summaryrefslogtreecommitdiffstats
path: root/ipaclient/remote_plugins/2_114/user.py
diff options
context:
space:
mode:
Diffstat (limited to 'ipaclient/remote_plugins/2_114/user.py')
-rw-r--r--ipaclient/remote_plugins/2_114/user.py1623
1 files changed, 1623 insertions, 0 deletions
diff --git a/ipaclient/remote_plugins/2_114/user.py b/ipaclient/remote_plugins/2_114/user.py
new file mode 100644
index 000000000..c1751cd8d
--- /dev/null
+++ b/ipaclient/remote_plugins/2_114/user.py
@@ -0,0 +1,1623 @@
+#
+# Copyright (C) 2016 FreeIPA Contributors see COPYING for license
+#
+
+# pylint: disable=unused-import
+import six
+
+from . import Command, Method, Object
+from ipalib import api, parameters, output
+from ipalib.parameters import DefaultFrom
+from ipalib.plugable import Registry
+from ipalib.text import _
+from ipapython.dn import DN
+from ipapython.dnsutil import DNSName
+
+if six.PY3:
+ unicode = str
+
+__doc__ = _("""
+Users
+
+Manage user entries. All users are POSIX users.
+
+IPA supports a wide range of username formats, but you need to be aware of any
+restrictions that may apply to your particular environment. For example,
+usernames that start with a digit or usernames that exceed a certain length
+may cause problems for some UNIX systems.
+Use 'ipa config-mod' to change the username format allowed by IPA tools.
+
+Disabling a user account prevents that user from obtaining new Kerberos
+credentials. It does not invalidate any credentials that have already
+been issued.
+
+Password management is not a part of this module. For more information
+about this topic please see: ipa help passwd
+
+Account lockout on password failure happens per IPA master. The user-status
+command can be used to identify which master the user is locked out on.
+It is on that master the administrator must unlock the user.
+
+EXAMPLES:
+
+ Add a new user:
+ ipa user-add --first=Tim --last=User --password tuser1
+
+ Find all users whose entries include the string "Tim":
+ ipa user-find Tim
+
+ Find all users with "Tim" as the first name:
+ ipa user-find --first=Tim
+
+ Disable a user account:
+ ipa user-disable tuser1
+
+ Enable a user account:
+ ipa user-enable tuser1
+
+ Delete a user:
+ ipa user-del tuser1
+""")
+
+register = Registry()
+
+
+@register()
+class user(Object):
+ takes_params = (
+ parameters.Str(
+ 'uid',
+ primary_key=True,
+ label=_(u'User login'),
+ ),
+ parameters.Str(
+ 'givenname',
+ label=_(u'First name'),
+ ),
+ parameters.Str(
+ 'sn',
+ label=_(u'Last name'),
+ ),
+ parameters.Str(
+ 'cn',
+ label=_(u'Full name'),
+ ),
+ parameters.Str(
+ 'displayname',
+ required=False,
+ label=_(u'Display name'),
+ ),
+ parameters.Str(
+ 'initials',
+ required=False,
+ label=_(u'Initials'),
+ ),
+ parameters.Str(
+ 'homedirectory',
+ required=False,
+ label=_(u'Home directory'),
+ ),
+ parameters.Str(
+ 'gecos',
+ required=False,
+ label=_(u'GECOS'),
+ ),
+ parameters.Str(
+ 'loginshell',
+ required=False,
+ label=_(u'Login shell'),
+ ),
+ parameters.Str(
+ 'krbprincipalname',
+ required=False,
+ label=_(u'Kerberos principal'),
+ ),
+ parameters.DateTime(
+ 'krbprincipalexpiration',
+ required=False,
+ label=_(u'Kerberos principal expiration'),
+ ),
+ parameters.Str(
+ 'mail',
+ required=False,
+ multivalue=True,
+ label=_(u'Email address'),
+ ),
+ parameters.Password(
+ 'userpassword',
+ required=False,
+ label=_(u'Password'),
+ doc=_(u'Prompt to set the user password'),
+ exclude=('webui',),
+ ),
+ parameters.Flag(
+ 'random',
+ required=False,
+ doc=_(u'Generate a random user password'),
+ ),
+ parameters.Str(
+ 'randompassword',
+ required=False,
+ label=_(u'Random password'),
+ ),
+ parameters.Int(
+ 'uidnumber',
+ required=False,
