def enable_krb5_for(self, username, realm):
dn, user = self._get_user(username)
if not dn:
return False
principal_name = '%s@%s' % (
delete_diacritics(username).encode('utf-8'), realm.upper())
modlist = [(ldap.MOD_ADD, 'objectclass', 'krb5KDCEntry'),
(ldap.MOD_ADD, 'krb5KeyVersionNumber', '0'),
(ldap.MOD_ADD, 'krb5PrincipalName', principal_name)]
self.l.modify_s(dn, modlist)
return True
def addMachine(self, uid, comment, addMachineScript = False):
"""
Add a PosixAccount for a machine account.
if addMachineScript is False, we run smbpasswd to create the needed LDAP attributes.
@param uid: name of new machine (no space)
@type uid: str
@param comment: comment of machine (full string accept)
@type comment: str
"""
r = AF().log(PLUGIN_NAME, AA.SAMBA_ADD_MACHINE, [(uid, AT.MACHINE)], comment)
origuid = uid
uid = uid + '$'
uidNumber = self.freeUID();
if not comment:
comment = "Machine account"
comment_UTF8 = str(delete_diacritics((comment.encode("UTF-8"))))
gidNumber = self.getDomainComputersGroup()["gidNumber"][0]
# creating machine skel
user_info = {
'objectclass':('account', 'posixAccount', 'top'),
'uid':uid,
'cn':uid,
'uidNumber':str(uidNumber),
'gidNumber': str(gidNumber),
'gecos':str(comment_UTF8),
'homeDirectory':'/dev/null',
'loginShell':'/bin/false'
}
ident = 'uid=' + uid + ',' + self.baseComputersDN
attributes=[ (k,v) for k,v in user_info.items() ]
self.l.add_s(ident,attributes)
if not addMachineScript:
cmd = 'smbpasswd -a -m ' + uid
shProcess = generateBackgroundProcess(cmd)
ret = shProcess.getExitCode()
if ret:
self.delMachine(origuid) # Delete machine account we just created
raise Exception("Failed to add computer entry\n" + shProcess.stdall)
r.commit()
return 0
def addMachine(self, uid, comment, addMachineScript = False):
"""
Add a PosixAccount for a machine account.
if addMachineScript is False, we run smbpasswd to create the needed LDAP attributes.
@param uid: name of new machine (no space)
@type uid: str
@param comment: comment of machine (full string accept)
@type comment: str
"""
r = AF().log(PLUGIN_NAME, AA.SAMBA_ADD_MACHINE, [(uid, AT.MACHINE)], comment)
origuid = uid
uid = uid + '$'
uidNumber = self.freeUID();
if not comment:
comment = "Machine account"
comment_UTF8 = str(delete_diacritics((comment.encode("UTF-8"))))
gidNumber = self.getDomainComputersGroup()["gidNumber"][0]
# creating machine skel
user_info = {
'objectclass':('account', 'posixAccount', 'top'),
'uid':uid,
'cn':uid,
'uidNumber':str(uidNumber),
'gidNumber': str(gidNumber),
'gecos':str(comment_UTF8),
'homeDirectory':'/dev/null',
'loginShell':'/bin/false'
}
ident = 'uid=' + uid + ',' + self.baseComputersDN
attributes=[ (k,v) for k,v in user_info.items() ]
self.l.add_s(ident,attributes)
if not addMachineScript:
cmd = 'smbpasswd -a -m ' + uid
shProcess = generateBackgroundProcess(cmd)
ret = shProcess.getExitCode()
if ret:
self.delMachine(origuid) # Delete machine account we just created
raise Exception("Failed to add computer entry\n" + shProcess.stdall)
r.commit()
return 0
def computeMailGroupAlias(self, group):
"""
Find a mail alias that fits for a group.
Non ASCII characters are replaced, and spaces are replaced with hyphens
@param group: group name
@type group: str
@return: return the computed mail alias, or an empty string if it already exists
@rtype: str
"""
group = group.lower()
group = delete_diacritics(group)
group = group.replace(" ", "-")
if self.searchMailGroupAlias(group):
# This alias already exists
return ""
else:
return group
def computeMailGroupAlias(self, group):
"""
Find a mail alias that fits for a group.
Non ASCII characters are replaced, and spaces are replaced with hyphens
@param group: group name
@type group: str
@return: return the computed mail alias, or an empty string if it already exists
@rtype: str
"""
group = group.lower()
group = delete_diacritics(group)
group = group.replace(" ", "-")
if self.searchMailGroupAlias(group):
# This alias already exists
return ""
else:
return group
