IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

merged radius work with latest mainline tip

Browse Source
This commit is contained in:
John Dennis
2007-11-28 07:49:07 -05:00
parent c939c5d289 2e7f629d91
commit 904b76059c
100 changed files with 5561 additions and 1025 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ipa-admintools/Makefile
View File

@@ -21,6 +21,7 @@ install:
install -m 755 ipa-deldelegation $(SBINDIR)
install -m 755 ipa-listdelegation $(SBINDIR)
install -m 755 ipa-moddelegation $(SBINDIR)
install -m 755 ipa-getkeytab $(SBINDIR)
install -m 755 ipa-addradiusclient $(SBINDIR)
install -m 755 ipa-radiusclientmod $(SBINDIR)
install -m 755 ipa-delradiusclient $(SBINDIR)

27
ipa-admintools/ipa-adddelegation
View File

@@ -31,6 +31,7 @@ import xmlrpclib
import kerberos
import krbV
import ldap
import errno
def usage():
print "ipa-adddelgation [-a|--attributes attr1,attr2,..,attrn] [-s|--source STRING] [-t|--target STRING] name"
@@ -90,12 +91,34 @@ def main():
new_aci.dest_group = target_grp[1].dn
new_aci.attrs = attr_list
aci_entry = client.get_aci_entry(['*', 'aci'])
# Look for an existing ACI of the same name
aci_str_list = aci_entry.getValues('aci')
if aci_str_list is None:
aci_str_list = []
if not(isinstance(aci_str_list,list) or isinstance(aci_str_list,tuple)):
aci_str_list = [aci_str_list]
for aci_str in aci_str_list:
try:
old_aci = ipa.aci.ACI(aci_str)
if old_aci.name == new_aci.name:
print "A delegation of that name already exists"
return 2
except SyntaxError:
# ignore aci_str's that ACI can't parse
pass
aci_entry = client.get_aci_entry(['dn'])
aci_entry.setValue('aci', new_aci.export_to_string())
client.update_entry(aci_entry)
except xmlrpclib.Fault, f:
print f.faultString
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])

8
ipa-admintools/ipa-addgroup
View File

@@ -30,6 +30,7 @@ import ipa.ipaerror
import xmlrpclib
import kerberos
import ldap
import errno
def usage():
print "ipa-addgroup [-d|--description STRING] group"
@@ -95,8 +96,11 @@ def main():
client = ipaclient.IPAClient()
client.add_group(group)
print cn + " successfully added"
except xmlrpclib.Fault, f:
print f.faultString
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])

10
ipa-admintools/ipa-adduser
View File

@@ -31,6 +31,7 @@ import kerberos
import krbV
import ldap
import getpass
import errno
def usage():
print "ipa-adduser [-c|--gecos STRING] [-d|--directory STRING] [-f|--firstname STRING] [-l|--lastname STRING] user"
@@ -204,14 +205,15 @@ def main():
user.setValue('homedirectory', directory)
if shell:
user.setValue('loginshell', shell)
else:
user.setValue('loginshell', "/bin/sh")
try:
client = ipaclient.IPAClient()
client.add_user(user)
except xmlrpclib.Fault, f:
print f.faultString
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])

13
ipa-admintools/freeipa-admintools.spec → ipa-admintools/ipa-admintools.spec
View File

@@ -1,7 +1,7 @@
Name: freeipa-admintools
Version: 0.4.1
Name: ipa-admintools
Version: 0.5.0
Release: 1%{?dist}
Summary: FreeIPA authentication server
Summary: IPA authentication server
Group: System Environment/Base
License: GPL
@@ -10,10 +10,10 @@ Source0: %{name}-%{version}.tgz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
Requires: python python-krbV freeipa-python
Requires: python python-krbV ipa-python
%description
FreeIPA is a server for identity, policy, and audit.
IPA is a server for identity, policy, and audit.
%prep
%setup -q
@@ -35,6 +35,9 @@ rm -rf %{buildroot}
%{_mandir}/man1/*
%changelog
* Wed Nov 21 2007 Karl MacMillan <kmacmill@redhat.com> - 0.5.0-1
- Version bump for release and rpm name change
* Thu Nov 1 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.1-1
- Version bump for release