+ label=_(u'UID'),
+ doc=_(u'User ID Number (system will assign one if not provided)'),
+ ),
+ parameters.Int(
+ 'gidnumber',
+ required=False,
+ label=_(u'GID'),
+ doc=_(u'Group ID Number'),
+ ),
+ parameters.Str(
+ 'street',
+ required=False,
+ label=_(u'Street address'),
+ ),
+ parameters.Str(
+ 'l',
+ required=False,
+ label=_(u'City'),
+ ),
+ parameters.Str(
+ 'st',
+ required=False,
+ label=_(u'State/Province'),
+ ),
+ parameters.Str(
+ 'postalcode',
+ required=False,
+ label=_(u'ZIP'),
+ ),
+ parameters.Str(
+ 'telephonenumber',
+ required=False,
+ multivalue=True,
+ label=_(u'Telephone Number'),
+ ),
+ parameters.Str(
+ 'mobile',
+ required=False,
+ multivalue=True,
+ label=_(u'Mobile Telephone Number'),
+ ),
+ parameters.Str(
+ 'pager',
+ required=False,
+ multivalue=True,
+ label=_(u'Pager Number'),
+ ),
+ parameters.Str(
+ 'facsimiletelephonenumber',
+ required=False,
+ multivalue=True,
+ label=_(u'Fax Number'),
+ ),
+ parameters.Str(
+ 'ou',
+ required=False,
+ label=_(u'Org. Unit'),
+ ),
+ parameters.Str(
+ 'title',
+ required=False,
+ label=_(u'Job Title'),
+ ),
+ parameters.Str(
+ 'manager',
+ required=False,
+ label=_(u'Manager'),
+ ),
+ parameters.Str(
+ 'carlicense',
+ required=False,
+ multivalue=True,
+ label=_(u'Car License'),
+ ),
+ parameters.Bool(
+ 'nsaccountlock',
+ required=False,
+ label=_(u'Account disabled'),
+ ),
+ parameters.Str(
+ 'ipasshpubkey',
+ required=False,
+ multivalue=True,
+ label=_(u'SSH public key'),
+ ),
+ parameters.Str(
+ 'ipauserauthtype',
+ required=False,
+ multivalue=True,
+ label=_(u'User authentication types'),
+ doc=_(u'Types of supported user authentication'),
+ ),
+ parameters.Str(
+ 'userclass',
+ required=False,
+ multivalue=True,
+ label=_(u'Class'),
+ doc=_(u'User category (semantics placed on this attribute are for local interpretation)'),
+ ),
+ parameters.Str(
+ 'ipatokenradiusconfiglink',
+ required=False,
+ label=_(u'RADIUS proxy configuration'),
+ ),
+ parameters.Str(
+ 'ipatokenradiususername',
+ required=False,
+ label=_(u'RADIUS proxy username'),
+ ),
+ parameters.Str(
+ 'departmentnumber',
+ required=False,
+ multivalue=True,
+ label=_(u'Department Number'),
+ ),
+ parameters.Str(
+ 'employeenumber',
+ required=False,
+ label=_(u'Employee Number'),
+ ),
+ parameters.Str(
+ 'employeetype',
+ required=False,
+ label=_(u'Employee Type'),
+ ),
+ parameters.Str(
+ 'preferredlanguage',
+ required=False,
+ label=_(u'Preferred Language'),
+ ),
+ parameters.Flag(
+ 'has_password',
+ label=_(u'Password'),
+ ),
+ parameters.Str(
+ 'memberof_group',
+ required=False,
+ label=_(u'Member of groups'),
+ ),
+ parameters.Str(
+ 'memberof_role',
+ required=False,
+ label=_(u'Roles'),
+ ),
+ parameters.Str(
+ 'memberof_netgroup',
+ required=False,
+ label=_(u'Member of netgroups'),
+ ),
+ parameters.Str(
+ 'memberof_sudorule',
+ required=False,
+ label=_(u'Member of Sudo rule'),
+ ),
+ parameters.Str(
+ 'memberof_hbacrule',
+ required=False,
+ label=_(u'Member of HBAC rule'),
+ ),
+ parameters.Str(
+ 'memberofindirect_group',
+ required=False,
+ label=_(u'Indirect Member of group'),
+ ),
+ parameters.Str(
+ 'memberofindirect_netgroup',
+ required=False,
+ label=_(u'Indirect Member of netgroup'),
+ ),
+ parameters.Str(
+ 'memberofindirect_role',
+ required=False,
+ label=_(u'Indirect Member of role'),
+ ),
+ parameters.Str(
+ 'memberofindirect_sudorule',
+ required=False,
+ label=_(u'Indirect Member of Sudo rule'),
+ ),
+ parameters.Str(
+ 'memberofindirect_hbacrule',
+ required=False,
+ label=_(u'Indirect Member of HBAC rule'),
+ ),
+ parameters.Flag(
+ 'has_keytab',
+ label=_(u'Kerberos keys available'),
+ ),
+ )
+
+
+@register()
+class user_add(Method):
+ __doc__ = _("Add a new user.")
