s4-dsdb: Extended samdb.newuser to accept security descriptor for the object and...

Sometimes for testing purposes we create users without any permissions on their objects and password reset
cannot be performed at that point, and is not necessary. For this purpose we can now optionally skip this step.
The default is still to reset the user password.
Also, a security.descriptor object can be specified during the user creation to override using the default one.
defaultSecurityDescriptor is still used by default.

diff --git a/source4/scripting/python/samba/samdb.py b/source4/scripting/python/samba/samdb.py
index 827153552017350dccc075ec042f20c2d32dd202..98ae6791a5d7a8b680e02ad1b7df486840ad87b7 100644 (file)
--- a/source4/scripting/python/samba/samdb.py
+++ b/source4/scripting/python/samba/samdb.py
@@ -227,7 +227,7 @@ member: %s
                 profilepath=None, scriptpath=None, homedrive=None, homedirectory=None,
                 jobtitle=None, department=None, company=None, description=None,
                 mailaddress=None, internetaddress=None, telephonenumber=None,
-                physicaldeliveryoffice=None):
+                physicaldeliveryoffice=None, sd=None, setpassword=True):
         """Adds a new user with additional parameters
 
         :param username: Name of the new user
@@ -250,6 +250,8 @@ member: %s
         :param internetaddress: Home page of the new user
         :param telephonenumber: Phone number of the new user
         :param physicaldeliveryoffice: Office location of the new user
+        :param sd: security descriptor of the object
+        :param setpassword: optionally disable password reset
         """
 
         displayname = ""
@@ -326,13 +328,17 @@ member: %s
         if physicaldeliveryoffice is not None:
             ldbmessage["physicalDeliveryOfficeName"] = physicaldeliveryoffice
 
+        if sd is not None:
+            ldbmessage["nTSecurityDescriptor"] = ndr_pack(sd)
+
         self.transaction_start()
         try:
             self.add(ldbmessage)
 
             # Sets the password for it
-            self.setpassword("(dn=" + user_dn + ")", password,
-              force_password_change_at_next_login_req)
+            if setpassword:
+                self.setpassword("(dn=" + user_dn + ")", password,
+                                 force_password_change_at_next_login_req)
         except:
             self.transaction_cancel()
             raise