11
ipa-admintools/freeipa-admintools.spec.in → ipa-admintools/ipa-admintools.spec.in
View File

@@ -1,7 +1,7 @@
Name: freeipa-admintools
Name: ipa-admintools
Version: VERSION
Release: 1%{?dist}
Summary: FreeIPA authentication server
Summary: IPA authentication server
Group: System Environment/Base
License: GPL
@@ -10,10 +10,10 @@ Source0: %{name}-%{version}.tgz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
Requires: python python-krbV freeipa-python
Requires: python python-krbV ipa-python
%description
FreeIPA is a server for identity, policy, and audit.
IPA is a server for identity, policy, and audit.
%prep
%setup -q
@@ -35,6 +35,9 @@ rm -rf %{buildroot}
%{_mandir}/man1/*
%changelog
* Wed Nov 21 2007 Karl MacMillan <kmacmill@redhat.com> - 0.5.0-1
- Version bump for release and rpm name change
* Thu Nov 1 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.1-1
- Version bump for release

13
ipa-admintools/ipa-deldelegation
View File

@@ -26,6 +26,7 @@ import ipa.config
import xmlrpclib
import kerberos
import copy
import errno
import ipa.aci
from ipa import ipaerror
@@ -85,12 +86,24 @@ def main():
aci_entry.setValue('aci', new_aci_str_list)
client.update_entry(aci_entry)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
return 1
except (SyntaxError, ipaerror.IPAError), e:
print "Delegation deletion failed: " + str(e)
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
return 1
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
return 1
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
return 1
return 0

8
ipa-admintools/ipa-delgroup
View File

@@ -23,6 +23,7 @@ from optparse import OptionParser
import ipa
import ipa.ipaclient as ipaclient
import ipa.config
import errno
import xmlrpclib
import kerberos
@@ -54,8 +55,11 @@ def main():
print args[1] + " successfully deleted"
else:
print args[1] + " " + ret
except xmlrpclib.Fault, f:
print f.faultString
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])

26
ipa-admintools/ipa-deluser
View File

@@ -23,6 +23,7 @@ from optparse import OptionParser
import ipa
import ipa.ipaclient as ipaclient
import ipa.config
import errno
import xmlrpclib
import kerberos
@@ -33,6 +34,8 @@ def usage():
def parse_options():
parser = OptionParser()
parser.add_option("-d", "--delete", action="store_true", dest="deluser",
help="Delete the user, don't inactivate them.")
parser.add_option("--usage", action="store_true",
help="Program usage")
@@ -47,15 +50,26 @@ def main():
if len(args) != 2:
usage()
msg = "inactivated"
try:
client = ipaclient.IPAClient()
ret = client.mark_user_deleted(args[1])
if (ret == "Success"):
print args[1] + " successfully deleted"
if options.deluser:
ret = client.delete_user(args[1])
msg = "deleted"
else:
print args[1] + " " + ret
except xmlrpclib.Fault, f:
print f.faultString
try:
ret = client.mark_user_inactive(args[1])
except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_EMPTY_MODLIST):
print "User is already marked inactive"
return 0
except:
raise
print args[1] + " successfully %s" % msg
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])