+
+ takes_args = (
+ parameters.Str(
+ 'uid',
+ cli_name='login',
+ label=_(u'User login'),
+ default_from=DefaultFrom(lambda givenname, sn: givenname[0] + sn, 'principal'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'givenname',
+ cli_name='first',
+ label=_(u'First name'),
+ ),
+ parameters.Str(
+ 'sn',
+ cli_name='last',
+ label=_(u'Last name'),
+ ),
+ parameters.Str(
+ 'cn',
+ label=_(u'Full name'),
+ default_from=DefaultFrom(lambda givenname, sn: '%s %s' % (givenname, sn), 'principal'),
+ autofill=True,
+ ),
+ parameters.Str(
+ 'displayname',
+ required=False,
+ label=_(u'Display name'),
+ default_from=DefaultFrom(lambda givenname, sn: '%s %s' % (givenname, sn), 'principal'),
+ autofill=True,
+ ),
+ parameters.Str(
+ 'initials',
+ required=False,
+ label=_(u'Initials'),
+ default_from=DefaultFrom(lambda givenname, sn: '%c%c' % (givenname[0], sn[0]), 'principal'),
+ autofill=True,
+ ),
+ parameters.Str(
+ 'homedirectory',
+ required=False,
+ cli_name='homedir',
+ label=_(u'Home directory'),
+ ),
+ parameters.Str(
+ 'gecos',
+ required=False,
+ label=_(u'GECOS'),
+ default_from=DefaultFrom(lambda givenname, sn: '%s %s' % (givenname, sn), 'principal'),
+ autofill=True,
+ ),
+ parameters.Str(
+ 'loginshell',
+ required=False,
+ cli_name='shell',
+ label=_(u'Login shell'),
+ ),
+ parameters.Str(
+ 'krbprincipalname',
+ required=False,
+ cli_name='principal',
+ label=_(u'Kerberos principal'),
+ default_from=DefaultFrom(lambda uid: '%s@%s' % (uid.lower(), api.env.realm), 'principal'),
+ autofill=True,
+ no_convert=True,
+ ),
+ parameters.DateTime(
+ 'krbprincipalexpiration',
+ required=False,
+ cli_name='principal_expiration',
+ label=_(u'Kerberos principal expiration'),
+ ),
+ parameters.Str(
+ 'mail',
+ required=False,
+ multivalue=True,
+ cli_name='email',
+ label=_(u'Email address'),
+ ),
+ parameters.Password(
+ 'userpassword',
+ required=False,
+ cli_name='password',
+ label=_(u'Password'),
+ doc=_(u'Prompt to set the user password'),
+ exclude=('webui',),
+ confirm=True,
+ ),
+ parameters.Flag(
+ 'random',
+ required=False,
+ doc=_(u'Generate a random user password'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Int(
+ 'uidnumber',
+ required=False,
+ cli_name='uid',
+ label=_(u'UID'),
+ doc=_(u'User ID Number (system will assign one if not provided)'),
+ ),
+ parameters.Int(
+ 'gidnumber',
+ required=False,
+ label=_(u'GID'),
+ doc=_(u'Group ID Number'),
+ ),
+ parameters.Str(
+ 'street',
+ required=False,
+ label=_(u'Street address'),
+ ),
+ parameters.Str(
+ 'l',
+ required=False,
+ cli_name='city',
+ label=_(u'City'),
+ ),
+ parameters.Str(
+ 'st',
+ required=False,
+ cli_name='state',
+ label=_(u'State/Province'),
+ ),
+ parameters.Str(
+ 'postalcode',
+ required=False,
+ label=_(u'ZIP'),
+ ),
+ parameters.Str(
+ 'telephonenumber',
+ required=False,
+ multivalue=True,
+ cli_name='phone',
+ label=_(u'Telephone Number'),
+ ),
+ parameters.Str(
+ 'mobile',
+ required=False,
+ multivalue=True,
+ label=_(u'Mobile Telephone Number'),
+ ),
+ parameters.Str(
+ 'pager',
+ required=False,
+ multivalue=True,
+ label=_(u'Pager Number'),
+ ),
+ parameters.Str(
+ 'facsimiletelephonenumber',
+ required=False,
+ multivalue=True,
+ cli_name='fax',
+ label=_(u'Fax Number'),
+ ),
+ parameters.Str(
+ 'ou',
+ required=False,
+ cli_name='orgunit',
+ label=_(u'Org. Unit'),
+ ),
+ parameters.Str(
+ 'title',
+ required=False,
