From 1cef3212a1099b87769c473ee99c0c0f2a4d2b04 Mon Sep 17 00:00:00 2001
From: Giampaolo Lauria <lauria2@yahoo.com>
Date: Tue, 8 Nov 2011 14:59:19 -0500
Subject: samba-tool: Added new "user disable" command

---
 source4/scripting/python/samba/netcmd/user.py | 33 +++++++++++++++++++++++++++
 source4/scripting/python/samba/samdb.py       | 10 ++++++++
 2 files changed, 43 insertions(+)

diff --git a/source4/scripting/python/samba/netcmd/user.py b/source4/scripting/python/samba/netcmd/user.py
index 2ebf0ed315..1d84a3391c 100644
--- a/source4/scripting/python/samba/netcmd/user.py
+++ b/source4/scripting/python/samba/netcmd/user.py
@@ -281,6 +281,38 @@ Example3 shows how to enable a user in the domain against a local LDAP server.
         self.outf.write("Enabled user '%s'\n" % (username or filter))
 
 
+class cmd_user_disable(Command):
+    """Disable a user"""
+
+    synopsis = "%prog (<username>|--filter <filter>) [options]"
+
+    takes_options = [
+        Option("-H", "--URL", help="LDB URL for database or target server", type=str,
+               metavar="URL", dest="H"),
+        Option("--filter", help="LDAP Filter to set password on", type=str),
+        ]
+
+    takes_args = ["username?"]
+
+    def run(self, username=None, sambaopts=None, credopts=None,
+            versionopts=None, filter=None, H=None):
+        if username is None and filter is None:
+            raise CommandError("Either the username or '--filter' must be specified!")
+
+        if filter is None:
+            filter = "(&(objectClass=user)(sAMAccountName=%s))" % (ldb.binary_encode(username))
+
+        lp = sambaopts.get_loadparm()
+        creds = credopts.get_credentials(lp, fallback_machine=True)
+
+        samdb = SamDB(url=H, session_info=system_session(),
+            credentials=creds, lp=lp)
+        try:
+            samdb.disable_account(filter)
+        except Exception, msg:
+            raise CommandError("Failed to disable user '%s': %s" % (username or filter, msg))
+
+
 class cmd_user_setexpiry(Command):
     """Sets the expiration of a user account
 
@@ -472,6 +504,7 @@ class cmd_user(SuperCommand):
     subcommands["add"] = cmd_user_create()
     subcommands["create"] = cmd_user_create()
     subcommands["delete"] = cmd_user_delete()
+    subcommands["disable"] = cmd_user_disable()
     subcommands["enable"] = cmd_user_enable()
     subcommands["list"] = cmd_user_list()
     subcommands["setexpiry"] = cmd_user_setexpiry()
diff --git a/source4/scripting/python/samba/samdb.py b/source4/scripting/python/samba/samdb.py
index df05a5208b..a21ed76e6b 100644
--- a/source4/scripting/python/samba/samdb.py
+++ b/source4/scripting/python/samba/samdb.py
@@ -80,6 +80,16 @@ class SamDB(samba.Ldb):
         '''return the domain DN'''
         return str(self.get_default_basedn())
 
+    def disable_account(self, search_filter):
+        """Disables an account
+
+        :param search_filter: LDAP filter to find the user (eg
+            samccountname=name)
+        """
+
+        flags = samba.dsdb.UF_ACCOUNTDISABLE | samba.dsdb.UF_PASSWD_NOTREQD
+        self.toggle_userAccountFlags(search_filter, flags, on=True)
+
     def enable_account(self, search_filter):
         """Enables an account
 
-- 
cgit