class cmd_getinheritance(Command):
"""Get inheritance flag for a container"""
synopsis = "%prog <container_dn> [options]"
takes_optiongroups = {
"sambaopts": options.SambaOptions,
"versionopts": options.VersionOptions,
"credopts": options.CredentialsOptions,
}
takes_args = ['container_dn']
takes_options = [
Option("-H", help="LDB URL for database or target server", type=str)
]
def run(self,
container_dn,
H=None,
sambaopts=None,
credopts=None,
versionopts=None):
self.url = H
self.lp = sambaopts.get_loadparm()
self.creds = credopts.get_credentials(self.lp, fallback_machine=True)
samdb_connect(self)
try:
msg = self.samdb.search(base=container_dn,
scope=ldb.SCOPE_BASE,
expression="(objectClass=*)",
attrs=['gPOptions'])[0]
except Exception, e:
raise CommandError("Could not find Container DN %s" % container_dn,
e)
inheritance = 0
if 'gPOptions' in msg:
inheritance = int(msg['gPOptions'][0])
if inheritance == dsdb.GPO_BLOCK_INHERITANCE:
self.outf.write("Container has GPO_BLOCK_INHERITANCE\n")
else:
self.outf.write("Container has GPO_INHERIT\n")
class cmd_list(Command):
"""list GPOs for an account"""
synopsis = "%prog <username> [options]"
takes_args = ['username']
takes_options = [
Option("-H",
"--URL",
help="LDB URL for database or target server",
type=str,
metavar="URL",
dest="H")
]
def run(self,
username,
H=None,
sambaopts=None,
credopts=None,
versionopts=None):
self.lp = sambaopts.get_loadparm()
self.creds = credopts.get_credentials(self.lp, fallback_machine=True)
self.url = dc_url(self.lp, self.creds, H)
samdb_connect(self)
try:
msg = self.samdb.search(
expression=
'(&(|(samAccountName=%s)(samAccountName=%s$))(objectClass=User))'
% (ldb.binary_encode(username), ldb.binary_encode(username)))
user_dn = msg[0].dn
except Exception, e:
raise CommandError("Failed to find account %s" % username, e)
# check if its a computer account
try:
msg = self.samdb.search(base=user_dn,
scope=ldb.SCOPE_BASE,
attrs=['objectClass'])[0]
is_computer = 'computer' in msg['objectClass']
except Exception, e:
raise CommandError(
"Failed to find objectClass for user %s" % username, e)
class cmd_rename(Command):
"""Rename an organizational unit.
The name of the organizational units can be specified as a full DN
or without the domainDN component.
Examples:
samba-tool ou rename 'OU=OrgUnit,DC=samdom,DC=example,DC=com' \
'OU=NewNameOfOrgUnit,DC=samdom,DC=example,DC=com'
samba-tool ou rename 'OU=OrgUnit' 'OU=NewNameOfOrgUnit'
The examples show how an administrator would rename an ou 'OrgUnit'
to 'NewNameOfOrgUnit'. The new DN would be
'OU=NewNameOfOrgUnit,DC=samdom,DC=example,DC=com'
"""
synopsis = "%prog <old_ou_dn> <new_ou_dn> [options]"
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server",
type=str, metavar="URL", dest="H"),
]
takes_args = ["old_ou_dn", "new_ou_dn"]
takes_optiongroups = {
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
}
def run(self, old_ou_dn, new_ou_dn, credopts=None, sambaopts=None,
versionopts=None, H=None):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp, fallback_machine=True)
samdb = SamDB(url=H, session_info=system_session(),
credentials=creds, lp=lp)
domain_dn = ldb.Dn(samdb, samdb.domain_dn())
try:
full_old_ou_dn = samdb.normalize_dn_in_domain(old_ou_dn)
except Exception, e:
raise CommandError('Invalid old_ou_dn "%s": %s' %
(old_ou_dn, e.message))
try:
full_new_ou_dn = samdb.normalize_dn_in_domain(new_ou_dn)
except Exception, e:
raise CommandError('Invalid new_ou_dn "%s": %s' %
(new_ou_dn, e.message))
class cmd_schema_attribute_show_oc(Command):
"""Show what objectclasses MAY or MUST contain an attribute.
This is useful to determine "if I need uid, what objectclasses could be
applied to achieve this."
