X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fuserdir-ldap.git;a=commitdiff_plain;h=709b285b102b84463f1aaeba72556f1a2b8f1533 ud-info: Add "retire developer" option that sets accountStatus properly to either retiring, retired, memorial or active. Active is for all currently active developers, memorial is for those who have passed away and whose accounts will never be reused, retiring is a developer who is retired but still receives mail at their @debian.org address. After a few months they should move on to retired, with their mail also disabled. accountStatus is just a freeform text, but these 4 options should be the only ones that exist. --- diff --git a/debian/changelog b/debian/changelog index ad55c0e..74fff58 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,8 +2,17 @@ userdir-ldap (0.3.3X) Xnstable; urgency=low * add "security simple_bind=128" to sample slapd.conf. * ud-info: Only show "Lock account" in root mode. - - -- Peter Palfrader Sun, 25 May 2008 22:35:34 +0200 + * ud-info: Add "retire developer" option that sets + accountStatus properly to either retiring, retired, memorial + or active. Active is for all currently active developers, + memorial is for those who have passed away and whose accounts + will never be reused, retiring is a developer who is retired + but still receives mail at their @debian.org address. After + a few months they should move on to retired, with their mail + also disabled. accountStatus is just a freeform text, but + these 4 options should be the only ones that exist. + + -- Peter Palfrader Mon, 26 May 2008 01:27:11 +0200 userdir-ldap (0.3.32) unstable; urgency=low diff --git a/ud-info b/ud-info index a04f992..795584b 100755 --- a/ud-info +++ b/ud-info @@ -75,10 +75,13 @@ AttrInfo = {"cn": ["First Name", 101], "mailRBL": ["Mail RBLs",22], "mailRHSBL": ["Mail RHSBLs",23], "mailWhitelist": ["Mail Whitelist",24], + "VoIP": ["VoIP Address",25], "comment": ["Comment",116], "userPassword": ["Crypted Password",117], "dnsZoneEntry": ["d.net Entry",118], - "VoIP": ["VoIP Address",119]}; + "accountStatus": ["DD status",301], + "accountComment": ["DD status comment",302], + }; AttrPrompt = {"cn": ["Common name or first name"], "mn": ["Middle name (or initial if it ends in a dot)"], @@ -281,6 +284,20 @@ def MultiChangeAttr(Attrs,Attr): Attrs[1][Attr].append(NewValue); print; +def Lock(UserDn, Attrs, DisableMail=True): + shadowLast = str(int(time.time()/24/60/60)); + recs = [ + (ldap.MOD_REPLACE,"userPassword","{crypt}*LK*"), + (ldap.MOD_REPLACE,"shadowLastChange",shadowLast), + (ldap.MOD_REPLACE,"shadowExpire","1")]; + if DisableMail: + recs.append( (ldap.MOD_REPLACE,"mailDisableMessage","account locked") ) + Attrs[0][1]["shadowLastChange"] = [shadowLast]; + l.modify_s(UserDn,recs); + Attrs[0][1]["userPassword"] = ["{crypt}*LK*"]; + Attrs[0][1]["mailDisableMessage"] = ["account locked"]; + Attrs[0][1]["shadowExpire"] = ["1"]; + # Main program starts here User = pwd.getpwuid(os.getuid())[0]; BindUser = User; @@ -348,8 +365,9 @@ while(1): if RootMode == 1: print " a) Arbitary Change"; + print " r) retire developer"; print " R) Randomize Password"; - print " L) Lock account"; + print " L) Lock account and disable mail"; print " p) Change Password"; print " u) Switch Users"; print " x) Exit"; @@ -404,6 +422,53 @@ while(1): Attrs[0][1]["shadowLastChange"] = [shadowLast]; continue; + # retire DD + if Response == 'r' and RootMode == 1: + if Attrs[0][1].has_key("accountStatus") == 0: + curStatus = "" + else: + curStatus = Attrs[0][1]["accountStatus"][0] + if Attrs[0][1].has_key("accountComment") == 0: + curComment = "" + else: + curComment = Attrs[0][1]["accountComment"][0] + print "\n\nCurrent status is %s"%curStatus + print "Current comment is %s\n"%curComment + + print "Set account to:" + print " 1) retiring (lock account but do not disable mail):" + print " 2) retired (lock account and disable mail):" + print " 3) memorial (lock account and disable mail):" + print " 4) active (do not change other settings, you will have to deal with them)" + print " q) return (no change)" + Resp = raw_input("Action? ") + if Resp == "1" or Resp == "2": + Lock(UserDn, Attrs, Resp == "2") + if Resp == "1": + newstatus = "retiring %s"%(time.strftime("%Y-%m-%d")) + else: + newstatus = "retired %s"%(time.strftime("%Y-%m-%d")) + l.modify_s(UserDn,[(ldap.MOD_REPLACE,"accountStatus",newstatus)]) + Attrs[0][1]["accountStatus"] = [newstatus] + + Resp2 = raw_input("Optional RT ticket number? ") + if (Resp2 != ''): + comment = "RT#%s"%(Resp2) + l.modify_s(UserDn,[(ldap.MOD_REPLACE,"accountComment",comment)]) + Attrs[0][1]["accountComment"] = [comment] + elif Resp == "3": + Lock(UserDn, Attrs) + newstatus = "memorial" + l.modify_s(UserDn,[(ldap.MOD_REPLACE,"accountStatus",newstatus)]) + Attrs[0][1]["accountStatus"] = [newstatus] + elif Resp == "4": + newstatus = "active" + l.modify_s(UserDn,[(ldap.MOD_REPLACE,"accountStatus",newstatus)]) + Attrs[0][1]["accountStatus"] = [newstatus] + + continue; + + # Randomize password if Response == 'R' and RootMode == 1: Resp = raw_input("Randomize Users Password? [no/yes]"); @@ -435,16 +500,7 @@ while(1): continue; print "Setting password.."; - shadowLast = str(int(time.time()/24/60/60)); - l.modify_s(UserDn,[ - (ldap.MOD_REPLACE,"userPassword","{crypt}*LK*"), - (ldap.MOD_REPLACE,"mailDisableMessage","account locked"), - (ldap.MOD_REPLACE,"shadowLastChange",shadowLast), - (ldap.MOD_REPLACE,"shadowExpire","1")]); - Attrs[0][1]["userPassword"] = ["{crypt}*LK*"]; - Attrs[0][1]["mailDisableMessage"] = ["account locked"]; - Attrs[0][1]["shadowLastChange"] = [shadowLast]; - Attrs[0][1]["shadowExpire"] = ["1"]; + Lock(UserDn, Attrs) continue; # Handle changing an arbitary value