mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-23 14:53:12 -06:00
275 lines
7.6 KiB
Python
275 lines
7.6 KiB
Python
# Authors:
|
|
# Jason Gerard DeRose <jderose@redhat.com>
|
|
# Pavel Zuna <pzuna@redhat.com>
|
|
#
|
|
# Copyright (C) 2008 Red Hat
|
|
# see file 'COPYING' for use and warranty information
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of the GNU General Public License as
|
|
# published by the Free Software Foundation; version 2 only
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program; if not, write to the Free Software
|
|
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
"""
|
|
Users (Identity)
|
|
"""
|
|
|
|
from ipalib import api, errors
|
|
from ipalib import Flag, Int, Password, Str
|
|
from ipalib.plugins.baseldap import *
|
|
from ipalib import _, ngettext
|
|
|
|
|
|
class user(LDAPObject):
|
|
"""
|
|
User object.
|
|
"""
|
|
container_dn = api.env.container_user
|
|
object_name = 'user'
|
|
object_name_plural = 'users'
|
|
object_class = ['posixaccount']
|
|
object_class_config = 'ipauserobjectclasses'
|
|
default_attributes = [
|
|
'uid', 'givenname', 'sn', 'homedirectory', 'loginshell', 'ou',
|
|
'telephonenumber', 'title',
|
|
]
|
|
uuid_attribute = 'ipauniqueid'
|
|
attribute_names = {
|
|
'uid': 'user id',
|
|
'cn': 'full name',
|
|
'givenname': 'first name',
|
|
'sn': 'last name',
|
|
'homedirectory': 'home directory',
|
|
'loginshell': 'login shell',
|
|
'krbprincipalname': 'kerberos principal',
|
|
'krblastpwdchange': 'last password change',
|
|
'krbpasswordexpiration': 'password expiration',
|
|
'uidnumber': 'uid number',
|
|
'gidnumber': 'gid number',
|
|
'memberof group': 'member of groups',
|
|
'memberof netgroup': 'member of netgroups',
|
|
'memberof rolegroup': 'member of rolegroups',
|
|
'memberof taskgroup': 'member of taskgroups',
|
|
'ipauniqueid': 'unique identifier'
|
|
}
|
|
attribute_order = [
|
|
'uid', 'cn', 'givenname', 'sn', 'title', 'telephonenumber', 'ou',
|
|
'homedirectory', 'loginshell', 'uidnumber', 'gidnumber', 'gecos',
|
|
'krbprincipalname', 'krblastpwdchange', 'krbpasswordexpiration',
|
|
]
|
|
attribute_members = {
|
|
'memberof': ['group', 'netgroup', 'rolegroup', 'taskgroup'],
|
|
}
|
|
|
|
takes_params = (
|
|
Str('uid',
|
|
cli_name='login',
|
|
label='User login',
|
|
primary_key=True,
|
|
default_from=lambda givenname, sn: givenname[0] + sn,
|
|
normalizer=lambda value: value.lower(),
|
|
),
|
|
Str('givenname',
|
|
cli_name='first',
|
|
label='First name',
|
|
),
|
|
Str('sn',
|
|
cli_name='last',
|
|
label='Last name',
|
|
),
|
|
Str('homedirectory?',
|
|
cli_name='homedir',
|
|
label='Home directory',
|
|
default_from=lambda uid: '/home/%s' % uid,
|
|
),
|
|
Str('gecos?',
|
|
label='GECOS field',
|
|
default_from=lambda uid: uid,
|
|
autofill=True,
|
|
),
|
|
Str('loginshell?',
|
|
cli_name='shell',
|
|
label='Login shell',
|
|
default=u'/bin/sh',
|
|
),
|
|
Str('krbprincipalname?',
|
|
cli_name='principal',
|
|
label='Kerberos principal',
|
|
default_from=lambda uid: '%s@%s' % (uid, api.env.realm),
|
|
autofill=True,
|
|
),
|
|
Str('mail?',
|
|
cli_name='email',
|
|
label='Email address',
|
|
),
|
|
Password('userpassword?',
|
|
cli_name='password',
|
|
label='Password',
|
|
doc='Set the user password',
|
|
),
|
|
Int('uidnumber?',
|
|
cli_name='uid',
|
|
label='UID',
|
|
doc='UID (use this option to set it manually)',
|
|
),
|
|
Str('street?',
|
|
cli_name='street',
|
|
label='Street address',
|
|
),
|
|
)
|
|
|
|
api.register(user)
|
|
|
|
|
|
class user_add(LDAPCreate):
|
|
"""
|
|
Create new user.