+ label=_(u'Job Title'),
+ ),
+ parameters.Str(
+ 'manager',
+ required=False,
+ label=_(u'Manager'),
+ ),
+ parameters.Str(
+ 'carlicense',
+ required=False,
+ multivalue=True,
+ label=_(u'Car License'),
+ ),
+ parameters.Bool(
+ 'nsaccountlock',
+ required=False,
+ label=_(u'Account disabled'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'ipasshpubkey',
+ required=False,
+ multivalue=True,
+ cli_name='sshpubkey',
+ label=_(u'SSH public key'),
+ no_convert=True,
+ ),
+ parameters.Str(
+ 'ipauserauthtype',
+ required=False,
+ multivalue=True,
+ cli_name='user_auth_type',
+ cli_metavar="['password', 'radius', 'otp']",
+ label=_(u'User authentication types'),
+ doc=_(u'Types of supported user authentication'),
+ ),
+ parameters.Str(
+ 'userclass',
+ required=False,
+ multivalue=True,
+ cli_name='class',
+ label=_(u'Class'),
+ doc=_(u'User category (semantics placed on this attribute are for local interpretation)'),
+ ),
+ parameters.Str(
+ 'ipatokenradiusconfiglink',
+ required=False,
+ cli_name='radius',
+ label=_(u'RADIUS proxy configuration'),
+ ),
+ parameters.Str(
+ 'ipatokenradiususername',
+ required=False,
+ cli_name='radius_username',
+ label=_(u'RADIUS proxy username'),
+ ),
+ parameters.Str(
+ 'departmentnumber',
+ required=False,
+ multivalue=True,
+ label=_(u'Department Number'),
+ ),
+ parameters.Str(
+ 'employeenumber',
+ required=False,
+ label=_(u'Employee Number'),
+ ),
+ parameters.Str(
+ 'employeetype',
+ required=False,
+ label=_(u'Employee Type'),
+ ),
+ parameters.Str(
+ 'preferredlanguage',
+ required=False,
+ label=_(u'Preferred Language'),
+ ),
+ parameters.Str(
+ 'setattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'addattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
+ exclude=('webui',),
+ ),
+ parameters.Flag(
+ 'noprivate',
+ doc=_(u"Don't create user private group"),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class user_del(Method):
+ __doc__ = _("Delete a user.")
+
+ takes_args = (
+ parameters.Str(
+ 'uid',
+ multivalue=True,
+ cli_name='login',
+ label=_(u'User login'),
+ default_from=DefaultFrom(lambda givenname, sn: givenname[0] + sn, 'principal'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'continue',
+ doc=_(u"Continuous mode: Don't stop on errors."),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Output(
+ 'result',
+ dict,
+ doc=_(u'List of deletions that failed'),
+ ),
+ output.ListOfPrimaryKeys(
+ 'value',
+ ),
+ )
+
+
+@register()
+class user_disable(Method):
+ __doc__ = _("Disable a user account.")
+
+ takes_args = (
+ parameters.Str(
+ 'uid',
+ cli_name='login',
+ label=_(u'User login'),
+ default_from=DefaultFrom(lambda givenname, sn: givenname[0] + sn, 'principal'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Output(
+ 'result',
+ bool,
+ doc=_(u'True means the operation was successful'),
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class user_enable(Method):
+ __doc__ = _("Enable a user account.")
+
+ takes_args = (
+ parameters.Str(
+ 'uid',
+ cli_name='login',
+ label=_(u'User login'),
+ default_from=DefaultFrom(lambda givenname, sn: givenname[0] + sn, 'principal'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Output(
+ 'result',
+ bool,
+ doc=_(u'True means the operation was successful'),
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class user_find(Method):
+ __doc__ = _("Search for users.")