27
ipa-admintools/ipa-findgroup
View File

@@ -23,6 +23,7 @@ from optparse import OptionParser
import ipa.ipaclient as ipaclient
import ipa.config
import errno
import sys
import xmlrpclib
import kerberos
@@ -34,6 +35,12 @@ def usage():
def parse_options():
parser = OptionParser()
parser.add_option("-a", "--all", action="store_true", dest="all",
help="Show all group attributes")
parser.add_option("-n", "--notranslate", action="store_true",
dest="notranslate",
help="Don't translate LDAP attributes into readable labels")
args = ipa.config.init_config(sys.argv)
options, args = parser.parse_args(args)
@@ -48,7 +55,10 @@ def main():
try:
client = ipaclient.IPAClient()
groups = client.find_groups(args[1], ['cn','description','gidnumber'])
if options.all is None:
groups = client.find_groups(args[1], ['cn','description','gidnumber','nsAccountLock'])
else:
groups = client.find_groups(args[1], sattrs=['*','nsAccountLock'])
counter = groups[0]
groups = groups[1:]
@@ -64,15 +74,21 @@ def main():
print str(e)
continue
attr = ent.attrList()
if options.notranslate:
labels = {}
for a in attr:
labels[a] = a
else:
labels = client.attrs_to_labels(attr)
print "dn: " + ent.dn
for a in attr:
value = ent.getValues(a)
if isinstance(value,str):
print a + ": " + value
print labels[a] + ": " + value
else:
print a + ": "
print labels[a] + ": "
for l in value:
print "\t" + l
@@ -87,7 +103,10 @@ def main():
print
except xmlrpclib.Fault, fault:
print fault.faultString
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])

19
ipa-admintools/ipa-finduser
View File

@@ -25,6 +25,7 @@ import ipa.config
import ipa.ipautil as ipautil
import base64
import errno
import sys
import xmlrpclib
import kerberos
@@ -38,6 +39,9 @@ def parse_options():
parser.add_option("-a", "--all", action="store_true", dest="all",
help="Set user's e-mail address")
parser.add_option("-n", "--notranslate", action="store_true",
dest="notranslate",
help="Don't translate LDAP attributes into readable labels")
parser.add_option("--usage", action="store_true",
help="Program usage")
@@ -90,6 +94,12 @@ def main():
for ent in users:
attr = ent.attrList()
attr.sort()
if options.notranslate:
labels = {}
for a in attr:
labels[a] = a
else:
labels = client.attrs_to_labels(attr)
if options.all is True:
print "dn: " + ent.dn
@@ -97,16 +107,19 @@ def main():
for a in attr:
value = ent.getValues(a)
if isinstance(value,str):
print a + ": " + str(wrap_binary_data(value)).rstrip()
print labels[a] + ": " + str(wrap_binary_data(value)).rstrip()
else:
print a + ": "
print labels[a] + ": "
for l in value:
print "\t" + wrap_binary_data(l)
# blank line between results
print
except xmlrpclib.Fault, fault:
print fault.faultString
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])

83
ipa-admintools/ipa-getkeytab Normal file
View File

@@ -0,0 +1,83 @@
#! /usr/bin/python -E
# Authors: Karl MacMillan <kmacmill@redhat.com>
#
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import sys
from optparse import OptionParser
import ipa
import ipa.user
import ipa.ipaclient as ipaclient
import ipa.ipavalidate as ipavalidate
import ipa.config
import base64
import xmlrpclib
import kerberos
import krbV
import ldap
import getpass
import errno
def usage():
print "ipa-getkeytab [-a] principal filename"
sys.exit(1)
def parse_options():
parser = OptionParser()
parser.add_option("-a", "--add", dest="add_princ", action="store_true",
help="add the principal")
args = ipa.config.init_config(sys.argv)
options, args = parser.parse_args(args)
return options, args
def main():
# The following fields are required
princ_name = ""
options, args = parse_options()
if len(args) != 3:
usage()
princ_name = args[1]
file_name = args[2]
client = ipaclient.IPAClient()
try:
if options.add_princ:
client.add_service_principal(princ_name)
princs = client.get_keytab(princ_name)
if princs is None:
print "could not generate keytab"
sys.exit(1)
fd = open(file_name, "w")
fd.write(princs)
except Exception, e:
print str(e)
if __name__ == "__main__":
sys.exit(main())