|
|
"""
|
|
|
|
msg_summary = _('Added user "%(value)s"')
|
|
|
|
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
|
|
config = ldap.get_ipa_config()[1]
|
|
entry_attrs.setdefault('loginshell', config.get('ipadefaultloginshell'))
|
|
# hack so we can request separate first and last name in CLI
|
|
full_name = '%s %s' % (entry_attrs['givenname'], entry_attrs['sn'])
|
|
entry_attrs.setdefault('cn', full_name)
|
|
if 'homedirectory' not in entry_attrs:
|
|
# get home's root directory from config
|
|
homes_root = config.get('ipahomesrootdir', '/home')[0]
|
|
# build user's home directory based on his uid
|
|
home_dir = '%s/%s' % (homes_root, keys[-1])
|
|
home_dir = home_dir.replace('//', '/').rstrip('/')
|
|
entry_attrs['homedirectory'] = home_dir
|
|
|
|
# we're adding new users to a default group, get its gidNumber
|
|
# get default group name from config
|
|
def_primary_group = config.get('ipadefaultprimarygroup')
|
|
group_dn = self.api.Object['group'].get_dn(def_primary_group)
|
|
try:
|
|
(group_dn, group_attrs) = ldap.get_entry(group_dn, ['gidnumber'])
|
|
except errors.NotFound:
|
|
error_msg = 'Default group for new users not found.'
|
|
raise errors.NotFound(reason=error_msg)
|
|
entry_attrs['gidnumber'] = group_attrs['gidnumber']
|
|
|
|
return dn
|
|
|
|
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
|
|
config = ldap.get_ipa_config()[1]
|
|
# add the user we just created into the default primary group
|
|
def_primary_group = config.get('ipadefaultprimarygroup')
|
|
group_dn = self.api.Object['group'].get_dn(def_primary_group)
|
|
ldap.add_entry_to_group(dn, group_dn)
|
|
return dn
|
|
|
|
api.register(user_add)
|
|
|
|
|
|
class user_del(LDAPDelete):
|
|
"""
|
|
Delete user.
|
|
"""
|
|
|
|
msg_summary = _('Deleted user "%(value)s"')
|
|
|
|
def pre_callback(self, ldap, dn, *keys, **options):
|
|
if keys[-1] == 'admin':
|
|
raise errors.ExecutionError('Cannot delete user "admin".')
|
|
return dn
|
|
|
|
def post_callback(self, ldap, dn, *keys, **options):
|
|
self.log.info('IPA: %s "%s"' % (self.name, keys[-1]))
|
|
return True
|
|
|
|
api.register(user_del)
|
|
|
|
|
|
class user_mod(LDAPUpdate):
|
|
"""
|
|
Modify user.
|
|
"""
|
|
|
|
msg_summary = _('Modified user "%(value)s"')
|
|
|
|
api.register(user_mod)
|
|
|
|
|
|
class user_find(LDAPSearch):
|
|
"""
|
|
Search for users.
|
|
"""
|
|
|
|
msg_summary = ngettext(
|
|
'%(count)d user matched', '%(count)d users matched', 0
|
|
)
|
|
|
|
api.register(user_find)
|
|
|
|
|
|
class user_show(LDAPRetrieve):
|
|
"""
|
|
Display user.
|
|
"""
|
|
|
|
api.register(user_show)
|
|
|
|
|
|
class user_lock(LDAPQuery):
|
|
"""
|
|
Lock user account.
|
|
"""
|
|
|
|
has_output = output.standard_value
|
|
msg_summary = _('Locked user "%(value)s"')
|
|
|
|
def execute(self, *keys, **options):
|
|
ldap = self.obj.backend
|
|
|
|
dn = self.obj.get_dn(*keys, **options)
|
|
|
|
try:
|
|
ldap.deactivate_entry(dn)
|
|
except errors.AlreadyInactive:
|
|
pass
|
|
|
|
return dict(
|
|
result=True,
|
|
value=keys[0],
|
|
)
|
|
|
|
api.register(user_lock)
|
|
|
|
|
|
class user_unlock(LDAPQuery):
|
|
"""
|
|
Unlock user account.
|
|
"""
|
|
|
|
has_output = output.standard_value
|
|
msg_summary = _('Unlocked user "%(value)s"')
|
|
|
|
def execute(self, *keys, **options):
|
|
ldap = self.obj.backend
|
|
|
|
dn = self.obj.get_dn(*keys, **options)
|
|
|
|
try:
|
|
ldap.activate_entry(dn)
|
|
except errors.AlreadyActive:
|
|
pass
|
|
|
|
return dict(
|
|
result=True,
|
|
value=keys[0],
|
|
)
|
|
|
|
api.register(user_unlock)
|