+
+ takes_args = (
+ parameters.Str(
+ 'criteria',
+ required=False,
+ doc=_(u'A string searched in all relevant object attributes'),
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'uid',
+ required=False,
+ cli_name='login',
+ label=_(u'User login'),
+ default_from=DefaultFrom(lambda givenname, sn: givenname[0] + sn, 'principal'),
+ no_convert=True,
+ ),
+ parameters.Str(
+ 'givenname',
+ required=False,
+ cli_name='first',
+ label=_(u'First name'),
+ ),
+ parameters.Str(
+ 'sn',
+ required=False,
+ cli_name='last',
+ label=_(u'Last name'),
+ ),
+ parameters.Str(
+ 'cn',
+ required=False,
+ label=_(u'Full name'),
+ default_from=DefaultFrom(lambda givenname, sn: '%s %s' % (givenname, sn), 'principal'),
+ ),
+ parameters.Str(
+ 'displayname',
+ required=False,
+ label=_(u'Display name'),
+ default_from=DefaultFrom(lambda givenname, sn: '%s %s' % (givenname, sn), 'principal'),
+ ),
+ parameters.Str(
+ 'initials',
+ required=False,
+ label=_(u'Initials'),
+ default_from=DefaultFrom(lambda givenname, sn: '%c%c' % (givenname[0], sn[0]), 'principal'),
+ ),
+ parameters.Str(
+ 'homedirectory',
+ required=False,
+ cli_name='homedir',
+ label=_(u'Home directory'),
+ ),
+ parameters.Str(
+ 'gecos',
+ required=False,
+ label=_(u'GECOS'),
+ default_from=DefaultFrom(lambda givenname, sn: '%s %s' % (givenname, sn), 'principal'),
+ ),
+ parameters.Str(
+ 'loginshell',
+ required=False,
+ cli_name='shell',
+ label=_(u'Login shell'),
+ ),
+ parameters.Str(
+ 'krbprincipalname',
+ required=False,
+ cli_name='principal',
+ label=_(u'Kerberos principal'),
+ default_from=DefaultFrom(lambda uid: '%s@%s' % (uid.lower(), api.env.realm), 'principal'),
+ no_convert=True,
+ ),
+ parameters.DateTime(
+ 'krbprincipalexpiration',
+ required=False,
+ cli_name='principal_expiration',
+ label=_(u'Kerberos principal expiration'),
+ ),
+ parameters.Str(
+ 'mail',
+ required=False,
+ multivalue=True,
+ cli_name='email',
+ label=_(u'Email address'),
+ ),
+ parameters.Password(
+ 'userpassword',
+ required=False,
+ cli_name='password',
+ label=_(u'Password'),
+ doc=_(u'Prompt to set the user password'),
+ exclude=('webui',),
+ confirm=True,
+ ),
+ parameters.Int(
+ 'uidnumber',
+ required=False,
+ cli_name='uid',
+ label=_(u'UID'),
+ doc=_(u'User ID Number (system will assign one if not provided)'),
+ ),
+ parameters.Int(
+ 'gidnumber',
+ required=False,
+ label=_(u'GID'),
+ doc=_(u'Group ID Number'),
+ ),
+ parameters.Str(
+ 'street',
+ required=False,
+ label=_(u'Street address'),
+ ),
+ parameters.Str(
+ 'l',
+ required=False,
+ cli_name='city',
+ label=_(u'City'),
+ ),
+ parameters.Str(
+ 'st',
+ required=False,
+ cli_name='state',
+ label=_(u'State/Province'),
+ ),
+ parameters.Str(
+ 'postalcode',
+ required=False,
+ label=_(u'ZIP'),
+ ),
+ parameters.Str(
+ 'telephonenumber',
+ required=False,
+ multivalue=True,
+ cli_name='phone',
+ label=_(u'Telephone Number'),
+ ),
+ parameters.Str(
+ 'mobile',
+ required=False,
+ multivalue=True,
+ label=_(u'Mobile Telephone Number'),
+ ),
+ parameters.Str(
+ 'pager',
+ required=False,
+ multivalue=True,
+ label=_(u'Pager Number'),
+ ),
+ parameters.Str(
+ 'facsimiletelephonenumber',
+ required=False,
+ multivalue=True,
+ cli_name='fax',
+ label=_(u'Fax Number'),
+ ),
+ parameters.Str(
+ 'ou',
+ required=False,
+ cli_name='orgunit',
+ label=_(u'Org. Unit'),
+ ),
+ parameters.Str(
+ 'title',
+ required=False,
+ label=_(u'Job Title'),
+ ),
+ parameters.Str(
+ 'manager',
+ required=False,
+ label=_(u'Manager'),
+ ),
+ parameters.Str(
+ 'carlicense',
+ required=False,
+ multivalue=True,
+ label=_(u'Car License'),
+ ),
+ parameters.Bool(
+ 'nsaccountlock',
+ required=False,
+ label=_(u'Account disabled'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'ipauserauthtype',
+ required=False,
+ multivalue=True,
+ cli_name='user_auth_type',
