def enable_krb5_for(self, username, realm): dn, user = self._get_user(username) if not dn: return False principal_name = '%s@%s' % ( delete_diacritics(username).encode('utf-8'), realm.upper()) modlist = [(ldap.MOD_ADD, 'objectclass', 'krb5KDCEntry'), (ldap.MOD_ADD, 'krb5KeyVersionNumber', '0'), (ldap.MOD_ADD, 'krb5PrincipalName', principal_name)] self.l.modify_s(dn, modlist) return True
def addMachine(self, uid, comment, addMachineScript = False): """ Add a PosixAccount for a machine account. if addMachineScript is False, we run smbpasswd to create the needed LDAP attributes. @param uid: name of new machine (no space) @type uid: str @param comment: comment of machine (full string accept) @type comment: str """ r = AF().log(PLUGIN_NAME, AA.SAMBA_ADD_MACHINE, [(uid, AT.MACHINE)], comment) origuid = uid uid = uid + '$' uidNumber = self.freeUID(); if not comment: comment = "Machine account" comment_UTF8 = str(delete_diacritics((comment.encode("UTF-8")))) gidNumber = self.getDomainComputersGroup()["gidNumber"][0] # creating machine skel user_info = { 'objectclass':('account', 'posixAccount', 'top'), 'uid':uid, 'cn':uid, 'uidNumber':str(uidNumber), 'gidNumber': str(gidNumber), 'gecos':str(comment_UTF8), 'homeDirectory':'/dev/null', 'loginShell':'/bin/false' } ident = 'uid=' + uid + ',' + self.baseComputersDN attributes=[ (k,v) for k,v in user_info.items() ] self.l.add_s(ident,attributes) if not addMachineScript: cmd = 'smbpasswd -a -m ' + uid shProcess = generateBackgroundProcess(cmd) ret = shProcess.getExitCode() if ret: self.delMachine(origuid) # Delete machine account we just created raise Exception("Failed to add computer entry\n" + shProcess.stdall) r.commit() return 0
def computeMailGroupAlias(self, group): """ Find a mail alias that fits for a group. Non ASCII characters are replaced, and spaces are replaced with hyphens @param group: group name @type group: str @return: return the computed mail alias, or an empty string if it already exists @rtype: str """ group = group.lower() group = delete_diacritics(group) group = group.replace(" ", "-") if self.searchMailGroupAlias(group): # This alias already exists return "" else: return group