samdb.py: add smartcard_required option to newuser()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/python/samba/samdb.py b/python/samba/samdb.py
index 0eaa6f5e1e67f477c1dc1f9e20ae06e07a561938..e12465d28b65234b291a91a4e4e6d4a972415b9a 100644 (file)
--- a/python/samba/samdb.py
+++ b/python/samba/samdb.py
@@ -302,7 +302,8 @@ member: %s
             description=None, mailaddress=None, internetaddress=None,
             telephonenumber=None, physicaldeliveryoffice=None, sd=None,
             setpassword=True, uidnumber=None, gidnumber=None, gecos=None,
-            loginshell=None, uid=None, nisdomain=None, unixhome=None):
+            loginshell=None, uid=None, nisdomain=None, unixhome=None,
+            smartcard_required=False):
         """Adds a new user with additional parameters
 
         :param username: Name of the new user
@@ -335,6 +336,7 @@ member: %s
         :param uid: RFC2307 Unix username of the new user
         :param nisdomain: RFC2307 Unix NIS domain of the new user
         :param unixhome: RFC2307 Unix home directory of the new user
+        :param smartcard_required: set the UF_SMARTCARD_REQUIRED bit of the new user
         """
 
         displayname = ""
@@ -362,6 +364,10 @@ member: %s
                       "userPrincipalName": user_principal_name,
                       "objectClass": "user"}
 
+        if smartcard_required:
+            ldbmessage["userAccountControl"] = str(dsdb.UF_NORMAL_ACCOUNT|dsdb.UF_SMARTCARD_REQUIRED)
+            setpassword = False
+
         if surname is not None:
             ldbmessage["sn"] = surname