# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
+"""Convenience functions for using the SAM."""
+
import samba
import misc
import ldb
class SamDB(samba.Ldb):
+ """The SAM database."""
def __init__(self, url=None, session_info=None, credentials=None,
modules_dir=None, lp=None):
+ """Open the Sam Database.
+
+ :param url: URL of the database.
+ """
super(SamDB, self).__init__(session_info=session_info, credentials=credentials,
modules_dir=modules_dir, lp=lp)
assert misc.dsdb_set_global_schema(self) == 0
self.add(msg[1])
def setup_name_mapping(self, domaindn, sid, unixname):
- """Setup a mapping between a sam name and a unix name."""
- res = self.search(ldb.Dn(self, domaindn), ldb.SCOPE_SUBTREE,
+ """Setup a mapping between a sam name and a unix name.
+
+ :param domaindn: DN of the domain.
+ :param sid: SID of the NT-side of the mapping.
+ :param unixname: Unix name to map to.
+ """
+ res = self.search(domaindn, ldb.SCOPE_SUBTREE,
"objectSid=%s" % sid, ["dn"])
assert len(res) == 1, "Failed to find record for objectSid %s" % sid
self.modify(self.parse_ldif(mod).next()[1])
def enable_account(self, user_dn):
- """enable the account.
+ """Enable an account.
:param user_dn: Dn of the account to enable.
"""
replace: userAccountControl
userAccountControl: %u
""" % (user_dn, userAccountControl)
- self.modify(mod)
+ self.modify_ldif(mod)
- def newuser(self, username, unixname, password, message):
- """add a new user record"""
+ def newuser(self, username, unixname, password):
+ """add a new user record.
+
+ :param username: Name of the new user.
+ :param unixname: Name of the unix user to map to.
+ :param password: Password for the new user
+ """
# connect to the sam
self.transaction_start()
res = self.search("", SCOPE_BASE, "defaultNamingContext=*",
["defaultNamingContext"])
assert(len(res) == 1 and res[0].defaultNamingContext is not None)
- domain_dn = res[0].defaultNamingContext
+ domain_dn = res[0]["defaultNamingContext"][0]
assert(domain_dn is not None)
dom_users = self.searchone(domain_dn, "dn", "name=Domain Users")
assert(dom_users is not None)
# the new user record. note the reliance on the samdb module to fill
# in a sid, guid etc
#
- ldif = """
-dn: %s
-sAMAccountName: %s
-unixName: %s
-sambaPassword: %s
-objectClass: user
- """ % (user_dn, username, unixname, password)
+ # now the real work
+ self.add({"dn": user_dn,
+ "sAMAccountName": username,
+ "unixName": unixname,
+ "sambaPassword": password,
+ "objectClass": "user"})
+
# add the user to the users group as well
modgroup = """
dn: %s
""" % (dom_users, user_dn)
- # now the real work
- message("Adding user %s" % user_dn)
- self.add(ldif)
-
- message("Modifying group %s" % dom_users)
self.modify(modgroup)
# modify the userAccountControl to remove the disabled bit
self.transaction_commit()
def set_domain_sid(self, sid):
+ """Change the domain SID used by this SamDB.
+
+ :param sid: The new domain sid to use.
+ """
misc.samdb_set_domain_sid(self, sid)
def attach_schema_from_ldif(self, pf, df):