"""
synopsis = "%prog attribute [options]"
takes_optiongroups = {
"sambaopts": options.SambaOptions,
"versionopts": options.VersionOptions,
"credopts": options.CredentialsOptions,
}
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server",
type=str, metavar="URL", dest="H"),
]
takes_args = ["attribute"]
def run(self, attribute, H=None, credopts=None, sambaopts=None, versionopts=None):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
samdb = SamDB(url=H, session_info=system_session(),
credentials=creds, lp=lp)
schema_dn = samdb.schema_dn()
may_filt = '(&(objectClass=classSchema)' \
'(|(mayContain={0})(systemMayContain={0})))'.format(attribute)
must_filt = '(&(objectClass=classSchema)' \
'(|(mustContain={0})(systemMustContain={0})))'.format(attribute)
may_res = samdb.search(base=schema_dn, scope=ldb.SCOPE_SUBTREE,
expression=may_filt, attrs=['cn'])
must_res = samdb.search(base=schema_dn, scope=ldb.SCOPE_SUBTREE,
expression=must_filt, attrs=['cn'])
self.outf.write('--- MAY contain ---\n')
for msg in may_res:
self.outf.write('%s\n' % msg['cn'][0])
self.outf.write('--- MUST contain ---\n')
for msg in must_res:
self.outf.write('%s\n' % msg['cn'][0])
class cmd_dellink(Command):
"""Delete GPO link from a container"""
synopsis = "%prog <container_dn> <gpo> [options]"
takes_optiongroups = {
"sambaopts": options.SambaOptions,
"versionopts": options.VersionOptions,
"credopts": options.CredentialsOptions,
}
takes_args = ['container_dn', 'gpo']
takes_options = [
Option("-H", help="LDB URL for database or target server", type=str),
]
def run(self,
container_dn,
gpo_dn,
H=None,
sambaopts=None,
credopts=None,
versionopts=None):
self.lp = sambaopts.get_loadparm()
self.creds = credopts.get_credentials(self.lp, fallback_machine=True)
self.url = dc_url(self.lp, self.creds, H)
samdb_connect(self)
# Check if valid GPO
try:
msg = get_gpo_info(self.sambdb, gpo=gpo)[0]
except Exception, e:
raise CommandError("GPO %s does not exist" % gpo, e)
gpo_dn = get_gpo_dn(self.samdb, gpo)
# Check if valid Container DN and get existing GPlinks
try:
msg = self.samdb.search(base=container_dn,
scope=ldb.SCOPE_BASE,
expression="(objectClass=*)",
attrs=['gPlink'])[0]
except Exception, e:
raise CommandError("Could not find container DN %s" % dn, e)
class cmd_user_delete(Command):
"""Delete a user.
This command deletes a user account from the Active Directory domain. The username specified on the command is the sAMAccountName.
Once the account is deleted, all permissions and memberships associated with that account are deleted. If a new user account is added with the same name as a previously deleted account name, the new user does not have the previous permissions. The new account user will be assigned a new security identifier (SID) and permissions and memberships will have to be added.
The command may be run from the root userid or another authorized userid. The -H or --URL= option can be used to execute the command against a remote server.
Example1:
samba-tool user delete User1 -H ldap://samba.samdom.example.com --username=administrator --password=passw1rd
Example1 shows how to delete a user in the domain against a remote LDAP server. The -H parameter is used to specify the remote target server. The --username= and --password= options are used to pass the username and password of a user that exists on the remote server and is authorized to issue the command on that server.
Example2:
sudo samba-tool user delete User2
Example2 shows how to delete a user in the domain against the local server. sudo is used so a user may run the command as root.
"""
synopsis = "%prog <username> [options]"
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server", type=str,
metavar="URL", dest="H"),
]
takes_args = ["username"]
takes_optiongroups = {
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
}
def run(self, username, credopts=None, sambaopts=None, versionopts=None,
H=None):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp, fallback_machine=True)
try:
samdb = SamDB(url=H, session_info=system_session(),
credentials=creds, lp=lp)
samdb.deleteuser(username)
except Exception, e:
raise CommandError('Failed to remove user "%s"' % username, e)
self.outf.write("Deleted user %s\n" % username)
class cmd_forest_show(Command):
"""Display forest settings.
