s4: Correct the parameter logic of the "setpassword" script

[ira/wip.git] / source4 / setup / setpassword

diff --git a/source4/setup/setpassword b/source4/setup/setpassword
index 90a217fb6f714b709b9e1b59277b1b85ea63748d..513730d649256234dfcf2477d0fc11991c5900fa 100755 (executable)
--- a/source4/setup/setpassword
+++ b/source4/setup/setpassword
@@ -1,6 +1,6 @@
 #!/usr/bin/python
 #
-# Add a new user to a Samba4 server
+# Sets a user password on a Samba4 server
 # Copyright Jelmer Vernooij 2008
 #
 # Based on the original in EJS:
@@ -41,6 +41,7 @@ credopts = options.CredentialsOptions(parser)
 parser.add_option_group(credopts)
 parser.add_option("--filter", help="LDAP Filter to set password on", type=str)
 parser.add_option("--newpassword", help="Set password", type=str)
+parser.add_option("--must-change-at-next-login", help="Force password to be changed on next login", action="store_true")
 
 opts, args = parser.parse_args()
 
@@ -51,7 +52,10 @@ def message(text):
        if not opts.quiet:
                print text
 
-if len(args) == 0:
+filter = opts.filter
+
+if (len(args) == 0) and (filter is None):
+       print "Either the username or '--filter' must be specified!"
        parser.print_usage()
        sys.exit(1)
 
@@ -59,19 +63,14 @@ password = opts.newpassword;
 if password is None:
        password = getpass("New Password: ")
 
-filter = opts.filter
-
 if filter is None:
        username = args[0]
-       if username is None:
-               print "Either username or --filter must be specified"
-
        filter = "(&(objectclass=user)(samAccountName=%s))" % (username)
 
-
 lp = sambaopts.get_loadparm()
 creds = credopts.get_credentials(lp)
 
 samdb = SamDB(url=lp.get("sam database"), session_info=system_session(), 
               credentials=creds, lp=lp)
-samdb.setpassword(filter, password)
+samdb.setpassword(filter, password, force_password_change_at_next_login=opts.must_change_at_next_login)
+