93
ipa-admintools/ipa-groupmod
View File

@@ -29,12 +29,16 @@ import ipa.ipaerror
import xmlrpclib
import kerberos
import ldap
import errno
def usage():
print "ipa-groupmod [-a] [-r] user group"
print "ipa-groupmod [-d|--desc description STRING] group"
print "ipa-groupmod [-a|--add] [-r|--remove] user group"
print "ipa-groupmod [-d|--desc description STRING] [--addattr attribute=value] [--delattr attribute] [--setattr attribute=value] group"
sys.exit(1)
def set_add_usage(which):
print "%s option usage: --%s NAME=VALUE" % (which, which)
def parse_options():
parser = OptionParser()
parser.add_option("-a", "--add", dest="add", action="store_true",
@@ -43,20 +47,38 @@ def parse_options():
help="Remove a user from the group")
parser.add_option("-d", "--description", dest="desc",
help="Modify the description of the group")
parser.add_option("--addattr", dest="addattr",
help="Adds an attribute or values to that attribute, attr=value",
action="append")
parser.add_option("--delattr", dest="delattr",
help="Remove an attribute", action="append")
parser.add_option("--setattr", dest="setattr",
help="Set an attribute, dropping any existing values that may exist",
action="append")
parser.add_option("--usage", action="store_true",
help="Program usage")
args = ipa.config.init_config(sys.argv)
options, args = parser.parse_args(args)
if (not options.add and not options.remove) and (not options.desc):
if (not options.add and not options.remove) and (not options.desc and
not options.addattr and not options.delattr and not options.setattr):
usage()
return options, args
def get_group(client, group_cn):
def get_group(client, options, group_cn):
try:
group = client.get_entry_by_cn(group_cn)
attrs = ['*']
# in case any attributes being modified are operational such as
# nsaccountlock. Any attribute to be deleted needs to be included
# in the original record so it can be seen as being removed.
if options.delattr:
for d in options.delattr:
attrs.append(d)
group = client.get_entry_by_cn(group_cn, sattrs=attrs)
except ipa.ipaerror.IPAError, e:
print "%s" % e.message
return None
@@ -69,32 +91,69 @@ def main():
if (options.add or options.remove) and (len(args) != 3):
usage()
if (options.desc and (len(args) != 2)):
elif ((options.desc or options.addattr or options.delattr or options.setattr) and (len(args) != 2)):
usage()
try:
client = ipaclient.IPAClient()
if options.add:
group = get_group(client, args[2])
group = get_group(client, options, args[2])
if group is None:
return 1
client.add_user_to_group(args[1], group.dn)
print args[1] + " successfully added to " + args[2]
users = args[1].split(',')
for user in users:
client.add_user_to_group(user, group.dn)
print user + " successfully added to " + args[2]
elif options.remove:
group = get_group(client, args[2])
group = get_group(client, options, args[2])
if group is None:
return 1
client.remove_user_from_group(args[1], group.dn)
print args[1] + " successfully removed"
elif options.desc:
group = get_group(client, args[1])
users = args[1].split(',')
for user in users:
client.remove_user_from_group(user, group.dn)
print user + " successfully removed"
else:
group = get_group(client, options, args[1])
if group is None:
return 1
group.setValue('description', options.desc)
if options.desc:
group.setValue('description', options.desc)
if options.delattr:
for d in options.delattr:
group.delValue(d)
if options.setattr:
for s in options.setattr:
s = s.split('=')
if len(s) != 2:
set_add_usage("set")
sys.exit(1)
(attr,value) = s
group.setValue(attr, value)
if options.addattr:
for a in options.addattr:
a = a.split('=')
if len(a) != 2:
set_add_usage("add")
sys.exit(1)
(attr,value) = a
cvalue = group.getValue(attr)
if cvalue:
if isinstance(cvalue,str):
cvalue = [cvalue]
value = cvalue + [value]
group.setValue(attr, value)
client.update_group(group)
print args[1] + " successfully updated"
except xmlrpclib.Fault, f:
print f.faultString
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])