These settings control the behaviour of all domain controllers in this
forest. This displays those settings from the replicated configuration
partition.
"""
synopsis = "%prog [options]"
takes_optiongroups = {
"sambaopts": options.SambaOptions,
"versionopts": options.VersionOptions,
"credopts": options.CredentialsOptions,
}
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server",
type=str, metavar="URL", dest="H"),
]
def run(self, H=None, credopts=None, sambaopts=None, versionopts=None):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
samdb = SamDB(url=H, session_info=system_session(),
credentials=creds, lp=lp)
domain_dn = samdb.domain_dn()
object_dn = "%s,%s" % (self.objectdn, domain_dn)
# Show all the settings we know how to set in the forest object!
res = samdb.search(base=object_dn, scope=ldb.SCOPE_BASE,
attrs=self.attributes)
# Now we just display these attributes. The value is that
# we make them a bit prettier and human accessible.
# There should only be one response!
res_object = res[0]
self.outf.write("Settings for %s\n" % object_dn)
for attr in self.attributes:
try:
self.outf.write("%s: %s\n" % (attr, res_object[attr][0]))
except KeyError:
self.outf.write("%s: <NO VALUE>\n" % attr)
class cmd_listall(Command):
"""list all GPOs"""
synopsis = "%prog gpo listall"
takes_optiongroups = {
"sambaopts": options.SambaOptions,
"versionopts": options.VersionOptions,
"credopts": options.CredentialsOptions,
}
takes_options = [
Option("-H", help="LDB URL for database or target server", type=str)
]
def run(self, H=None, sambaopts=None,
credopts=None, versionopts=None, server=None):
self.url = H
self.lp = sambaopts.get_loadparm()
self.creds = credopts.get_credentials(self.lp, fallback_machine=True)
samdb_connect(self)
policies_dn = self.samdb.get_default_basedn()
policies_dn.add_child(ldb.Dn(self.samdb, "CN=Policies,CN=System"))
gpo_flags = [
("GPO_FLAG_USER_DISABLE", dsdb.GPO_FLAG_USER_DISABLE ),
( "GPO_FLAG_MACHINE_DISABLE", dsdb.GPO_FLAG_MACHINE_DISABLE ) ]
try:
msg = self.samdb.search(base=policies_dn, scope=ldb.SCOPE_ONELEVEL,
expression="(objectClass=groupPolicyContainer)",
attrs=['nTSecurityDescriptor', 'versionNumber', 'flags', 'name', 'displayName', 'gPCFileSysPath'])
except Exception, e:
raise CommandError("Failed to list policies in %s" % policies_dn, e)
for m in msg:
print("GPO : %s" % m['name'][0])
print("display name : %s" % m['displayName'][0])
print("path : %s" % m['gPCFileSysPath'][0])
print("dn : %s" % m.dn)
print("version : %s" % attr_default(m, 'versionNumber', '0'))
print("flags : %s" % flags_string(gpo_flags, int(attr_default(m, 'flags', 0))))
print("")
class cmd_user_password(Command):
"""Change password for a user account (the one provided in authentication).
"""
synopsis = "%prog [options]"
takes_options = [
Option("--newpassword", help="New password", type=str),
]
takes_optiongroups = {
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
}
def run(self,
credopts=None,
sambaopts=None,
versionopts=None,
newpassword=None):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
# get old password now, to get the password prompts in the right order
old_password = creds.get_password()
net = Net(creds, lp, server=credopts.ipaddress)
password = newpassword
while True:
if password is not None and password is not '':
break
password = getpass("New Password: "******"Retype Password: "******"Sorry, passwords do not match.\n")
try:
net.change_password(password)
except Exception, msg:
# FIXME: catch more specific exception
raise CommandError("Failed to change password : %s" % msg)
self.outf.write("Changed password OK\n")
class cmd_spn_list(Command):
"""List spns of a given user."""
