def newuser(self,
username,
unixname,
password,
force_password_change_at_next_login_req=False):
"""Adds a new user
Note: This call adds also the ID mapping for winbind; therefore it works
*only* on SAMBA 4.
:param username: Name of the new user
:param unixname: Name of the unix user to map to
:param password: Password for the new user
:param force_password_change_at_next_login_req: Force password change
"""
self.transaction_start()
try:
user_dn = "CN=%s,CN=Users,%s" % (username, self.domain_dn())
# The new user record. Note the reliance on the SAMLDB module which
# fills in the default informations
self.add({
"dn": user_dn,
"sAMAccountName": username,
"objectClass": "user"
})
# Sets the password for it
self.setpassword("(dn=" + user_dn + ")", password,
force_password_change_at_next_login_req)
# Gets the user SID (for the account mapping setup)
res = self.search(user_dn,
scope=ldb.SCOPE_BASE,
expression="objectclass=*",
attrs=["objectSid"])
assert len(res) == 1
user_sid = self.schema_format_value("objectSid",
res[0]["objectSid"][0])
try:
idmap = IDmapDB(lp=self.lp)
user = pwd.getpwnam(unixname)
# setup ID mapping for this UID
idmap.setup_name_mapping(user_sid, idmap.TYPE_UID, user[2])
except KeyError:
pass
except:
self.transaction_cancel()
raise
self.transaction_commit()
def newuser(self, username, unixname, password):
"""add a new user record.
:param username: Name of the new user.
:param unixname: Name of the unix user to map to.
:param password: Password for the new user
"""
# connect to the sam
self.transaction_start()
try:
domain_dn = self.domain_dn()
assert(domain_dn is not None)
user_dn = "CN=%s,CN=Users,%s" % (username, domain_dn)
#
# the new user record. note the reliance on the samdb module to
# fill in a sid, guid etc
#
# now the real work
self.add({"dn": user_dn,
"sAMAccountName": username,
"userPassword": password,
"objectClass": "user"})
res = self.search(user_dn, scope=ldb.SCOPE_BASE,
expression="objectclass=*",
attrs=["objectSid"])
assert len(res) == 1
user_sid = self.schema_format_value("objectSid", res[0]["objectSid"][0])
try:
idmap = IDmapDB(lp=self.lp)
user = pwd.getpwnam(unixname)
# setup ID mapping for this UID
idmap.setup_name_mapping(user_sid, idmap.TYPE_UID, user[2])
except KeyError:
pass
# modify the userAccountControl to remove the disabled bit
self.enable_account(user_dn)
except:
self.transaction_cancel()
raise
self.transaction_commit()
def newuser(self, username, unixname, password, force_password_change_at_next_login_req=False):
"""Adds a new user
Note: This call adds also the ID mapping for winbind; therefore it works
*only* on SAMBA 4.
:param username: Name of the new user
:param unixname: Name of the unix user to map to
:param password: Password for the new user
:param force_password_change_at_next_login_req: Force password change
"""
self.transaction_start()
try:
user_dn = "CN=%s,CN=Users,%s" % (username, self.domain_dn())
# The new user record. Note the reliance on the SAMLDB module which
# fills in the default informations
self.add({"dn": user_dn,
"sAMAccountName": username,
"objectClass": "user"})
# Sets the password for it
self.setpassword("(dn=" + user_dn + ")", password,
force_password_change_at_next_login_req)
# Gets the user SID (for the account mapping setup)
res = self.search(user_dn, scope=ldb.SCOPE_BASE,
expression="objectclass=*",
attrs=["objectSid"])
assert len(res) == 1
user_sid = self.schema_format_value("objectSid", res[0]["objectSid"][0])
try:
idmap = IDmapDB(lp=self.lp)
user = pwd.getpwnam(unixname)
# setup ID mapping for this UID
idmap.setup_name_mapping(user_sid, idmap.TYPE_UID, user[2])
except KeyError:
pass
except:
self.transaction_cancel()
raise
self.transaction_commit()
def open_idmap():
global lp
listener.setuid(0)
try:
idmap = IDmapDB('/var/lib/samba/private/idmap.ldb',
session_info=system_session(),
lp=lp)
except ldb.LdbError:
univention.debug.debug(
univention.debug.LISTENER, univention.debug.ERROR,
"%s: /var/lib/samba/private/idmap.ldb could not be opened" % name)
raise
finally:
listener.unsetuid()
return idmap
def open_idmap(): global lp if open_idmap.instance: return open_idmap.instance idmap_ldb = '/var/lib/samba/private/idmap.ldb' listener.setuid(0) try: if not os.path.exists(idmap_ldb): setup_idmapdb(idmap_ldb, session_info=system_session(), lp=lp) open_idmap.instance = IDmapDB(idmap_ldb, session_info=system_session(), lp=lp) except ldb.LdbError: univention.debug.debug(univention.debug.LISTENER, univention.debug.ERROR, "%s: /var/lib/samba/private/idmap.ldb could not be opened" % name) raise finally: listener.unsetuid() return open_idmap.instance