18
ipa-admintools/ipa-listdelegation
View File

@@ -23,8 +23,10 @@ from optparse import OptionParser
import ipa.ipaclient as ipaclient
import ipa.config
import operator
import xmlrpclib
import kerberos
import errno
import ipa.aci
from ipa import ipaerror
@@ -51,12 +53,21 @@ def main():
client = ipaclient.IPAClient()
try:
aci_entry = client.get_aci_entry(aci_fields)
except ipaerror.IPAError, e:
print("Delegation list failed: " + str(e))
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
return 1
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
return 1
except ipaerror.IPAError, e:
print("Delegation list failed: " + str(e))
return 1
aci_str_list = aci_entry.getValues('aci')
if aci_str_list is None:
@@ -75,7 +86,8 @@ def main():
group_dn_to_cn = ipa.aci.extract_group_cns(aci_list, client)
for a in aci_list:
# the operator.itemgetter(0) lets us sort by the name field
for a in sorted(aci_list, key=operator.itemgetter(0)):
labels = client.attrs_to_labels(a.attrs)
print "Delegation Name: " + a.name
print "Group " + group_dn_to_cn[a.source_group]

8
ipa-admintools/ipa-moddelegation
View File

@@ -32,6 +32,7 @@ import kerberos
import krbV
import ldap
import copy
import errno
aci_fields = ['*', 'aci']
@@ -142,8 +143,11 @@ def main():
aci_entry.setValue('aci', new_aci_str_list)
client.update_entry(aci_entry)
except xmlrpclib.Fault, f:
print f.faultString
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])

13
ipa-admintools/ipa-passwd
View File

@@ -29,6 +29,7 @@ import kerberos
import krbV
import ldap
import getpass
import errno
def usage():
print "ipa-passwd [user]"
@@ -98,6 +99,18 @@ def main():
try:
client = ipaclient.IPAClient()
client.modifyPassword(principal, None, password)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
return 1
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
return 1
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
return 1

43
ipa-admintools/ipa-usermod
View File

@@ -29,9 +29,10 @@ import ipa.config
import xmlrpclib
import kerberos
import ldap
import errno
def usage():
print "ipa-usermod [-c|--gecos STRING] [-d|--directory STRING] [-f|--firstname STRING] [-l|--lastname STRING] [-s|--shell STRING] [--add attribute=value] [--del attribute] [--set attribute=value] user"
print "ipa-usermod [-a|--activate] [-c|--gecos STRING] [-d|--directory STRING] [-f|--firstname STRING] [-l|--lastname STRING] [-s|--shell STRING] [--add attribute=value] [--del attribute] [--set attribute=value] user"
sys.exit(1)
def set_add_usage(which):
@@ -39,6 +40,8 @@ def set_add_usage(which):
def parse_options():
parser = OptionParser()
parser.add_option("-a", "--activate", dest="activate", action="store_true",
help="Activate the user")
parser.add_option("-c", "--gecos", dest="gecos",
help="Set the GECOS field")
parser.add_option("-d", "--directory", dest="directory",
@@ -49,12 +52,12 @@ def parse_options():
help="User's last name")
parser.add_option("-s", "--shell", dest="shell",
help="Set user's login shell to shell")
parser.add_option("--add", dest="addattr",
parser.add_option("--addattr", dest="addattr",
help="Adds an attribute or values to that attribute, attr=value",
action="append")
parser.add_option("--del", dest="delattr",
parser.add_option("--delattr", dest="delattr",
help="Remove an attribute", action="append")
parser.add_option("--set", dest="setattr",
parser.add_option("--setattr", dest="setattr",
help="Set an attribute, dropping any existing values that may exist",
action="append")
parser.add_option("-M", "--mailAddress", dest="mail",
@@ -90,7 +93,15 @@ def main():
client = ipaclient.IPAClient()
try:
user = client.get_user_by_uid(username)
attrs = ['*']
# in case any attributes being modified are operational such as
# nsaccountlock. Any attribute to be deleted needs to be included
# in the original record so it can be seen as being removed.
if options.delattr:
for d in options.delattr:
attrs.append(d)
user = client.get_user_by_uid(username, sattrs=attrs)
except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_NOT_FOUND):
print "User %s not found" % username
return 1
@@ -102,7 +113,7 @@ def main():
return 1
# If any options are set we use just those. Otherwise ask for all of them.
if options.gn or options.sn or options.directory or options.gecos or options.mail or options.shell or options.addattr or options.delattr or options.setattr:
if options.gn or options.sn or options.directory or options.gecos or options.mail or options.shell or options.addattr or options.delattr or options.setattr or options.activate:
givenname = options.gn
lastname = options.sn
gecos = options.gecos
@@ -202,8 +213,7 @@ def main():
if options.delattr:
for d in options.delattr:
# doesn't truly delete the attribute but does null out the value
user.setValue(d, '')
user.delValue(d)
if options.setattr:
for s in options.setattr:
@@ -228,11 +238,22 @@ def main():
value = cvalue + [value]
user.setValue(attr, value)
try:
if options.activate:
try:
client.mark_user_active(user.getValues('uid'))
print "User activated successfully."
except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_EMPTY_MODLIST):
print "User is already marked active"
return 0
except:
raise
client.update_user(user)
except xmlrpclib.Fault, f:
print f.faultString
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])

