mirror of
https://github.com/kakwa/ldapcherry
synced 2024-11-25 02:34:31 +01:00
fix password setting with Active Directory
This commit is contained in:
parent
c320fa9da6
commit
c969e730c4
@ -29,6 +29,32 @@ LISTED_ATTRS = 2
|
||||
ALL_ATTRS = 3
|
||||
|
||||
|
||||
# UserAccountControl Attribute/Flag Values
|
||||
# For details, look at:
|
||||
# https://support.microsoft.com/en-us/kb/305144
|
||||
SCRIPT = 0x0001
|
||||
ACCOUNTDISABLE = 0x0002
|
||||
HOMEDIR_REQUIRED = 0x0008
|
||||
LOCKOUT = 0x0010
|
||||
PASSWD_NOTREQD = 0x0020
|
||||
PASSWD_CANT_CHANGE = 0x0040
|
||||
ENCRYPTED_TEXT_PWD_ALLOWED = 0x0080
|
||||
TEMP_DUPLICATE_ACCOUNT = 0x0100
|
||||
NORMAL_ACCOUNT = 0x0200
|
||||
INTERDOMAIN_TRUST_ACCOUNT = 0x0800
|
||||
WORKSTATION_TRUST_ACCOUNT = 0x1000
|
||||
SERVER_TRUST_ACCOUNT = 0x2000
|
||||
DONT_EXPIRE_PASSWORD = 0x10000
|
||||
MNS_LOGON_ACCOUNT = 0x20000
|
||||
SMARTCARD_REQUIRED = 0x40000
|
||||
TRUSTED_FOR_DELEGATION = 0x80000
|
||||
NOT_DELEGATED = 0x100000
|
||||
USE_DES_KEY_ONLY = 0x200000
|
||||
DONT_REQ_PREAUTH = 0x400000
|
||||
PASSWORD_EXPIRED = 0x800000
|
||||
TRUSTED_TO_AUTH_FOR_DELEGATION = 0x1000000
|
||||
PARTIAL_SECRETS_ACCOUNT = 0x04000000
|
||||
|
||||
# Generated by the followin command:
|
||||
|
||||
# samba-tool group list | \
|
||||
@ -139,6 +165,44 @@ class Backend(ldapcherry.backend.backendLdap.Backend):
|
||||
ad_groups.append('cn=' + group + ',' + self.groupdn)
|
||||
return ad_groups
|
||||
|
||||
def _set_password(self, cn, password):
|
||||
unicode_pass = '\"' + password + '\"'
|
||||
password_value = unicode_pass.encode('utf-16-le')
|
||||
|
||||
ldap_client = self._bind()
|
||||
|
||||
dn = str('CN=%(cn)s,%(user_dn)s' % {
|
||||
'cn': cn,
|
||||
'user_dn': self.userdn
|
||||
}
|
||||
)
|
||||
|
||||
attrs = {}
|
||||
|
||||
attrs['unicodePwd'] = str(password_value)
|
||||
|
||||
#ldif = modlist.modifyModlist({'unicodePwd': 'asad'}, attrs)
|
||||
ldif = modlist.modifyModlist({'unicodePwd': 'tmp'}, attrs)
|
||||
ldap_client.modify_s(dn,ldif)
|
||||
|
||||
del(attrs['unicodePwd'])
|
||||
attrs['UserAccountControl'] = str(NORMAL_ACCOUNT)
|
||||
ldif = modlist.modifyModlist({'UserAccountControl': 'tmp'}, attrs)
|
||||
ldap_client.modify_s(dn,ldif)
|
||||
|
||||
def add_user(self, attrs):
|
||||
password = attrs['unicodePwd']
|
||||
del(attrs['unicodePwd'])
|
||||
super(Backend, self).add_user(attrs)
|
||||
self._set_password(attrs['cn'], password)
|
||||
|
||||
def set_attrs(self, username, attrs):
|
||||
if 'unicodePwd' in attrs:
|
||||
password = attrs['unicodePwd']
|
||||
del(attrs['unicodePwd'])
|
||||
self._set_password(attrs['cn'], password)
|
||||
super(Backend, self).set_attrs(username, attrs)
|
||||
|
||||
def add_to_groups(self, username, groups):
|
||||
ad_groups = self._build_groupdn(groups)
|
||||
super(Backend, self).add_to_groups(username, ad_groups)
|
||||
|
@ -293,13 +293,17 @@ class Backend(ldapcherry.backend.Backend):
|
||||
else:
|
||||
return False
|
||||
|
||||
def attrs_pretreatment(self, attrs):
|
||||
attrs_str = {}
|
||||
for a in attrs:
|
||||
attrs_str[self._str(a)] = self._str(attrs[a])
|
||||
return attrs_str
|
||||
|
||||
def add_user(self, attrs):
|
||||
"""add a user"""
|
||||
ldap_client = self._bind()
|
||||
attrs_str = {}
|
||||
# encoding crap
|
||||
for a in attrs:
|
||||
attrs_str[self._str(a)] = self._str(attrs[a])
|
||||
attrs_str = self.attrs_pretreatment(attrs)
|
||||
|
||||
attrs_str['objectClass'] = self.objectclasses
|
||||
# construct is DN
|
||||
|
Loading…
Reference in New Issue
Block a user