synopsis = "%prog <user> [options]"
takes_optiongroups = {
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
}
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server",
type=str, metavar="URL", dest="H"),
]
takes_args = ["user"]
def run(self, user, H=None,
credopts=None,
sambaopts=None,
versionopts=None):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
sam = SamDB(H, session_info=system_session(),
credentials=creds, lp=lp)
# TODO once I understand how, use the domain info to naildown
# to the correct domain
(cleaneduser, realm, domain) = _get_user_realm_domain(user)
self.outf.write(cleaneduser + "\n")
res = sam.search(
expression="samaccountname=%s" % ldb.binary_encode(cleaneduser),
scope=ldb.SCOPE_SUBTREE, attrs=["servicePrincipalName"])
if len(res) > 0:
spns = res[0].get("servicePrincipalName")
if spns is not None:
self.outf.write(
"User %s has the following servicePrincipalName: \n" %
res[0].dn)
for e in spns:
self.outf.write("\t %s\n" % e)
else:
self.outf.write("User %s has no servicePrincipalName\n" %
res[0].dn)
else:
raise CommandError("User %s not found" % user)
class cmd_domain_pwdsettings_pso_list(Command):
"""Lists all Password Settings Objects (PSOs)."""
synopsis = "%prog [options]"
takes_optiongroups = {
"sambaopts": options.SambaOptions,
"versionopts": options.VersionOptions,
"credopts": options.CredentialsOptions,
}
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server",
metavar="URL", dest="H", type=str)
]
def run(self, H=None, credopts=None, sambaopts=None, versionopts=None):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
samdb = SamDB(url=H, session_info=system_session(),
credentials=creds, lp=lp)
res = samdb.search(pso_container(samdb), scope=ldb.SCOPE_SUBTREE,
attrs=['name', 'msDS-PasswordSettingsPrecedence'],
expression="(objectClass=msDS-PasswordSettings)")
# an unprivileged search against Windows returns nothing here. On Samba
# we get the PSO names, but not their attributes
if len(res) == 0 or 'msDS-PasswordSettingsPrecedence' not in res[0]:
self.outf.write("No PSOs are present, or you don't have permission"
" to view them.\n")
return
# sort the PSOs so they're displayed in order of precedence
pso_list = sorted(res, key=pso_key)
self.outf.write("Precedence | PSO name\n")
self.outf.write("--------------------------------------------------\n")
for pso in pso_list:
precedence = pso['msDS-PasswordSettingsPrecedence']
self.outf.write("%-10s | %s\n" % (precedence, pso['name']))
class cmd_dellink(Command):
"""Delete GPO link from a container."""
synopsis = "%prog <container_dn> <gpo> [options]"
takes_optiongroups = {
"sambaopts": options.SambaOptions,
"versionopts": options.VersionOptions,
"credopts": options.CredentialsOptions,
}
takes_args = ['container', 'gpo']
takes_options = [
Option("-H", help="LDB URL for database or target server", type=str),
]
def run(self,
container,
gpo,
H=None,
sambaopts=None,
credopts=None,
versionopts=None):
self.lp = sambaopts.get_loadparm()
self.creds = credopts.get_credentials(self.lp, fallback_machine=True)
self.url = dc_url(self.lp, self.creds, H)
samdb_connect(self)
# Check if valid GPO
try:
get_gpo_info(self.samdb, gpo=gpo)[0]
except Exception:
raise CommandError("GPO '%s' does not exist" % gpo)
container_dn = ldb.Dn(self.samdb, container)
del_gpo_link(self.samdb, container_dn, gpo)
self.outf.write("Deleted GPO link.\n")
cmd_getlink().run(container_dn, H, sambaopts, credopts, versionopts)
class cmd_forest_set(Command):
"""Modify forest settings.
This will alter the setting specified to value.
"""
attribute = None
objectdn = None
synopsis = "%prog value [options]"
takes_optiongroups = {
"sambaopts": options.SambaOptions,
"versionopts": options.VersionOptions,
"credopts": options.CredentialsOptions,
}
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server",
type=str, metavar="URL", dest="H"),
]
takes_args = ["value"]
def run(self, value, H=None, credopts=None, sambaopts=None, versionopts=None):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
samdb = SamDB(url=H, session_info=system_session(),
credentials=creds, lp=lp)
domain_dn = samdb.domain_dn()
object_dn = "%s,%s" % (self.objectdn, domain_dn)
# Create the modification
m = ldb.Message()
m.dn = ldb.Dn(samdb, object_dn)
m[self.attribute] = ldb.MessageElement(
value, ldb.FLAG_MOD_REPLACE, self.attribute)
samdb.modify(m)
self.outf.write("set %s: %s\n" % (self.attribute, value))
class cmd_domain_export_keytab(Command):
"""Dumps kerberos keys of the domain into a keytab"""
synopsis = "%prog <keytab> [options]"
takes_options = [
Option("--principal", help="extract only this principal", type=str),
]
takes_args = ["keytab"]
def run(self,
keytab,
credopts=None,
sambaopts=None,
versionopts=None,
principal=None):
lp = sambaopts.get_loadparm()
net = Net(None, lp)
net.export_keytab(keytab=keytab, principal=principal)
class cmd_user_list(Command):
"""List all users."""
