diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2009-06-18 12:38:04 +1000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2009-06-18 13:49:30 +1000 |
| commit | 1e6fb7d7306ee64ac649afe235e452ac116de394 (patch) | |
| tree | 51e4668a33d4aff3fa3529ef477e210bd1d950f3 /source4/scripting | |
| parent | 033e25fdcea93763e1e8fe295fb6d2c3d261bcc4 (diff) | |
| download | samba-1e6fb7d7306ee64ac649afe235e452ac116de394.tar.gz samba-1e6fb7d7306ee64ac649afe235e452ac116de394.tar.bz2 samba-1e6fb7d7306ee64ac649afe235e452ac116de394.zip | |
s4: Add tests and 'must change password' flags in setpassword and newuser
In particular, ensure that we can acutally change the password under
these circumstances.
Andrew Bartlett
Diffstat (limited to 'source4/scripting')
| -rw-r--r-- | source4/scripting/python/samba/samdb.py | 31 |
1 files changed, 21 insertions, 10 deletions
diff --git a/source4/scripting/python/samba/samdb.py b/source4/scripting/python/samba/samdb.py index 8ca4f65d6e..bc76cd3c5f 100644 --- a/source4/scripting/python/samba/samdb.py +++ b/source4/scripting/python/samba/samdb.py @@ -96,6 +96,20 @@ userAccountControl: %u """ % (user_dn, userAccountControl) self.modify_ldif(mod) + + def force_password_change_at_next_login(self, user_dn): + """Force a password change at next login + + :param user_dn: Dn of the account to force password change on + """ + mod = """ +dn: %s +changetype: modify +replace: pwdLastSet +pwdLastSet: 0 +""" % (user_dn) + self.modify_ldif(mod) + def domain_dn(self): # find the DNs for the domain and the domain users group res = self.search("", scope=ldb.SCOPE_BASE, @@ -104,7 +118,7 @@ userAccountControl: %u assert(len(res) == 1 and res[0]["defaultNamingContext"] is not None) return res[0]["defaultNamingContext"][0] - def newuser(self, username, unixname, password): + def newuser(self, username, unixname, password, force_password_change_at_next_login=False): """add a new user record. :param username: Name of the new user. @@ -145,6 +159,9 @@ userAccountControl: %u except KeyError: pass + if force_password_change_at_next_login: + self.force_password_change_at_next_login(user_dn) + # modify the userAccountControl to remove the disabled bit self.enable_account(user_dn) except: @@ -152,7 +169,7 @@ userAccountControl: %u raise self.transaction_commit() - def setpassword(self, filter, password, must_change_at_next_login=False): + def setpassword(self, filter, password, force_password_change_at_next_login=False): """Set a password on a user record :param filter: LDAP filter to find the user (eg samccountname=name) @@ -184,14 +201,8 @@ userPassword:: %s self.modify_ldif(setpw) - if must_change_at_next_login: - mod = """ -dn: %s -changetype: modify -replace: pwdLastSet -pwdLastSet: 0 -""" % (user_dn) - self.modify_ldif(mod) + if force_password_change_at_next_login: + self.force_password_change_at_next_login(user_dn) # modify the userAccountControl to remove the disabled bit self.enable_account(user_dn) |