|
34 |
|
34 |
|
35 |
import time |
35 |
import time |
36 |
import ldap |
36 |
import ldap |
|
|
37 |
import univention.admin.password |
37 |
import univention.debug2 as ud |
38 |
import univention.debug2 as ud |
38 |
import univention.s4connector.s4 |
39 |
import univention.s4connector.s4 |
39 |
from univention.s4connector.s4 import compatible_modstring |
40 |
from univention.s4connector.s4 import compatible_modstring |
Lines 877-888
def lockout_sync_s4_to_ucs(s4connector, key, ucs_object):
|
Link Here
|
---|
|
877 |
modlist = [] |
878 |
modlist = [] |
878 |
|
879 |
|
879 |
try: |
880 |
try: |
880 |
ucs_object_attributes = s4connector.lo.get(ucs_object['dn'], ['sambaAcctFlags', 'sambaBadPasswordTime'], required=True) |
881 |
ucs_object_attributes = s4connector.lo.get(ucs_object['dn'], ['sambaAcctFlags', 'sambaBadPasswordTime', 'userPassword'], required=True) |
881 |
except ldap.NO_SUCH_OBJECT: |
882 |
except ldap.NO_SUCH_OBJECT: |
882 |
ud.debug(ud.LDAP, ud.WARN, "%s: The UCS object (%s) was not found. The object was removed." % (function_name, ucs_object['dn'])) |
883 |
ud.debug(ud.LDAP, ud.WARN, "%s: The UCS object (%s) was not found. The object was removed." % (function_name, ucs_object['dn'])) |
883 |
return |
884 |
return |
884 |
sambaAcctFlags = ucs_object_attributes.get('sambaAcctFlags', [''])[0] |
885 |
sambaAcctFlags = ucs_object_attributes.get('sambaAcctFlags', [''])[0] |
885 |
sambaBadPasswordTime = ucs_object_attributes.get('sambaBadPasswordTime', ["0"])[0] |
886 |
sambaBadPasswordTime = ucs_object_attributes.get('sambaBadPasswordTime', ["0"])[0] |
|
|
887 |
old_password_hash = ucs_object_attributes.get('userPassword', [''])[0] |
886 |
|
888 |
|
887 |
lockoutTime = ucs_object['attributes'].get('lockoutTime', ['0'])[0] |
889 |
lockoutTime = ucs_object['attributes'].get('lockoutTime', ['0'])[0] |
888 |
if lockoutTime != "0": |
890 |
if lockoutTime != "0": |
Lines 898-903
def lockout_sync_s4_to_ucs(s4connector, key, ucs_object):
|
Link Here
|
---|
|
898 |
if sambaBadPasswordTime: |
900 |
if sambaBadPasswordTime: |
899 |
ud.debug(ud.LDAP, ud.INFO, "%s: Old sambaBadPasswordTime: %s" % (function_name, sambaBadPasswordTime)) |
901 |
ud.debug(ud.LDAP, ud.INFO, "%s: Old sambaBadPasswordTime: %s" % (function_name, sambaBadPasswordTime)) |
900 |
modlist.append(('sambaBadPasswordTime', sambaBadPasswordTime, badPasswordTime)) |
902 |
modlist.append(('sambaBadPasswordTime', sambaBadPasswordTime, badPasswordTime)) |
|
|
903 |
|
904 |
new_password_hash = univention.admin.password.lock_password(old_password_hash) |
905 |
if new_password_hash != old_password_hash: |
906 |
modlist.append(('userPassword', old_password_hash, new_password_hash)) |
901 |
else: |
907 |
else: |
902 |
if "L" in sambaAcctFlags: |
908 |
if "L" in sambaAcctFlags: |
903 |
acctFlags = univention.admin.samba.acctFlags(sambaAcctFlags) |
909 |
acctFlags = univention.admin.samba.acctFlags(sambaAcctFlags) |
Lines 909-914
def lockout_sync_s4_to_ucs(s4connector, key, ucs_object):
|
Link Here
|
---|
|
909 |
ud.debug(ud.LDAP, ud.PROCESS, "%s: Unsetting sambaBadPasswordTime: %s" % (function_name, sambaBadPasswordTime)) |
915 |
ud.debug(ud.LDAP, ud.PROCESS, "%s: Unsetting sambaBadPasswordTime: %s" % (function_name, sambaBadPasswordTime)) |
910 |
modlist.append(('sambaBadPasswordTime', sambaBadPasswordTime, "0")) |
916 |
modlist.append(('sambaBadPasswordTime', sambaBadPasswordTime, "0")) |
911 |
|
917 |
|
|
|
918 |
new_password_hash = univention.admin.password.unlock_password(old_password_hash) |
919 |
if new_password_hash != old_password_hash: |
920 |
modlist.append(('userPassword', old_password_hash, new_password_hash)) |
912 |
if modlist: |
921 |
if modlist: |
913 |
ud.debug(ud.LDAP, ud.ALL, "%s: modlist: %s" % (function_name, modlist)) |
922 |
ud.debug(ud.LDAP, ud.ALL, "%s: modlist: %s" % (function_name, modlist)) |
914 |
s4connector.lo.lo.modify(ucs_object['dn'], modlist) |
923 |
s4connector.lo.lo.modify(ucs_object['dn'], modlist) |