python/samba/netcmd/user/enable.py

   1 # user management
   2 #
   3 # enable user
   4 #
   5 # Copyright Jelmer Vernooij 2010 <jelmer@samba.org>
   6 # Copyright Theresa Halloran 2011 <theresahalloran@gmail.com>
   7 #
   8 # This program is free software; you can redistribute it and/or modify
   9 # it under the terms of the GNU General Public License as published by
  10 # the Free Software Foundation; either version 3 of the License, or
  11 # (at your option) any later version.
  12 #
  13 # This program is distributed in the hope that it will be useful,
  14 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  15 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16 # GNU General Public License for more details.
  17 #
  18 # You should have received a copy of the GNU General Public License
  19 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  20 #
  21
  22 import samba.getopt as options
  23 from samba import ldb
  24 from samba.auth import system_session
  25 from samba.netcmd import Command, CommandError, Option
  26 from samba.samdb import SamDB
  27
  28
  29 class cmd_user_enable(Command):
  30     """Enable a user.
  31
  32 This command enables a user account for logon to an Active Directory domain.  The username specified on the command is the sAMAccountName.  The username may also be specified using the --filter option.
  33
  34 There are many reasons why an account may become disabled.  These include:
  35 - If a user exceeds the account policy for logon attempts
  36 - If an administrator disables the account
  37 - If the account expires
  38
  39 The samba-tool user enable command allows an administrator to enable an account which has become disabled.
  40
  41 Additionally, the enable function allows an administrator to have a set of created user accounts defined and setup with default permissions that can be easily enabled for use.
  42
  43 The command may be run from the root userid or another authorized userid.  The -H or --URL= option can be used to execute the command against a remote server.
  44
  45 Example1:
  46 samba-tool user enable Testuser1 --URL=ldap://samba.samdom.example.com --username=administrator --password=passw1rd
  47
  48 Example1 shows how to enable a user in the domain against a remote LDAP server.  The --URL parameter is used to specify the remote target server.  The --username= and --password= options are used to pass the username and password of a user that exists on the remote server and is authorized to update that server.
  49
  50 Example2:
  51 su samba-tool user enable Testuser2
  52
  53 Example2 shows how to enable user Testuser2 for use in the domain on the local server. sudo is used so a user may run the command as root.
  54
  55 Example3:
  56 samba-tool user enable --filter=samaccountname=Testuser3
  57
  58 Example3 shows how to enable a user in the domain against a local LDAP server.  It uses the --filter=samaccountname to specify the username.
  59
  60 """
  61     synopsis = "%prog (<username>|--filter <filter>) [options]"
  62
  63     takes_optiongroups = {
  64         "sambaopts": options.SambaOptions,
  65         "versionopts": options.VersionOptions,
  66         "credopts": options.CredentialsOptions,
  67     }
  68
  69     takes_options = [
  70         Option("-H", "--URL", help="LDB URL for database or target server", type=str,
  71                metavar="URL", dest="H"),
  72         Option("--filter", help="LDAP Filter to set password on", type=str),
  73     ]
  74
  75     takes_args = ["username?"]
  76
  77     def run(self, username=None, sambaopts=None, credopts=None,
  78             versionopts=None, filter=None, H=None):
  79         if username is None and filter is None:
  80             raise CommandError("Either the username or '--filter' must be specified!")
  81
  82         if filter is None:
  83             filter = "(&(objectClass=user)(sAMAccountName=%s))" % (ldb.binary_encode(username))
  84
  85         lp = sambaopts.get_loadparm()
  86         creds = credopts.get_credentials(lp, fallback_machine=True)
  87
  88         samdb = SamDB(url=H, session_info=system_session(),
  89                       credentials=creds, lp=lp)
  90         try:
  91             samdb.enable_account(filter)
  92         except Exception as msg:
  93             raise CommandError("Failed to enable user '%s': %s" % (username or filter, msg))
  94         self.outf.write("Enabled user '%s'\n" % (username or filter))