Attachment #10901 for bug #54318

View | Details | Raw Unified | Return to bug 54318
Collapse All | Expand All





import time
import ldap
import univention.admin.password
import univention.debug2 as ud
import univention.s4connector.s4
from univention.s4connector.s4 import compatible_modstring

	modlist = []

	try:
		ucs_object_attributes = s4connector.lo.get(ucs_object['dn'], ['sambaAcctFlags', 'sambaBadPasswordTime', 'userPassword'], required=True)
	except ldap.NO_SUCH_OBJECT:
		ud.debug(ud.LDAP, ud.WARN, "%s: The UCS object (%s) was not found. The object was removed." % (function_name, ucs_object['dn']))
		return
	sambaAcctFlags = ucs_object_attributes.get('sambaAcctFlags', [''])[0]
	sambaBadPasswordTime = ucs_object_attributes.get('sambaBadPasswordTime', ["0"])[0]
	old_password_hash = ucs_object_attributes.get('userPassword', [''])[0]

	lockoutTime = ucs_object['attributes'].get('lockoutTime', ['0'])[0]
	if lockoutTime != "0":

			if sambaBadPasswordTime:
				ud.debug(ud.LDAP, ud.INFO, "%s: Old sambaBadPasswordTime: %s" % (function_name, sambaBadPasswordTime))
			modlist.append(('sambaBadPasswordTime', sambaBadPasswordTime, badPasswordTime))

		new_password_hash = univention.admin.password.lock_password(old_password_hash)
		if new_password_hash != old_password_hash:
			modlist.append(('userPassword', old_password_hash, new_password_hash))
	else:
		if "L" in sambaAcctFlags:
			acctFlags = univention.admin.samba.acctFlags(sambaAcctFlags)

			ud.debug(ud.LDAP, ud.PROCESS, "%s: Unsetting sambaBadPasswordTime: %s" % (function_name, sambaBadPasswordTime))
			modlist.append(('sambaBadPasswordTime', sambaBadPasswordTime, "0"))

		new_password_hash = univention.admin.password.unlock_password(old_password_hash)
		if new_password_hash != old_password_hash:
			modlist.append(('userPassword', old_password_hash, new_password_hash))
	if modlist:
		ud.debug(ud.LDAP, ud.ALL, "%s: modlist: %s" % (function_name, modlist))
		s4connector.lo.lo.modify(ucs_object['dn'], modlist)

Return to bug 54318