From 5b6afeab2e70232aaf89ef3115bfd9ccd651742a Mon Sep 17 00:00:00 2001 From: Marc Muehlfeld Date: Thu, 30 Oct 2014 21:20:42 +0100 Subject: [PATCH] samba-tool: Create NIS enabled users and unixHomeDirectory attribute Allow to create NIS enabled user accounts via 'samba-tool user add'. To create NIS enabled accounts, the parameters --uid-number=, --login-shell=, --unix-home=, --gid-number= are mandatory. Because we didn't had a parameter to set unixHomeDirectory yet, this patch also adds this feature. See: https://bugzilla.samba.org/show_bug.cgi?id=10909 Signed-off-by: Marc Muehlfeld --- python/samba/netcmd/user.py | 13 +++++++++++-- python/samba/samdb.py | 19 +++++++++++++++++-- 2 files changed, 28 insertions(+), 4 deletions(-) diff --git a/python/samba/netcmd/user.py b/python/samba/netcmd/user.py index 344f35f..9c67cfa 100644 --- a/python/samba/netcmd/user.py +++ b/python/samba/netcmd/user.py @@ -71,6 +71,11 @@ samba-tool user create User4 passw4rd --rfc2307-from-nss --gecos 'some text' Example4 shows how to create a new user with Unix UID, GID and login-shell set from the local NSS and GECOS set to 'some text'. +Example5: +samba-tool user add User5 passw5rd --nis-domain=samdom --unix-home=/home/User5 --uid-number=10005 --login-shell=/bin/false --gid-number=10000 + +Example5 shows how to create an RFC2307/NIS domain enabled user account. If --nix-domain is set, then the other four parameters are mandatory! + """ synopsis = "%prog [] [options]" @@ -107,6 +112,8 @@ Example4 shows how to create a new user with Unix UID, GID and login-shell set f Option("--rfc2307-from-nss", help="Copy Unix user attributes from NSS (will be overridden by explicit UID/GID/GECOS/shell)", action="store_true"), + Option("--nis-domain", help="User's Unix/RFC2307 NIS domain", type=str), + Option("--unix-home", help="User's Unix/RFC2307 home directory", type=str), Option("--uid", help="User's Unix/RFC2307 username", type=str), Option("--uid-number", help="User's Unix/RFC2307 numeric UID", type=int), Option("--gid-number", help="User's Unix/RFC2307 primary GID number", type=int), @@ -130,7 +137,8 @@ Example4 shows how to create a new user with Unix UID, GID and login-shell set f job_title=None, department=None, company=None, description=None, mail_address=None, internet_address=None, telephone_number=None, physical_delivery_office=None, rfc2307_from_nss=False, - uid=None, uid_number=None, gid_number=None, gecos=None, login_shell=None): + nis_domain=None, unix_home=None, uid=None, uid_number=None, + gid_number=None, gecos=None, login_shell=None): if random_password: password = generate_random_password(128, 255) @@ -173,7 +181,8 @@ Example4 shows how to create a new user with Unix UID, GID and login-shell set f jobtitle=job_title, department=department, company=company, description=description, mailaddress=mail_address, internetaddress=internet_address, telephonenumber=telephone_number, physicaldeliveryoffice=physical_delivery_office, - uid=uid, uidnumber=uid_number, gidnumber=gid_number, gecos=gecos, loginshell=login_shell) + nisdomain=nis_domain, unixhome=unix_home, uid=uid, uidnumber=uid_number, + gidnumber=gid_number, gecos=gecos, loginshell=login_shell) except Exception, e: raise CommandError("Failed to add user '%s': " % username, e) diff --git a/python/samba/samdb.py b/python/samba/samdb.py index 0ea52fb..09f594a 100644 --- a/python/samba/samdb.py +++ b/python/samba/samdb.py @@ -302,7 +302,7 @@ member: %s description=None, mailaddress=None, internetaddress=None, telephonenumber=None, physicaldeliveryoffice=None, sd=None, setpassword=True, uidnumber=None, gidnumber=None, gecos=None, - loginshell=None, uid=None): + loginshell=None, uid=None, nisdomain=None, unixhome=None): """Adds a new user with additional parameters :param username: Name of the new user @@ -333,6 +333,8 @@ member: %s :param gecos: RFC2307 Unix GECOS field of the new user :param loginshell: RFC2307 Unix login shell of the new user :param uid: RFC2307 Unix username of the new user + :param nisdomain: RFC2307 Unix NIS domain of the new user + :param unixhome: RFC2307 Unix home directory of the new user """ displayname = "" @@ -412,8 +414,15 @@ member: %s if sd is not None: ldbmessage["nTSecurityDescriptor"] = ndr_pack(sd) + if nisdomain is not None: + if None in (uidnumber, loginshell, unixhome, gidnumber): + raise Exception("""Missing parameters. To enable NIS features, +the follwing options have to be given: +--nis-domain=, --uidNumber=, --login-shell=, --unix-home=, --gid-number= +Operation cancelled.""") + ldbmessage2 = None - if any(map(lambda b: b is not None, (uid, uidnumber, gidnumber, gecos, loginshell))): + if any(map(lambda b: b is not None, (uid, uidnumber, gidnumber, gecos, loginshell, nisdomain, unixhome))): ldbmessage2 = ldb.Message() ldbmessage2.dn = ldb.Dn(self, user_dn) ldbmessage2["objectClass"] = ldb.MessageElement('posixAccount', ldb.FLAG_MOD_ADD, 'objectClass') @@ -427,6 +436,12 @@ member: %s ldbmessage2["gecos"] = ldb.MessageElement(str(gecos), ldb.FLAG_MOD_REPLACE, 'gecos') if loginshell is not None: ldbmessage2["loginShell"] = ldb.MessageElement(str(loginshell), ldb.FLAG_MOD_REPLACE, 'loginShell') + if unixhome is not None: + ldbmessage2["unixHomeDirectory"] = ldb.MessageElement(str(unixhome), ldb.FLAG_MOD_REPLACE, 'unixHomeDirectory') + if nisdomain is not None: + ldbmessage2["msSFU30NisDomain"] = ldb.MessageElement(str(nisdomain), ldb.FLAG_MOD_REPLACE, 'msSFU30NisDomain') + ldbmessage2["msSFU30Name"] = ldb.MessageElement(str(username), ldb.FLAG_MOD_REPLACE, 'msSFU30Name') + ldbmessage2["unixUserPassword"] = ldb.MessageElement('ABCD!efgh12345$67890', ldb.FLAG_MOD_REPLACE, 'unixUserPassword') self.transaction_start() try: -- 1.9.3