+ cli_metavar="['password', 'radius', 'otp']",
+ label=_(u'User authentication types'),
+ doc=_(u'Types of supported user authentication'),
+ ),
+ parameters.Str(
+ 'userclass',
+ required=False,
+ multivalue=True,
+ cli_name='class',
+ label=_(u'Class'),
+ doc=_(u'User category (semantics placed on this attribute are for local interpretation)'),
+ ),
+ parameters.Str(
+ 'ipatokenradiusconfiglink',
+ required=False,
+ cli_name='radius',
+ label=_(u'RADIUS proxy configuration'),
+ ),
+ parameters.Str(
+ 'ipatokenradiususername',
+ required=False,
+ cli_name='radius_username',
+ label=_(u'RADIUS proxy username'),
+ ),
+ parameters.Str(
+ 'departmentnumber',
+ required=False,
+ multivalue=True,
+ label=_(u'Department Number'),
+ ),
+ parameters.Str(
+ 'employeenumber',
+ required=False,
+ label=_(u'Employee Number'),
+ ),
+ parameters.Str(
+ 'employeetype',
+ required=False,
+ label=_(u'Employee Type'),
+ ),
+ parameters.Str(
+ 'preferredlanguage',
+ required=False,
+ label=_(u'Preferred Language'),
+ ),
+ parameters.Int(
+ 'timelimit',
+ required=False,
+ label=_(u'Time Limit'),
+ doc=_(u'Time limit of search in seconds'),
+ ),
+ parameters.Int(
+ 'sizelimit',
+ required=False,
+ label=_(u'Size Limit'),
+ doc=_(u'Maximum number of entries returned'),
+ ),
+ parameters.Flag(
+ 'whoami',
+ label=_(u'Self'),
+ doc=_(u'Display user record for current Kerberos principal'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'pkey_only',
+ required=False,
+ label=_(u'Primary key only'),
+ doc=_(u'Results should contain primary key attribute only ("login")'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'in_group',
+ required=False,
+ multivalue=True,
+ cli_name='in_groups',
+ label=_(u'group'),
+ doc=_(u'Search for users with these member of groups.'),
+ ),
+ parameters.Str(
+ 'not_in_group',
+ required=False,
+ multivalue=True,
+ cli_name='not_in_groups',
+ label=_(u'group'),
+ doc=_(u'Search for users without these member of groups.'),
+ ),
+ parameters.Str(
+ 'in_netgroup',
+ required=False,
+ multivalue=True,
+ cli_name='in_netgroups',
+ label=_(u'netgroup'),
+ doc=_(u'Search for users with these member of netgroups.'),
+ ),
+ parameters.Str(
+ 'not_in_netgroup',
+ required=False,
+ multivalue=True,
+ cli_name='not_in_netgroups',
+ label=_(u'netgroup'),
+ doc=_(u'Search for users without these member of netgroups.'),
+ ),
+ parameters.Str(
+ 'in_role',
+ required=False,
+ multivalue=True,
+ cli_name='in_roles',
+ label=_(u'role'),
+ doc=_(u'Search for users with these member of roles.'),
+ ),
+ parameters.Str(
+ 'not_in_role',
+ required=False,
+ multivalue=True,
+ cli_name='not_in_roles',
+ label=_(u'role'),
+ doc=_(u'Search for users without these member of roles.'),
+ ),
+ parameters.Str(
+ 'in_hbacrule',
+ required=False,
+ multivalue=True,
+ cli_name='in_hbacrules',
+ label=_(u'HBAC rule'),
+ doc=_(u'Search for users with these member of HBAC rules.'),
+ ),
+ parameters.Str(
+ 'not_in_hbacrule',
+ required=False,
+ multivalue=True,
+ cli_name='not_in_hbacrules',
+ label=_(u'HBAC rule'),
+ doc=_(u'Search for users without these member of HBAC rules.'),
+ ),
+ parameters.Str(
+ 'in_sudorule',
+ required=False,
+ multivalue=True,
+ cli_name='in_sudorules',
+ label=_(u'sudo rule'),
+ doc=_(u'Search for users with these member of sudo rules.'),
+ ),
+ parameters.Str(
+ 'not_in_sudorule',
+ required=False,
+ multivalue=True,
+ cli_name='not_in_sudorules',
+ label=_(u'sudo rule'),
+ doc=_(u'Search for users without these member of sudo rules.'),
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.ListOfEntries(
+ 'result',
+ ),
+ output.Output(
+ 'count',
+ int,
+ doc=_(u'Number of entries returned'),
+ ),
+ output.Output(
+ 'truncated',
+ bool,
+ doc=_(u'True if not all results were returned'),
+ ),
+ )
+
+
+@register()
+class user_mod(Method):
+ __doc__ = _("Modify a user.")
