diff options
author | Rob Crittenden <rcritten@redhat.com> | 2007-11-20 22:45:29 -0500 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2007-11-20 22:45:29 -0500 |
commit | f42f1f44c81e15ac9ecbc6684cbc4dfc9395fd42 (patch) | |
tree | 5e3907c33efe15f9a7f04bc973a341d0851b6dd4 /ipa-admintools | |
parent | 56d67b86e18112c9f059e7bcd3ac51fc21f941af (diff) | |
download | freeipa.git-f42f1f44c81e15ac9ecbc6684cbc4dfc9395fd42.tar.gz freeipa.git-f42f1f44c81e15ac9ecbc6684cbc4dfc9395fd42.tar.xz freeipa.git-f42f1f44c81e15ac9ecbc6684cbc4dfc9395fd42.zip |
Enable group inactivation by using the Class of Service plugin.
This adds 2 new groups: activated and inactivated.
If you, or a group you are a member of, is in inactivated then you are too.
If you, or a group you are a member of, is in the activated group, then you
are too.
In a fight between activated and inactivated, activated wins.
The DNs for doing this matching is case and white space sensitive.
The goal is to never have to actually set nsAccountLock in a user directly
but move them between these groups.
We need to decide where in the CLI this will happen. Right it is split
between ipa-deluser and ipa-usermod. To inactivate groups for now just
add the group to inactivate or active.
Diffstat (limited to 'ipa-admintools')
-rw-r--r-- | ipa-admintools/ipa-deluser | 11 | ||||
-rw-r--r-- | ipa-admintools/ipa-usermod | 16 |
2 files changed, 20 insertions, 7 deletions
diff --git a/ipa-admintools/ipa-deluser b/ipa-admintools/ipa-deluser index 3112420a..02ba5f13 100644 --- a/ipa-admintools/ipa-deluser +++ b/ipa-admintools/ipa-deluser @@ -57,11 +57,14 @@ def main(): ret = client.delete_user(args[1]) msg = "deleted" else: - ret = client.mark_user_deleted(args[1]) - if (ret == "Success"): + try: + ret = client.mark_user_inactive(args[1]) + except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_EMPTY_MODLIST): + print "User is already marked inactive" + return 0 + except: + raise print args[1] + " successfully %s" % msg - else: - print args[1] + " " + ret except xmlrpclib.Fault, fault: if fault.faultCode == errno.ECONNREFUSED: print "The IPA XML-RPC service is not responding." diff --git a/ipa-admintools/ipa-usermod b/ipa-admintools/ipa-usermod index 9ebddd2c..9d3e7794 100644 --- a/ipa-admintools/ipa-usermod +++ b/ipa-admintools/ipa-usermod @@ -32,7 +32,7 @@ import ldap import errno def usage(): - print "ipa-usermod [-c|--gecos STRING] [-d|--directory STRING] [-f|--firstname STRING] [-l|--lastname STRING] [-s|--shell STRING] [--add attribute=value] [--del attribute] [--set attribute=value] user" + print "ipa-usermod [-a|--activate] [-c|--gecos STRING] [-d|--directory STRING] [-f|--firstname STRING] [-l|--lastname STRING] [-s|--shell STRING] [--add attribute=value] [--del attribute] [--set attribute=value] user" sys.exit(1) def set_add_usage(which): @@ -40,6 +40,8 @@ def set_add_usage(which): def parse_options(): parser = OptionParser() + parser.add_option("-a", "--activate", dest="activate", action="store_true", + help="Activate the user") parser.add_option("-c", "--gecos", dest="gecos", help="Set the GECOS field") parser.add_option("-d", "--directory", dest="directory", @@ -111,7 +113,7 @@ def main(): return 1 # If any options are set we use just those. Otherwise ask for all of them. - if options.gn or options.sn or options.directory or options.gecos or options.mail or options.shell or options.addattr or options.delattr or options.setattr: + if options.gn or options.sn or options.directory or options.gecos or options.mail or options.shell or options.addattr or options.delattr or options.setattr or options.activate: givenname = options.gn lastname = options.sn gecos = options.gecos @@ -236,8 +238,16 @@ def main(): value = cvalue + [value] user.setValue(attr, value) - try: + if options.activate: + try: + client.mark_user_active(user.getValues('uid')) + print "User activated successfully." + except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_EMPTY_MODLIST): + print "User is already marked active" + return 0 + except: + raise client.update_user(user) except xmlrpclib.Fault, fault: if fault.faultCode == errno.ECONNREFUSED: |