def newuser(self, username, unixname, password, force_password_change_at_next_login_req=False): """Adds a new user Note: This call adds also the ID mapping for winbind; therefore it works *only* on SAMBA 4. :param username: Name of the new user :param unixname: Name of the unix user to map to :param password: Password for the new user :param force_password_change_at_next_login_req: Force password change """ self.transaction_start() try: user_dn = "CN=%s,CN=Users,%s" % (username, self.domain_dn()) # The new user record. Note the reliance on the SAMLDB module which # fills in the default informations self.add({ "dn": user_dn, "sAMAccountName": username, "objectClass": "user" }) # Sets the password for it self.setpassword("(dn=" + user_dn + ")", password, force_password_change_at_next_login_req) # Gets the user SID (for the account mapping setup) res = self.search(user_dn, scope=ldb.SCOPE_BASE, expression="objectclass=*", attrs=["objectSid"]) assert len(res) == 1 user_sid = self.schema_format_value("objectSid", res[0]["objectSid"][0]) try: idmap = IDmapDB(lp=self.lp) user = pwd.getpwnam(unixname) # setup ID mapping for this UID idmap.setup_name_mapping(user_sid, idmap.TYPE_UID, user[2]) except KeyError: pass except: self.transaction_cancel() raise self.transaction_commit()
def newuser(self, username, unixname, password): """add a new user record. :param username: Name of the new user. :param unixname: Name of the unix user to map to. :param password: Password for the new user """ # connect to the sam self.transaction_start() try: domain_dn = self.domain_dn() assert(domain_dn is not None) user_dn = "CN=%s,CN=Users,%s" % (username, domain_dn) # # the new user record. note the reliance on the samdb module to # fill in a sid, guid etc # # now the real work self.add({"dn": user_dn, "sAMAccountName": username, "userPassword": password, "objectClass": "user"}) res = self.search(user_dn, scope=ldb.SCOPE_BASE, expression="objectclass=*", attrs=["objectSid"]) assert len(res) == 1 user_sid = self.schema_format_value("objectSid", res[0]["objectSid"][0]) try: idmap = IDmapDB(lp=self.lp) user = pwd.getpwnam(unixname) # setup ID mapping for this UID idmap.setup_name_mapping(user_sid, idmap.TYPE_UID, user[2]) except KeyError: pass # modify the userAccountControl to remove the disabled bit self.enable_account(user_dn) except: self.transaction_cancel() raise self.transaction_commit()
def newuser(self, username, unixname, password, force_password_change_at_next_login_req=False): """Adds a new user Note: This call adds also the ID mapping for winbind; therefore it works *only* on SAMBA 4. :param username: Name of the new user :param unixname: Name of the unix user to map to :param password: Password for the new user :param force_password_change_at_next_login_req: Force password change """ self.transaction_start() try: user_dn = "CN=%s,CN=Users,%s" % (username, self.domain_dn()) # The new user record. Note the reliance on the SAMLDB module which # fills in the default informations self.add({"dn": user_dn, "sAMAccountName": username, "objectClass": "user"}) # Sets the password for it self.setpassword("(dn=" + user_dn + ")", password, force_password_change_at_next_login_req) # Gets the user SID (for the account mapping setup) res = self.search(user_dn, scope=ldb.SCOPE_BASE, expression="objectclass=*", attrs=["objectSid"]) assert len(res) == 1 user_sid = self.schema_format_value("objectSid", res[0]["objectSid"][0]) try: idmap = IDmapDB(lp=self.lp) user = pwd.getpwnam(unixname) # setup ID mapping for this UID idmap.setup_name_mapping(user_sid, idmap.TYPE_UID, user[2]) except KeyError: pass except: self.transaction_cancel() raise self.transaction_commit()
def open_idmap(): global lp listener.setuid(0) try: idmap = IDmapDB('/var/lib/samba/private/idmap.ldb', session_info=system_session(), lp=lp) except ldb.LdbError: univention.debug.debug( univention.debug.LISTENER, univention.debug.ERROR, "%s: /var/lib/samba/private/idmap.ldb could not be opened" % name) raise finally: listener.unsetuid() return idmap
def open_idmap(): global lp if open_idmap.instance: return open_idmap.instance idmap_ldb = '/var/lib/samba/private/idmap.ldb' listener.setuid(0) try: if not os.path.exists(idmap_ldb): setup_idmapdb(idmap_ldb, session_info=system_session(), lp=lp) open_idmap.instance = IDmapDB(idmap_ldb, session_info=system_session(), lp=lp) except ldb.LdbError: univention.debug.debug(univention.debug.LISTENER, univention.debug.ERROR, "%s: /var/lib/samba/private/idmap.ldb could not be opened" % name) raise finally: listener.unsetuid() return open_idmap.instance