diff options
| author | Jan Zeleny <jzeleny@redhat.com> | 2011-01-21 03:07:53 -0500 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2011-01-28 10:23:02 -0500 |
| commit | 884f43f0db6da9243dd4315bdb9b481935be2456 (patch) | |
| tree | 957c693ccedd4b2bb4d4a448fff18fcd7c04e740 /ipalib | |
| parent | 7b04b2240b92cc586fc06a8686c3616b020137fe (diff) | |
| download | freeipa-884f43f0db6da9243dd4315bdb9b481935be2456.tar.gz freeipa-884f43f0db6da9243dd4315bdb9b481935be2456.tar.xz freeipa-884f43f0db6da9243dd4315bdb9b481935be2456.zip | |
Add support for account unlocking
This patch adds command ipa user-unlock and some LDAP modifications
which are required by Kerberos for unlocking to work.
Ticket:
https://fedorahosted.org/freeipa/ticket/344
Diffstat (limited to 'ipalib')
| -rw-r--r-- | ipalib/plugins/user.py | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py index 573a48a9..749a9adc 100644 --- a/ipalib/plugins/user.py +++ b/ipalib/plugins/user.py @@ -58,6 +58,7 @@ from ipalib import Flag, Int, Password, Str, Bool from ipalib.plugins.baseldap import * from ipalib import _, ngettext from ipalib.request import context +from time import gmtime, strftime class user(LDAPObject): @@ -401,3 +402,26 @@ class user_enable(LDAPQuery): ) api.register(user_enable) + +class user_unlock(LDAPQuery): + """ + Lock user account + + - locked account can't log in against Kerberos and must be unlocked by admin + - account can be locked e.g. by inputting wrong password too many times + """ + has_output = output.standard_value + msg_summary = _('Unlocked account "%(value)s"') + + def execute(self, *keys, **options): + dn = self.obj.get_dn(*keys, **options) + entry_attrs = {'krbLastAdminUnlock': strftime("%Y%m%d%H%M%SZ",gmtime()), 'krbLoginFailedCount': '0'} + + self.obj.backend.update_entry(dn, entry_attrs) + + return dict( + result=True, + value=keys[0], + ) + +api.register(user_unlock) |