Lines 45-50
from samba.dcerpc import drsblobs
|
Link Here
|
---|
|
45 |
import heimdal |
45 |
import heimdal |
46 |
from ldap.controls import LDAPControl |
46 |
from ldap.controls import LDAPControl |
47 |
import traceback |
47 |
import traceback |
|
|
48 |
import univention.lib.account |
49 |
from univention.admin.handlers.users.user import unmapWindowsFiletime |
48 |
|
50 |
|
49 |
class Krb5Context(object): |
51 |
class Krb5Context(object): |
50 |
def __init__(self): |
52 |
def __init__(self): |
Lines 857-863
def lockout_sync_s4_to_ucs(s4connector, key, ucs_object):
|
Link Here
|
---|
|
857 |
modlist = [] |
859 |
modlist = [] |
858 |
|
860 |
|
859 |
try: |
861 |
try: |
860 |
ucs_object_attributes = s4connector.lo.get(ucs_object['dn'], ['sambaAcctFlags', 'sambaBadPasswordTime'], required=True) |
862 |
ucs_object_attributes = s4connector.lo.get(ucs_object['dn'], ['sambaAcctFlags', 'sambaBadPasswordTime', 'pwdAccountLockedTime'], required=True) |
861 |
except ldap.NO_SUCH_OBJECT: |
863 |
except ldap.NO_SUCH_OBJECT: |
862 |
ud.debug(ud.LDAP, ud.WARN, "%s: The UCS object (%s) was not found. The object was removed." % (function_name, ucs_object['dn'])) |
864 |
ud.debug(ud.LDAP, ud.WARN, "%s: The UCS object (%s) was not found. The object was removed." % (function_name, ucs_object['dn'])) |
863 |
return |
865 |
return |
Lines 866-883
def lockout_sync_s4_to_ucs(s4connector, key, ucs_object):
|
Link Here
|
---|
|
866 |
|
868 |
|
867 |
lockoutTime = ucs_object['attributes'].get('lockoutTime', ['0'])[0] |
869 |
lockoutTime = ucs_object['attributes'].get('lockoutTime', ['0'])[0] |
868 |
if lockoutTime != "0": |
870 |
if lockoutTime != "0": |
869 |
if "L" not in sambaAcctFlags: |
|
|
870 |
acctFlags = univention.admin.samba.acctFlags(sambaAcctFlags) |
871 |
new_sambaAcctFlags = acctFlags.set('L') |
872 |
ud.debug(ud.LDAP, ud.PROCESS, "%s: Marking Samba account as locked in OpenLDAP" % (function_name,)) |
873 |
modlist.append(('sambaAcctFlags', sambaAcctFlags, new_sambaAcctFlags)) |
874 |
|
875 |
badPasswordTime = ucs_object['attributes'].get('badPasswordTime', ["0"])[0] |
871 |
badPasswordTime = ucs_object['attributes'].get('badPasswordTime', ["0"])[0] |
876 |
if badPasswordTime != sambaBadPasswordTime: |
872 |
ud.debug(ud.LDAP, ud.PROCESS, "%s: Marking Samba account as locked in OpenLDAP" % (function_name,)) |
877 |
ud.debug(ud.LDAP, ud.PROCESS, "%s: Copying badPasswordTime from S4: %s" % (function_name, badPasswordTime)) |
873 |
univention.lib.account.lock(ucs_object['dn'], unmapWindowsFiletime([badPasswordTime])) |
878 |
if sambaBadPasswordTime: |
|
|
879 |
ud.debug(ud.LDAP, ud.INFO, "%s: Old sambaBadPasswordTime: %s" % (function_name, sambaBadPasswordTime)) |
880 |
modlist.append(('sambaBadPasswordTime', sambaBadPasswordTime, badPasswordTime)) |
881 |
else: |
874 |
else: |
882 |
if "L" in sambaAcctFlags: |
875 |
if "L" in sambaAcctFlags: |
883 |
acctFlags = univention.admin.samba.acctFlags(sambaAcctFlags) |
876 |
acctFlags = univention.admin.samba.acctFlags(sambaAcctFlags) |