def execute(self, *keys, **options):
ldap = self.obj.backend
dn = self.api.Object.user.get_either_dn(*keys, **options)
attr_list = ['krbloginfailedcount', 'krblastsuccessfulauth', 'krblastfailedauth', 'nsaccountlock']
disabled = False
masters = []
# Get list of masters
try:
masters, _truncated = ldap.find_entries(
None, ['*'], DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn),
ldap.SCOPE_ONELEVEL
)
except errors.NotFound:
# If this happens we have some pretty serious problems
logger.error('No IPA masters found!')
entries = []
count = 0
for master in masters:
host = master['cn'][0]
if host == api.env.host:
other_ldap = self.obj.backend
else:
try:
other_ldap = LDAPClient(ldap_uri='ldap://%s' % host)
other_ldap.gssapi_bind()
except Exception as e:
logger.error("user_status: Connecting to %s failed with "
"%s", host, str(e))
newresult = {'dn': dn}
newresult['server'] = _("%(host)s failed: %(error)s") % dict(host=host, error=str(e))
entries.append(newresult)
count += 1
continue
try:
entry = other_ldap.get_entry(dn, attr_list)
newresult = {'dn': dn}
for attr in ['krblastsuccessfulauth', 'krblastfailedauth']:
newresult[attr] = entry.get(attr, [u'N/A'])
newresult['krbloginfailedcount'] = entry.get('krbloginfailedcount', u'0')
if not options.get('raw', False):
for attr in ['krblastsuccessfulauth', 'krblastfailedauth']:
try:
if newresult[attr][0] == u'N/A':
continue
newtime = time.strptime(newresult[attr][0], '%Y%m%d%H%M%SZ')
newresult[attr][0] = unicode(time.strftime('%Y-%m-%dT%H:%M:%SZ', newtime))
except Exception as e:
logger.debug("time conversion failed with %s",
str(e))
newresult['server'] = host
if options.get('raw', False):
time_format = '%Y%m%d%H%M%SZ'
else:
time_format = '%Y-%m-%dT%H:%M:%SZ'
newresult['now'] = unicode(strftime(time_format, gmtime()))
convert_nsaccountlock(entry)
if 'nsaccountlock' in entry:
disabled = entry['nsaccountlock']
self.api.Object.user.get_preserved_attribute(entry, options)
entries.append(newresult)
count += 1
except errors.NotFound:
raise self.api.Object.user.handle_not_found(*keys)
except Exception as e:
logger.error("user_status: Retrieving status for %s failed "
"with %s", dn, str(e))
newresult = {'dn': dn}
newresult['server'] = _("%(host)s failed") % dict(host=host)
entries.append(newresult)
count += 1
if host != api.env.host:
other_ldap.close()
return dict(result=entries,
count=count,
truncated=False,
summary=unicode(_('Account disabled: %(disabled)s' %
dict(disabled=disabled))),
)
def execute(self, *keys, **options):
ldap = self.obj.backend
dn = self.api.Object.user.get_either_dn(*keys, **options)
attr_list = [
'krbloginfailedcount', 'krblastsuccessfulauth',
'krblastfailedauth', 'nsaccountlock'
]
disabled = False
masters = []
# Get list of masters
try:
masters, _truncated = ldap.find_entries(
None, ['*'],
DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'),
api.env.basedn), ldap.SCOPE_ONELEVEL)
except errors.NotFound:
# If this happens we have some pretty serious problems
self.error('No IPA masters found!')