14
ipa-admintools/man/ipa-deluser.1
View File

@@ -19,14 +19,20 @@
.\"
.TH "ipa-deluser" "1" "Oct 10 2007" "freeipa" ""
.SH "NAME"
ipa\-deluser \- Delete a user
ipa\-deluser \- Delete or inactivate a user
.SH "SYNOPSIS"
ipa\-deluser \fIuser\fR
ipa\-deluser [\fIOPTION\fR]... \fIuser\fR
.SH "DESCRIPTION"
Deletes a user with name \fIname\fR.
Inactivates a user with login name \fIname\fR.
Users are not completely removed with the command, just marked as inactive.
By default users are not completely removed. They are marked as inactive. Use the [\-d|\-\-delete] option to completely remove them.
Users are automatically removed from groups when they are deleted. The are not when inactivated.
.SH "OPTIONS"
.TP
\fB\-d\fR, \fB\-\-delete
Completely remove the user from the database. The default is to mark the user inactive.
.SH "EXIT STATUS"
The exit status is 0 on success, nonzero on error.

12
ipa-admintools/man/ipa-groupmod.1
View File

@@ -37,5 +37,17 @@ Modify the description of the group
.TP
\fB\-r\fR, \fB\-\-remove\fR=\fIuser1,user2,...usern\fR
Remove one or more users from the group
.TP
\fB\-\-addattr\fR=\fIattr=value\fR
Add a new attribute, or value to an existing attribute
.TP
\fB\-\-delattr\fR=\fIattr=value\fR
Remove an attribute and all values
.TP
\fB\-\-setattr\fR=\fIattr=value\fR
Set an attribute to a new value, removing all old ones
.SH "EXIT STATUS"
The exit status is 0 on success, nonzero on error.

16
ipa-admintools/man/ipa-usermod.1
View File

@@ -21,10 +21,10 @@
.SH "NAME"
ipa\-usermod \- Modify a user
.SH "SYNOPSIS"
ipa\-usermod [\fIOPTION\fR]... \fIgroup\fR
ipa\-usermod [\fIOPTION\fR]... \fIname\fR
.SH "DESCRIPTION"
Updates the members or description of \fIgroup\fR.
Updates the user \fIname\fR.
.SH "OPTIONS"
.TP
\fB\-a\fR, \fB\-\-add\fR=\fIuser1,user2,...usern\fR
@@ -37,5 +37,17 @@ Modify the description of the group
.TP
\fB\-r\fR, \fB\-\-remove\fR=\fIuser1,user2,...usern\fR
Remove one or more users from the group
.TP
\fB\-\-addattr\fR=\fIattr=value\fR
Add a new attribute, or value to an existing attribute
.TP
\fB\-\-delattr\fR=\fIattr=value\fR
Remove an attribute and all values
.TP
\fB\-\-setattr\fR=\fIattr=value\fR
Set an attribute to a new value, removing all old ones
.SH "EXIT STATUS"
The exit status is 0 on success, nonzero on error.