def connect(self, url):
super(SamDB, self).connect(self.lp.private_path(url))
- def add_foreign(self, domaindn, sid, desc):
- """Add a foreign security principle."""
- add = """
-dn: CN=%s,CN=ForeignSecurityPrincipals,%s
-objectClass: top
-objectClass: foreignSecurityPrincipal
-description: %s
-""" % (sid, domaindn, desc)
- # deliberately ignore errors from this, as the records may
- # already exist
- for msg in self.parse_ldif(add):
- self.add(msg[1])
-
- def add_stock_foreign_sids(self):
- domaindn = self.domain_dn()
- self.add_foreign(domaindn, "S-1-5-7", "Anonymous")
- self.add_foreign(domaindn, "S-1-1-0", "World")
- self.add_foreign(domaindn, "S-1-5-2", "Network")
- self.add_foreign(domaindn, "S-1-5-18", "System")
- self.add_foreign(domaindn, "S-1-5-11", "Authenticated Users")
-
def enable_account(self, user_dn):
"""Enable an account.
"""
res = self.search(user_dn, ldb.SCOPE_BASE, None, ["userAccountControl"])
assert len(res) == 1
- userAccountControl = res[0]["userAccountControl"][0]
- userAccountControl = int(userAccountControl)
+ userAccountControl = int(res[0]["userAccountControl"][0])
if (userAccountControl & 0x2):
userAccountControl = userAccountControl & ~0x2 # remove disabled bit
if (userAccountControl & 0x20):
assert(domain_dn is not None)
res = self.search(domain_dn, scope=ldb.SCOPE_SUBTREE,
- expression=filter,
- attrs=[])
+ expression=filter)
assert(len(res) == 1)
user_dn = res[0].dn
raise
self.transaction_commit()
- def set_domain_sid(self, sid):
- """Change the domain SID used by this SamDB.
-
- :param sid: The new domain sid to use.
- """
- glue.samdb_set_domain_sid(self, sid)
-
- def attach_schema_from_ldif(self, pf, df):
- glue.dsdb_attach_schema_from_ldif(self, pf, df)
-
- def convert_schema_to_openldap(self, target, mapping):
- return glue.dsdb_convert_schema_to_openldap(self, target, mapping)
-
- def set_invocation_id(self, invocation_id):
- """Set the invocation id for this SamDB handle.
-
- :param invocation_id: GUID of the invocation id.
- """
- glue.dsdb_set_ntds_invocation_id(self, invocation_id)
-
- def set_opaque_integer(self, name, value):
- """Set an integer as an opaque (a flag or other value) value on the database
-
- :param name: The name for the opaque value
- :param value: The integer value
- """
- glue.dsdb_set_opaque_integer(self, name, value)
-
def setexpiry(self, user, expiry_seconds, noexpiry):
"""Set the account expiry for a user