entries = []
count = 0
for master in masters:
host = master['cn'][0]
if host == api.env.host:
other_ldap = self.obj.backend
else:
try:
other_ldap = LDAPClient(ldap_uri='ldap://%s' % host)
other_ldap.gssapi_bind()
except Exception as e:
self.error("user_status: Connecting to %s failed with %s" %
(host, str(e)))
newresult = {'dn': dn}
newresult['server'] = _("%(host)s failed: %(error)s"
) % dict(host=host, error=str(e))
entries.append(newresult)
count += 1
continue
try:
entry = other_ldap.get_entry(dn, attr_list)
newresult = {'dn': dn}
for attr in ['krblastsuccessfulauth', 'krblastfailedauth']:
newresult[attr] = entry.get(attr, [u'N/A'])
newresult['krbloginfailedcount'] = entry.get(
'krbloginfailedcount', u'0')
if not options.get('raw', False):
for attr in ['krblastsuccessfulauth', 'krblastfailedauth']:
try:
if newresult[attr][0] == u'N/A':
continue
newtime = time.strptime(newresult[attr][0],
'%Y%m%d%H%M%SZ')
newresult[attr][0] = unicode(
time.strftime('%Y-%m-%dT%H:%M:%SZ', newtime))
except Exception as e:
self.debug("time conversion failed with %s" %
str(e))
newresult['server'] = host
if options.get('raw', False):
time_format = '%Y%m%d%H%M%SZ'
else:
time_format = '%Y-%m-%dT%H:%M:%SZ'
newresult['now'] = unicode(strftime(time_format, gmtime()))
convert_nsaccountlock(entry)
if 'nsaccountlock' in entry:
disabled = entry['nsaccountlock']
self.api.Object.user.get_preserved_attribute(entry, options)
entries.append(newresult)
count += 1
except errors.NotFound:
self.api.Object.user.handle_not_found(*keys)
except Exception as e:
self.error(
"user_status: Retrieving status for %s failed with %s" %
(dn, str(e)))
newresult = {'dn': dn}
newresult['server'] = _("%(host)s failed") % dict(host=host)
entries.append(newresult)
count += 1
if host != api.env.host:
other_ldap.close()
return dict(
result=entries,
count=count,
truncated=False,
summary=unicode(
_('Account disabled: %(disabled)s' % dict(disabled=disabled))),
)
def execute(self, *keys, **options):
ldap = self.obj.backend
dn = self.api.Object.user.get_either_dn(*keys, **options)
attr_list = [
'krbloginfailedcount', 'krblastsuccessfulauth',
'krblastfailedauth', 'nsaccountlock'
]
disabled = False
masters = get_masters(ldap)
entries = []
count = 0
for host in masters:
if host == api.env.host:
other_ldap = self.obj.backend
else:
try:
other_ldap = LDAPClient(ldap_uri='ldap://%s' % host)
other_ldap.gssapi_bind()
except Exception as e:
logger.error(
"user_status: Connecting to %s failed with "
"%s", host, str(e))
newresult = {'dn': dn}
newresult['server'] = _("%(host)s failed: %(error)s"
) % dict(host=host, error=str(e))
entries.append(newresult)
count += 1
continue
try:
entry = other_ldap.get_entry(dn, attr_list)
newresult = {'dn': dn}
for attr in ['krblastsuccessfulauth', 'krblastfailedauth']:
newresult[attr] = entry.get(attr, [u'N/A'])
newresult['krbloginfailedcount'] = entry.get(
'krbloginfailedcount', u'0')
if not options.get('raw', False):
for attr in ['krblastsuccessfulauth', 'krblastfailedauth']:
try:
if newresult[attr][0] == u'N/A':
continue
newtime = time.strptime(newresult[attr][0],
'%Y%m%d%H%M%SZ')
newresult[attr][0] = unicode(
time.strftime('%Y-%m-%dT%H:%M:%SZ', newtime))
except Exception as e:
logger.debug("time conversion failed with %s",
str(e))
newresult['server'] = host
if options.get('raw', False):
time_format = '%Y%m%d%H%M%SZ'
else:
time_format = '%Y-%m-%dT%H:%M:%SZ'
newresult['now'] = unicode(strftime(time_format, gmtime()))
convert_nsaccountlock(entry)
if 'nsaccountlock' in entry:
disabled = entry['nsaccountlock']
self.api.Object.user.get_preserved_attribute(entry, options)
entries.append(newresult)
count += 1
except errors.NotFound:
raise self.api.Object.user.handle_not_found(*keys)
except Exception as e:
logger.error(
"user_status: Retrieving status for %s failed "
"with %s", dn, str(e))
newresult = {'dn': dn}
newresult['server'] = _("%(host)s failed") % dict(host=host)
entries.append(newresult)
count += 1
if host != api.env.host:
other_ldap.close()
return dict(
result=entries,
count=count,
truncated=False,
summary=unicode(
_('Account disabled: %(disabled)s' % dict(disabled=disabled))),
)
