#!/usr/bin/python
#
-# add a new user to a Samba4 server
-# Copyright Andrew Tridgell 2005
-# Copyright Jelmer Vernooij 2008
-# Released under the GNU GPL version 3 or later
+# Sets a user password on a Samba4 server
+# Copyright Jelmer Vernooij 2008
+#
+# Based on the original in EJS:
+# Copyright Andrew Tridgell 2005
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
-import os, sys
+import sys
-# Find right directory when running from source tree
sys.path.insert(0, "bin/python")
import samba.getopt as options
import optparse
-import pwd
-import sys
+
from getpass import getpass
from samba.auth import system_session
from samba.samdb import SamDB
parser.add_option_group(credopts)
parser.add_option("--filter", help="LDAP Filter to set password on", type=str)
parser.add_option("--newpassword", help="Set password", type=str)
+parser.add_option("--must-change-at-next-login", help="Force password to be changed on next login", action="store_true")
opts, args = parser.parse_args()
-#
-# print a message if quiet is not set
-#
-def message(text):
- if not opts.quiet:
- print text
+filter = opts.filter
-if len(args) == 0:
+if (len(args) == 0) and (filter is None):
+ print "Either the username or '--filter' must be specified!"
parser.print_usage()
sys.exit(1)
if password is None:
password = getpass("New Password: ")
-filter = opts.filter
-
if filter is None:
username = args[0]
- if username is None:
- print "Either username or --filter must be specified"
-
- filter = "(&(objectclass=user)(samAccountName=%s))" % (username)
-
+ filter = "(&(objectClass=user)(sAMAccountName=%s))" % (username)
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
samdb = SamDB(url=lp.get("sam database"), session_info=system_session(),
credentials=creds, lp=lp)
-samdb.setpassword(filter, password)
+samdb.setpassword(filter, password, force_password_change_at_next_login=opts.must_change_at_next_login)
+