The Samba-Bugzilla – Attachment 13346 Details for
Bug 12884
There isn't an easy way to edit a users object
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch
Easily-edit-a-users-object-in-AD-as-if-using-ldbedit.patch (text/plain), 6.44 KB, created by
Rowland Penny
on 2017-07-06 14:17:32 UTC
(
hide
)
Description:
patch
Filename:
MIME Type:
Creator:
Rowland Penny
Created:
2017-07-06 14:17:32 UTC
Size:
6.44 KB
patch
obsolete
>From 9a934f3c0e6af079b5e01725e2721276a8e95442 Mon Sep 17 00:00:00 2001 >From: Rowland Penny <rpenny@samba.org> >Date: Tue, 4 Jul 2017 15:00:58 +0100 >Subject: [PATCH 1/3] Easily edit a users object in AD, as if using ldbedit. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12884 > >Signed-off-by: Rowland Penny <rpenny@samba.org> >Reviewed-by: Alexander Bokovoy <ab@samba.org> >(cherry picked from commit 2ab239be0d69389b451816ec72d548d1156e495b) >--- > python/samba/netcmd/user.py | 139 +++++++++++++++++++++++++++++++++++++++++++- > 1 file changed, 138 insertions(+), 1 deletion(-) > >diff --git a/python/samba/netcmd/user.py b/python/samba/netcmd/user.py >index 53ac39f..3b744a3 100644 >--- a/python/samba/netcmd/user.py >+++ b/python/samba/netcmd/user.py >@@ -21,6 +21,9 @@ import samba.getopt as options > import ldb > import pwd > import os >+import re >+import tempfile >+import difflib > import sys > import fcntl > import signal >@@ -28,7 +31,7 @@ import errno > import time > import base64 > import binascii >-from subprocess import Popen, PIPE, STDOUT >+from subprocess import Popen, PIPE, STDOUT, check_call, CalledProcessError > from getpass import getpass > from samba.auth import system_session > from samba.samdb import SamDB >@@ -2283,6 +2286,139 @@ samba-tool user syncpasswords --terminate \\ > update_pid(None) > return > >+class cmd_user_edit(Command): >+ """Modify User AD object. >+ >+This command will allow editing of a user account in the Active Directory >+domain. You will then be able to add or change attributes and their values. >+ >+The username specified on the command is the sAMAccountName. >+ >+The command may be run from the root userid or another authorized userid. >+ >+The -H or --URL= option can be used to execute the command against a remote >+server. >+ >+Example1: >+samba-tool user edit User1 -H ldap://samba.samdom.example.com \ >+-U administrator --password=passw1rd >+ >+Example1 shows how to edit a users attributes in the domain against a remote >+LDAP server. >+ >+The -H parameter is used to specify the remote target server. >+ >+Example2: >+samba-tool user edit User2 >+ >+Example2 shows how to edit a users attributes in the domain against a local >+LDAP server. >+ >+Example3: >+samba-tool user edit User3 --editor=nano >+ >+Example3 shows how to edit a users attributes in the domain against a local >+LDAP server using the 'nano' editor. >+ >+""" >+ synopsis = "%prog <username> [options]" >+ >+ takes_options = [ >+ Option("-H", "--URL", help="LDB URL for database or target server", >+ type=str, metavar="URL", dest="H"), >+ Option("--editor", help="Editor to use instead of the system default," >+ " or 'vi' if no system default is set.", type=str), >+ ] >+ >+ takes_args = ["username"] >+ takes_optiongroups = { >+ "sambaopts": options.SambaOptions, >+ "credopts": options.CredentialsOptions, >+ "versionopts": options.VersionOptions, >+ } >+ >+ def run(self, username, credopts=None, sambaopts=None, versionopts=None, >+ H=None, editor=None): >+ >+ lp = sambaopts.get_loadparm() >+ creds = credopts.get_credentials(lp, fallback_machine=True) >+ samdb = SamDB(url=H, session_info=system_session(), >+ credentials=creds, lp=lp) >+ >+ filter = ("(&(sAMAccountType=%d)(sAMAccountName=%s))" % >+ (dsdb.ATYPE_NORMAL_ACCOUNT, ldb.binary_encode(username))) >+ >+ domaindn = samdb.domain_dn() >+ >+ try: >+ res = samdb.search(base=domaindn, >+ expression=filter, >+ scope=ldb.SCOPE_SUBTREE) >+ user_dn = res[0].dn >+ except IndexError: >+ raise CommandError('Unable to find user "%s"' % (username)) >+ >+ for msg in res: >+ r_ldif = samdb.write_ldif(msg, 1) >+ # remove 'changetype' line >+ result_ldif = re.sub('changetype: add\n', '', r_ldif) >+ >+ if editor is None: >+ editor = os.environ.get('EDITOR') >+ if editor is None: >+ editor = 'vi' >+ >+ with tempfile.NamedTemporaryFile(suffix=".tmp") as t_file: >+ t_file.write(result_ldif) >+ t_file.flush() >+ try: >+ check_call([editor, t_file.name]) >+ except CalledProcessError as e: >+ raise CalledProcessError("ERROR: ", e) >+ with open(t_file.name) as edited_file: >+ edited_message = edited_file.read() >+ >+ if result_ldif != edited_message: >+ diff = difflib.ndiff(result_ldif.splitlines(), >+ edited_message.splitlines()) >+ minus_lines = [] >+ plus_lines = [] >+ for line in diff: >+ if line.startswith('-'): >+ line = line[2:] >+ minus_lines.append(line) >+ elif line.startswith('+'): >+ line = line[2:] >+ plus_lines.append(line) >+ >+ user_ldif="dn: %s\n" % user_dn >+ user_ldif += "changetype: modify\n" >+ >+ for line in minus_lines: >+ attr, val = line.split(':', 1) >+ search_attr="%s:" % attr >+ if not re.search(r'^' + search_attr, str(plus_lines)): >+ user_ldif += "delete: %s\n" % attr >+ user_ldif += "%s: %s\n" % (attr, val) >+ >+ for line in plus_lines: >+ attr, val = line.split(':', 1) >+ search_attr="%s:" % attr >+ if re.search(r'^' + search_attr, str(minus_lines)): >+ user_ldif += "replace: %s\n" % attr >+ user_ldif += "%s: %s\n" % (attr, val) >+ if not re.search(r'^' + search_attr, str(minus_lines)): >+ user_ldif += "add: %s\n" % attr >+ user_ldif += "%s: %s\n" % (attr, val) >+ >+ try: >+ samdb.modify_ldif(user_ldif) >+ except Exception as e: >+ raise CommandError("Failed to modify user '%s': " % >+ username, e) >+ >+ self.outf.write("Modified User '%s' successfully\n" % username) >+ > class cmd_user(SuperCommand): > """User management.""" > >@@ -2298,3 +2434,4 @@ class cmd_user(SuperCommand): > subcommands["setpassword"] = cmd_user_setpassword() > subcommands["getpassword"] = cmd_user_getpassword() > subcommands["syncpasswords"] = cmd_user_syncpasswords() >+ subcommands["edit"] = cmd_user_edit() >-- >2.1.4 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
ab
:
review+
Actions:
View
Attachments on
bug 12884
: 13346 |
13347
|
13348