synopsis = "%prog [options]"
takes_options = [
Option("-H",
"--URL",
help="LDB URL for database or target server",
type=str,
metavar="URL",
dest="H"),
]
takes_optiongroups = {
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
}
def run(self, sambaopts=None, credopts=None, versionopts=None, H=None):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp, fallback_machine=True)
samdb = SamDB(url=H,
session_info=system_session(),
credentials=creds,
lp=lp)
domain_dn = samdb.domain_dn()
res = samdb.search(
domain_dn,
scope=ldb.SCOPE_SUBTREE,
expression=("(&(objectClass=user)(userAccountControl:%s:=%u))" %
(ldb.OID_COMPARATOR_AND, dsdb.UF_NORMAL_ACCOUNT)),
attrs=["samaccountname"])
if (len(res) == 0):
return
for msg in res:
self.outf.write("%s\n" % msg.get("samaccountname", idx=0))
class cmd_domain_pwdsettings_pso_delete(Command):
"""Deletes a Password Settings Object (PSO)."""
synopsis = "%prog <psoname> [options]"
takes_optiongroups = {
"sambaopts": options.SambaOptions,
"versionopts": options.VersionOptions,
"credopts": options.CredentialsOptions,
}
takes_options = [
Option("-H",
"--URL",
help="LDB URL for database or target server",
metavar="URL",
dest="H",
type=str)
]
takes_args = ["psoname"]
def run(self,
psoname,
H=None,
credopts=None,
sambaopts=None,
versionopts=None):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
samdb = SamDB(url=H,
session_info=system_session(),
credentials=creds,
lp=lp)
pso_dn = "CN=%s,%s" % (psoname, pso_container(samdb))
# sanity-check the PSO exists
check_pso_valid(samdb, pso_dn, psoname)
samdb.delete(pso_dn)
self.message("Deleted PSO %s" % psoname)
class cmd_computer_list(Command):
"""List all computers."""
synopsis = "%prog [options]"
takes_options = [
Option("-H",
"--URL",
help="LDB URL for database or target server",
type=str,
metavar="URL",
dest="H"),
]
takes_optiongroups = {
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
}
def run(self, sambaopts=None, credopts=None, versionopts=None, H=None):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp, fallback_machine=True)
samdb = SamDB(url=H,
session_info=system_session(),
credentials=creds,
lp=lp)
filter = "(sAMAccountType=%u)" % (dsdb.ATYPE_WORKSTATION_TRUST)
domain_dn = samdb.domain_dn()
res = samdb.search(domain_dn,
scope=ldb.SCOPE_SUBTREE,
expression=filter,
attrs=["samaccountname"])
if (len(res) == 0):
return
for msg in res:
self.outf.write("%s\n" % msg.get("samaccountname", idx=0))
class cmd_listall(Command):
"""List all GPOs."""
