Beispiel #1
0
    def setexpiry(self, user, expiry_seconds, noexpiry):
        """Set the password expiry for a user
        
        :param expiry_seconds: expiry time from now in seconds
        :param noexpiry: if set, then don't expire password
        """
        self.transaction_start()
        try:
            res = self.search(base=self.domain_dn(), scope=ldb.SCOPE_SUBTREE,
                              expression=("(samAccountName=%s)" % user),
                              attrs=["userAccountControl", "accountExpires"])
            assert len(res) == 1
            userAccountControl = int(res[0]["userAccountControl"][0])
            accountExpires     = int(res[0]["accountExpires"][0])
            if noexpiry:
                userAccountControl = userAccountControl | 0x10000
                accountExpires = 0
            else:
                userAccountControl = userAccountControl & ~0x10000
                accountExpires = glue.unix2nttime(expiry_seconds + int(time.time()))

            mod = """
dn: %s
changetype: modify
replace: userAccountControl
userAccountControl: %u
replace: accountExpires
accountExpires: %u
""" % (res[0].dn, userAccountControl, accountExpires)
            # now change the database
            self.modify_ldif(mod)
        except:
            self.transaction_cancel()
            raise
        self.transaction_commit();
Beispiel #2
0
    def setexpiry(self, filter, expiry_seconds, no_expiry_req=False):
        """Sets the account expiry for a user
        
        :param filter: LDAP filter to find the user (eg samccountname=name)
        :param expiry_seconds: expiry time from now in seconds
        :param no_expiry_req: if set, then don't expire password
        """
        self.transaction_start()
        try:
            res = self.search(base=self.domain_dn(),
                              scope=ldb.SCOPE_SUBTREE,
                              expression=filter,
                              attrs=["userAccountControl", "accountExpires"])
            assert (len(res) == 1)
            user_dn = res[0].dn

            userAccountControl = int(res[0]["userAccountControl"][0])
            accountExpires = int(res[0]["accountExpires"][0])
            if no_expiry_req:
                userAccountControl = userAccountControl | 0x10000
                accountExpires = 0
            else:
                userAccountControl = userAccountControl & ~0x10000
                accountExpires = glue.unix2nttime(expiry_seconds +
                                                  int(time.time()))

            setexp = """
dn: %s
changetype: modify
replace: userAccountControl
userAccountControl: %u
replace: accountExpires
accountExpires: %u
""" % (user_dn, userAccountControl, accountExpires)

            self.modify_ldif(setexp)
        except:
            self.transaction_cancel()
            raise
        self.transaction_commit()
Beispiel #3
0
    def setexpiry(self, filter, expiry_seconds, no_expiry_req=False):
        """Sets the account expiry for a user
        
        :param filter: LDAP filter to find the user (eg samccountname=name)
        :param expiry_seconds: expiry time from now in seconds
        :param no_expiry_req: if set, then don't expire password
        """
        self.transaction_start()
        try:
            res = self.search(base=self.domain_dn(), scope=ldb.SCOPE_SUBTREE,
                          expression=filter,
                          attrs=["userAccountControl", "accountExpires"])
            assert(len(res) == 1)
            user_dn = res[0].dn

            userAccountControl = int(res[0]["userAccountControl"][0])
            accountExpires     = int(res[0]["accountExpires"][0])
            if no_expiry_req:
                userAccountControl = userAccountControl | 0x10000
                accountExpires = 0
            else:
                userAccountControl = userAccountControl & ~0x10000
                accountExpires = glue.unix2nttime(expiry_seconds + int(time.time()))

            setexp = """
dn: %s
changetype: modify
replace: userAccountControl
userAccountControl: %u
replace: accountExpires
accountExpires: %u
""" % (user_dn, userAccountControl, accountExpires)

            self.modify_ldif(setexp)
        except:
            self.transaction_cancel()
            raise
        self.transaction_commit();