diff options
| author | Pavel Zuna <pzuna@redhat.com> | 2009-06-10 14:25:30 +0200 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2009-06-10 11:55:09 -0400 |
| commit | b8fdcb3a0bfe251f0d39256f80e87683a7af35e2 (patch) | |
| tree | 2cbf11d9142f7c921b9f63a3599f2d37ee0d9f8e /ipalib | |
| parent | a5292b228092540c15021bca9609ad9f36bb4bdb (diff) | |
| download | freeipa.git-b8fdcb3a0bfe251f0d39256f80e87683a7af35e2.tar.gz freeipa.git-b8fdcb3a0bfe251f0d39256f80e87683a7af35e2.tar.xz freeipa.git-b8fdcb3a0bfe251f0d39256f80e87683a7af35e2.zip | |
Add passwd plugin port to new LDAP backend.
Diffstat (limited to 'ipalib')
| -rw-r--r-- | ipalib/plugins/passwd2.py | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/ipalib/plugins/passwd2.py b/ipalib/plugins/passwd2.py new file mode 100644 index 00000000..b6ef8367 --- /dev/null +++ b/ipalib/plugins/passwd2.py @@ -0,0 +1,79 @@ +# Authors: +# Rob Crittenden <rcritten@redhat.com> +# +# Copyright (C) 2008 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; version 2 only +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +""" +Password changes +""" + +from ipalib import api, errors, util +from ipalib import Command +from ipalib import Str, Password + + +class passwd2(Command): + """ + Change user password. + """ + takes_args = ( + Str('principal', + cli_name='user', + doc='username', + primary_key=True, + autofill=True, + create_default=lambda **kw: util.get_current_principal(), + ), + Password('password'), + ) + + def execute(self, principal, password): + """ + Execute the passwd operation. + + The dn should not be passed as a keyword argument as it is constructed + by this method. + + Returns the entry + + :param principal: The login name or principal of the user + :param password: the new password + """ + assert self.api.env.use_ldap2, 'use_ldap2 is False' + ldap = self.api.Backend.ldap2 + + if principal.find('@') != -1: + principal_parts = principal.split('@') + if len(principal_parts) > 2: + raise errors.MalformedUserPrincipal(principal=principal) + else: + principal = '%s@%s' % (principal, self.api.env.realm) + + dn = ldap.find_entry_by_attr( + 'krbprincipalname', principal, 'posixaccount' + ) + + ldap.modify_password(dn, password) + + return True + + def output_for_cli(self, textui, result, principal, password): + assert password is None + textui.print_name(self.name) + textui.print_dashed('Changed password for "%s."' % principal) + +api.register(passwd2) + |