+
+ takes_args = (
+ parameters.Str(
+ 'uid',
+ cli_name='login',
+ label=_(u'User login'),
+ default_from=DefaultFrom(lambda givenname, sn: givenname[0] + sn, 'principal'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'givenname',
+ required=False,
+ cli_name='first',
+ label=_(u'First name'),
+ ),
+ parameters.Str(
+ 'sn',
+ required=False,
+ cli_name='last',
+ label=_(u'Last name'),
+ ),
+ parameters.Str(
+ 'cn',
+ required=False,
+ label=_(u'Full name'),
+ default_from=DefaultFrom(lambda givenname, sn: '%s %s' % (givenname, sn), 'principal'),
+ ),
+ parameters.Str(
+ 'displayname',
+ required=False,
+ label=_(u'Display name'),
+ default_from=DefaultFrom(lambda givenname, sn: '%s %s' % (givenname, sn), 'principal'),
+ ),
+ parameters.Str(
+ 'initials',
+ required=False,
+ label=_(u'Initials'),
+ default_from=DefaultFrom(lambda givenname, sn: '%c%c' % (givenname[0], sn[0]), 'principal'),
+ ),
+ parameters.Str(
+ 'homedirectory',
+ required=False,
+ cli_name='homedir',
+ label=_(u'Home directory'),
+ ),
+ parameters.Str(
+ 'gecos',
+ required=False,
+ label=_(u'GECOS'),
+ default_from=DefaultFrom(lambda givenname, sn: '%s %s' % (givenname, sn), 'principal'),
+ ),
+ parameters.Str(
+ 'loginshell',
+ required=False,
+ cli_name='shell',
+ label=_(u'Login shell'),
+ ),
+ parameters.DateTime(
+ 'krbprincipalexpiration',
+ required=False,
+ cli_name='principal_expiration',
+ label=_(u'Kerberos principal expiration'),
+ ),
+ parameters.Str(
+ 'mail',
+ required=False,
+ multivalue=True,
+ cli_name='email',
+ label=_(u'Email address'),
+ ),
+ parameters.Password(
+ 'userpassword',
+ required=False,
+ cli_name='password',
+ label=_(u'Password'),
+ doc=_(u'Prompt to set the user password'),
+ exclude=('webui',),
+ confirm=True,
+ ),
+ parameters.Flag(
+ 'random',
+ required=False,
+ doc=_(u'Generate a random user password'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Int(
+ 'uidnumber',
+ required=False,
+ cli_name='uid',
+ label=_(u'UID'),
+ doc=_(u'User ID Number (system will assign one if not provided)'),
+ ),
+ parameters.Int(
+ 'gidnumber',
+ required=False,
+ label=_(u'GID'),
+ doc=_(u'Group ID Number'),
+ ),
+ parameters.Str(
+ 'street',
+ required=False,
+ label=_(u'Street address'),
+ ),
+ parameters.Str(
+ 'l',
+ required=False,
+ cli_name='city',
+ label=_(u'City'),
+ ),
+ parameters.Str(
+ 'st',
+ required=False,
+ cli_name='state',
+ label=_(u'State/Province'),
+ ),
+ parameters.Str(
+ 'postalcode',
+ required=False,
+ label=_(u'ZIP'),
+ ),
+ parameters.Str(
+ 'telephonenumber',
+ required=False,
+ multivalue=True,
+ cli_name='phone',
+ label=_(u'Telephone Number'),
+ ),
+ parameters.Str(
+ 'mobile',
+ required=False,
+ multivalue=True,
+ label=_(u'Mobile Telephone Number'),
+ ),
+ parameters.Str(
+ 'pager',
+ required=False,
+ multivalue=True,
+ label=_(u'Pager Number'),
+ ),
+ parameters.Str(
+ 'facsimiletelephonenumber',
+ required=False,
+ multivalue=True,
+ cli_name='fax',
+ label=_(u'Fax Number'),
+ ),
+ parameters.Str(
+ 'ou',
+ required=False,
+ cli_name='orgunit',
+ label=_(u'Org. Unit'),
+ ),
+ parameters.Str(
+ 'title',
+ required=False,
+ label=_(u'Job Title'),
+ ),
+ parameters.Str(
+ 'manager',
+ required=False,
+ label=_(u'Manager'),
+ ),
+ parameters.Str(
+ 'carlicense',
+ required=False,
+ multivalue=True,
+ label=_(u'Car License'),
+ ),
+ parameters.Bool(
+ 'nsaccountlock',
+ required=False,
+ label=_(u'Account disabled'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'ipasshpubkey',
+ required=False,
+ multivalue=True,
+ cli_name='sshpubkey',
+ label=_(u'SSH public key'),
+ no_convert=True,
+ ),
+ parameters.Str(
+ 'ipauserauthtype',
+ required=False,
+ multivalue=True,
+ cli_name='user_auth_type',
+ cli_metavar="['password', 'radius', 'otp']",
+ label=_(u'User authentication types'),
+ doc=_(u'Types of supported user authentication'),
+ ),
+ parameters.Str(
+ 'userclass',
+ required=False,
+ multivalue=True,
+ cli_name='class',
+ label=_(u'Class'),
