From 1cef3212a1099b87769c473ee99c0c0f2a4d2b04 Mon Sep 17 00:00:00 2001 From: Giampaolo Lauria Date: Tue, 8 Nov 2011 14:59:19 -0500 Subject: samba-tool: Added new "user disable" command --- source4/scripting/python/samba/netcmd/user.py | 33 +++++++++++++++++++++++++++ source4/scripting/python/samba/samdb.py | 10 ++++++++ 2 files changed, 43 insertions(+) diff --git a/source4/scripting/python/samba/netcmd/user.py b/source4/scripting/python/samba/netcmd/user.py index 2ebf0ed315..1d84a3391c 100644 --- a/source4/scripting/python/samba/netcmd/user.py +++ b/source4/scripting/python/samba/netcmd/user.py @@ -281,6 +281,38 @@ Example3 shows how to enable a user in the domain against a local LDAP server. self.outf.write("Enabled user '%s'\n" % (username or filter)) +class cmd_user_disable(Command): + """Disable a user""" + + synopsis = "%prog (|--filter ) [options]" + + takes_options = [ + Option("-H", "--URL", help="LDB URL for database or target server", type=str, + metavar="URL", dest="H"), + Option("--filter", help="LDAP Filter to set password on", type=str), + ] + + takes_args = ["username?"] + + def run(self, username=None, sambaopts=None, credopts=None, + versionopts=None, filter=None, H=None): + if username is None and filter is None: + raise CommandError("Either the username or '--filter' must be specified!") + + if filter is None: + filter = "(&(objectClass=user)(sAMAccountName=%s))" % (ldb.binary_encode(username)) + + lp = sambaopts.get_loadparm() + creds = credopts.get_credentials(lp, fallback_machine=True) + + samdb = SamDB(url=H, session_info=system_session(), + credentials=creds, lp=lp) + try: + samdb.disable_account(filter) + except Exception, msg: + raise CommandError("Failed to disable user '%s': %s" % (username or filter, msg)) + + class cmd_user_setexpiry(Command): """Sets the expiration of a user account @@ -472,6 +504,7 @@ class cmd_user(SuperCommand): subcommands["add"] = cmd_user_create() subcommands["create"] = cmd_user_create() subcommands["delete"] = cmd_user_delete() + subcommands["disable"] = cmd_user_disable() subcommands["enable"] = cmd_user_enable() subcommands["list"] = cmd_user_list() subcommands["setexpiry"] = cmd_user_setexpiry() diff --git a/source4/scripting/python/samba/samdb.py b/source4/scripting/python/samba/samdb.py index df05a5208b..a21ed76e6b 100644 --- a/source4/scripting/python/samba/samdb.py +++ b/source4/scripting/python/samba/samdb.py @@ -80,6 +80,16 @@ class SamDB(samba.Ldb): '''return the domain DN''' return str(self.get_default_basedn()) + def disable_account(self, search_filter): + """Disables an account + + :param search_filter: LDAP filter to find the user (eg + samccountname=name) + """ + + flags = samba.dsdb.UF_ACCOUNTDISABLE | samba.dsdb.UF_PASSWD_NOTREQD + self.toggle_userAccountFlags(search_filter, flags, on=True) + def enable_account(self, search_filter): """Enables an account -- cgit