synopsis = "%prog [options]"
takes_optiongroups = {
"sambaopts": options.SambaOptions,
"versionopts": options.VersionOptions,
"credopts": options.CredentialsOptions,
}
takes_options = [
Option("-H",
"--URL",
help="LDB URL for database or target server",
type=str,
metavar="URL",
dest="H")
]
def run(self, H=None, sambaopts=None, credopts=None, versionopts=None):
self.lp = sambaopts.get_loadparm()
self.creds = credopts.get_credentials(self.lp, fallback_machine=True)
self.url = dc_url(self.lp, self.creds, H)
samdb_connect(self)
msg = get_gpo_info(self.samdb, None)
for m in msg:
self.outf.write("GPO : %s\n" % m['name'][0])
self.outf.write("display name : %s\n" % m['displayName'][0])
self.outf.write("path : %s\n" % m['gPCFileSysPath'][0])
self.outf.write("dn : %s\n" % m.dn)
self.outf.write("version : %s\n" %
attr_default(m, 'versionNumber', '0'))
self.outf.write("flags : %s\n" %
gpo_flags_string(int(attr_default(m, 'flags', 0))))
self.outf.write("\n")
class cmd_group_remove_members(Command):
"""Remove (comma-separated list of) group members"""
synopsis = "%prog group removemembers <groupname> <listofmembers>"
takes_optiongroups = {
"sambaopts": options.SambaOptions,
"versionopts": options.VersionOptions,
"credopts": options.CredentialsOptions,
}
takes_options = [
Option("-H", help="LDB URL for database or target server", type=str),
]
takes_args = ["groupname", "listofmembers"]
def run(self,
groupname,
listofmembers,
credopts=None,
sambaopts=None,
versionopts=None,
H=None):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp, fallback_machine=True)
try:
samdb = SamDB(url=H,
session_info=system_session(),
credentials=creds,
lp=lp)
samdb.add_remove_group_members(groupname,
listofmembers,
add_members_operation=False)
except Exception, e:
raise CommandError(
'Failed to remove members "%s" from group "%s"' %
(listofmembers, groupname), e)
print("Removed members from group %s" % groupname)
class cmd_schema_objectclass_show(Command):
"""Show details about an objectClass from the schema.
Schema objectClass definitions define and control the behaviour of directory
objects including what attributes they may contain. This displays the
details of an objectClass.
"""
synopsis = "%prog objectclass [options]"
takes_optiongroups = {
"sambaopts": options.SambaOptions,
"versionopts": options.VersionOptions,
"credopts": options.CredentialsOptions,
}
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server",
type=str, metavar="URL", dest="H"),
]
takes_args = ["objectclass"]
def run(self, objectclass, H=None, credopts=None, sambaopts=None, versionopts=None):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
samdb = SamDB(url=H, session_info=system_session(),
credentials=creds, lp=lp)
schema_dn = samdb.schema_dn()
filt = '(&(objectClass=classSchema)' \
'(|(lDAPDisplayName={0})(cn={0})(name={0})))'.format(objectclass)
res = samdb.search(base=schema_dn, scope=ldb.SCOPE_SUBTREE,
expression=filt)
for msg in res:
user_ldif = samdb.write_ldif(msg, ldb.CHANGETYPE_NONE)
self.outf.write(user_ldif)
class cmd_listcontainers(Command):
"""List all linked containers for a GPO."""
synopsis = "%prog <gpo> [options]"
takes_optiongroups = {
"sambaopts": options.SambaOptions,
"versionopts": options.VersionOptions,
"credopts": options.CredentialsOptions,
}
takes_args = ['gpo']
takes_options = [
Option("-H", help="LDB URL for database or target server", type=str)
]
def run(self,
gpo,
H=None,
sambaopts=None,
credopts=None,
versionopts=None):
self.lp = sambaopts.get_loadparm()
self.creds = credopts.get_credentials(self.lp, fallback_machine=True)
self.url = dc_url(self.lp, self.creds, H)
samdb_connect(self)
msg = get_gpo_containers(self.samdb, gpo)
if len(msg):
self.outf.write("Container(s) using GPO %s\n" % gpo)
for m in msg:
self.outf.write(" DN: %s\n" % m['dn'])
else:
self.outf.write("No Containers using GPO %s\n" % gpo)
class cmd_domain_pwdsettings_pso_show(Command):
"""Display a Password Settings Object's details."""
synopsis = "%prog <psoname> [options]"
takes_optiongroups = {
"sambaopts": options.SambaOptions,
"versionopts": options.VersionOptions,
"credopts": options.CredentialsOptions,
}
takes_options = [
Option("-H",
"--URL",
help="LDB URL for database or target server",
type=str,
metavar="URL",
dest="H"),
]
takes_args = ["psoname"]
def run(self,
psoname,
H=None,
credopts=None,
sambaopts=None,
versionopts=None):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
samdb = SamDB(url=H,
session_info=system_session(),
credentials=creds,
lp=lp)
pso_dn = "CN=%s,%s" % (psoname, pso_container(samdb))
check_pso_valid(samdb, pso_dn, psoname)
show_pso_by_dn(self.outf, samdb, pso_dn)
class cmd_list(Command):
"""list GPOs for a user"""
synopsis = "%prog gpo list <username>"
takes_optiongroups = {
"sambaopts": options.SambaOptions,
"versionopts": options.VersionOptions,
"credopts": options.CredentialsOptions,
}
takes_args = [ 'username' ]
takes_options = [
Option("-H", help="LDB URL for database or target server", type=str)
]
def run(self, username, H=None, sambaopts=None,
credopts=None, versionopts=None, server=None):
self.url = H
self.lp = sambaopts.get_loadparm()
self.creds = credopts.get_credentials(self.lp, fallback_machine=True)
samdb_connect(self)
try:
user_dn = self.samdb.search(expression='(&(samAccountName=%s)(objectclass=User))' % username)[0].dn
except Exception, e:
raise CommandError("Failed to find user %s" % username, e)
# check if its a computer account
try:
msg = self.samdb.search(base=user_dn, scope=ldb.SCOPE_BASE, attrs=['objectClass'])[0]
is_computer = 'computer' in msg['objectClass']
except Exception, e:
raise CommandError("Failed to find objectClass for user %s" % username, e)
class cmd_drs_clone_dc_database(Command):
"""Replicate an initial clone of domain, but DO NOT JOIN it."""
synopsis = "%prog <dnsdomain> [options]"
takes_optiongroups = {
"sambaopts": options.SambaOptions,
"versionopts": options.VersionOptions,
"credopts": options.CredentialsOptions,
}
takes_options = [
Option("--server", help="DC to join", type=str),
Option("--targetdir", help="where to store provision (required)", type=str),
Option("-q", "--quiet", help="Be quiet", action="store_true"),
Option("--include-secrets", help="Also replicate secret values", action="store_true"),
Option("--backend-store", type="choice", metavar="BACKENDSTORE",
choices=["tdb", "mdb"],
help="Specify the database backend to be used "
"(default is %s)" % get_default_backend_store()),
Option("--backend-store-size", type="bytes", metavar="SIZE",
help="Specify the size of the backend database, currently" +
"only supported by lmdb backends (default is 8 Gb).")
]
takes_args = ["domain"]
def run(self, domain, sambaopts=None, credopts=None,
versionopts=None, server=None, targetdir=None,
quiet=False, verbose=False, include_secrets=False,
backend_store=None, backend_store_size=None):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
logger = self.get_logger(verbose=verbose, quiet=quiet)
if targetdir is None:
raise CommandError("--targetdir option must be specified")
join_clone(logger=logger, server=server, creds=creds, lp=lp,
domain=domain, dns_backend='SAMBA_INTERNAL',
targetdir=targetdir, include_secrets=include_secrets,
backend_store=backend_store,
backend_store_size=backend_store_size)
class cmd_domain_pwdsettings_pso_show_user(Command):
"""Displays the Password Settings that apply to a user."""
synopsis = "%prog <username> [options]"
takes_optiongroups = {
"sambaopts": options.SambaOptions,
"versionopts": options.VersionOptions,
"credopts": options.CredentialsOptions,
}
takes_options = [
Option("-H",
"--URL",
help="LDB URL for database or target server",
metavar="URL",
dest="H",
type=str)
]
takes_args = ["username"]
def run(self,
username,
H=None,
credopts=None,
sambaopts=None,
versionopts=None):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
samdb = SamDB(url=H,
session_info=system_session(),
credentials=creds,
lp=lp)
show_pso_for_user(self.outf, samdb, username)
class cmd_group_delete(Command):
"""Delete a group"""
synopsis = "%prog group delete <groupname>"
takes_optiongroups = {
"sambaopts": options.SambaOptions,
"versionopts": options.VersionOptions,
"credopts": options.CredentialsOptions,
}
takes_options = [
Option("-H", help="LDB URL for database or target server", type=str),
]
takes_args = ["groupname"]
def run(self,
groupname,
credopts=None,
sambaopts=None,
versionopts=None,
H=None):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp, fallback_machine=True)
try:
samdb = SamDB(url=H,
session_info=system_session(),
credentials=creds,
lp=lp)
samdb.deletegroup(groupname)
except Exception, e:
raise CommandError('Failed to remove group "%s"' % groupname, e)
print("Deleted group %s" % groupname)