+ doc=_(u'User category (semantics placed on this attribute are for local interpretation)'),
+ ),
+ parameters.Str(
+ 'ipatokenradiusconfiglink',
+ required=False,
+ cli_name='radius',
+ label=_(u'RADIUS proxy configuration'),
+ ),
+ parameters.Str(
+ 'ipatokenradiususername',
+ required=False,
+ cli_name='radius_username',
+ label=_(u'RADIUS proxy username'),
+ ),
+ parameters.Str(
+ 'departmentnumber',
+ required=False,
+ multivalue=True,
+ label=_(u'Department Number'),
+ ),
+ parameters.Str(
+ 'employeenumber',
+ required=False,
+ label=_(u'Employee Number'),
+ ),
+ parameters.Str(
+ 'employeetype',
+ required=False,
+ label=_(u'Employee Type'),
+ ),
+ parameters.Str(
+ 'preferredlanguage',
+ required=False,
+ label=_(u'Preferred Language'),
+ ),
+ parameters.Str(
+ 'setattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'addattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'delattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Delete an attribute/value pair. The option will be evaluated\nlast, after all sets and adds.'),
+ exclude=('webui',),
+ ),
+ parameters.Flag(
+ 'rights',
+ label=_(u'Rights'),
+ doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'rename',
+ required=False,
+ label=_(u'Rename'),
+ doc=_(u'Rename the user object'),
+ default_from=DefaultFrom(lambda givenname, sn: givenname[0] + sn, 'principal'),
+ no_convert=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class user_show(Method):
+ __doc__ = _("Display information about a user.")
+
+ takes_args = (
+ parameters.Str(
+ 'uid',
+ cli_name='login',
+ label=_(u'User login'),
+ default_from=DefaultFrom(lambda givenname, sn: givenname[0] + sn, 'principal'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'rights',
+ label=_(u'Rights'),
+ doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class user_status(Method):
+ __doc__ = _("""
+Lockout status of a user account
+
+ An account may become locked if the password is entered incorrectly too
+ many times within a specific time period as controlled by password
+ policy. A locked account is a temporary condition and may be unlocked by
+ an administrator.
+
+ This connects to each IPA master and displays the lockout status on
+ each one.
+
+ To determine whether an account is locked on a given server you need
+ to compare the number of failed logins and the time of the last failure.
+ For an account to be locked it must exceed the maxfail failures within
+ the failinterval duration as specified in the password policy associated
+ with the user.
+
+ The failed login counter is modified only when a user attempts a log in
+ so it is possible that an account may appear locked but the last failed
+ login attempt is older than the lockouttime of the password policy. This
+ means that the user may attempt a login again.
+ """)
+
+ takes_args = (
+ parameters.Str(
+ 'uid',
+ cli_name='login',
+ label=_(u'User login'),
+ default_from=DefaultFrom(lambda givenname, sn: givenname[0] + sn, 'principal'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.ListOfEntries(
+ 'result',
+ ),
+ output.Output(
+ 'count',
+ int,
+ doc=_(u'Number of entries returned'),
+ ),
+ output.Output(
+ 'truncated',
+ bool,
+ doc=_(u'True if not all results were returned'),
+ ),
+ )
+
+
+@register()
+class user_unlock(Method):
+ __doc__ = _("""
+Unlock a user account
+
+ An account may become locked if the password is entered incorrectly too
+ many times within a specific time period as controlled by password
+ policy. A locked account is a temporary condition and may be unlocked by
+ an administrator.
+ """)
+
+ takes_args = (
+ parameters.Str(
+ 'uid',
+ cli_name='login',
+ label=_(u'User login'),
+ default_from=DefaultFrom(lambda givenname, sn: givenname[0] + sn, 'principal'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Output(
+ 'result',
+ bool,
+ doc=_(u'True means the operation was successful'),
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )