From: Alexander Wuerstlein a...@arw.name
Reads Unix UID from NSS or commandline and creates a
UID/SID mapping when creating a new user.
---
source4/scripting/python/samba/netcmd/user.py | 38
1 files changed, 31 insertions(+), 7 deletions(-)
diff --git a/source4/scripting/python/samba/netcmd/user.py
b/source4/scripting/python/samba/netcmd/user.py
index 1172f4e..44a37fd 100644
--- a/source4/scripting/python/samba/netcmd/user.py
+++ b/source4/scripting/python/samba/netcmd/user.py
@@ -22,6 +22,8 @@ import ldb
from getpass import getpass
from samba.auth import system_session
from samba.samdb import SamDB
+from samba.idmap import IDmapDB
+import pwd
from samba import (
dsdb,
gensec,
@@ -48,6 +50,8 @@ A user account enables a user to logon to a computer and
domain with an identity
The command may be run from the root userid or another authorized userid. The
-H or --URL= option can be used to execute the command against a remote server.
+With --match-unix-uid a SID/UID-mapping is created for the new user which is
used to map filesystem permissions from Unix filesystems to Windows.
Optionally, a UID can be explicitly given via --unix-uid, without an explicit
UID NSS is used to obtain the UID if possible. Creation of a SID/UID-mapping is
not possible when running samba-tool on a remote server.
+
Example1:
samba-tool user add User1 passw0rd --given-name=John --surname=Smith
--must-change-at-next-login -H ldap://samba.samdom.example.com
-Uadministrator%passw1rd
@@ -63,6 +67,11 @@ samba-tool user add User3 passw3rd --userou=OrgUnit
Example3 shows how to create a new user in the OrgUnit organizational unit.
+Example4:
+samba-tool user create unixgod passw4rd --match-unix-uid --unix-uid 31337
+
+Example4 shows how to create a new user and map his windows SID to his Unix
UID 31337.
+
synopsis = %prog username [password] [options]
@@ -96,6 +105,8 @@ Example3 shows how to create a new user in the OrgUnit
organizational unit.
Option(--internet-address, help=User's home page, type=str),
Option(--telephone-number, help=User's phone number, type=str),
Option(--physical-delivery-office, help=User's office location,
type=str),
+Option(--match-unix-uid, help=Set User's Unix UID from NSS or from
--unix-uid, action=store_true),
+Option(--unix-uid, help=Unix UID of the new user, type=str),
]
takes_args = [username, password?]
@@ -107,13 +118,12 @@ Example3 shows how to create a new user in the OrgUnit
organizational unit.
}
def run(self, username, password=None, credopts=None, sambaopts=None,
-versionopts=None, H=None, must_change_at_next_login=False,
-random_password=False, use_username_as_cn=False, userou=None,
-surname=None, given_name=None, initials=None, profile_path=None,
-script_path=None, home_drive=None, home_directory=None,
+versionopts=None, H=None, must_change_at_next_login=False,
random_password=False,
+use_username_as_cn=False, userou=None, surname=None,
given_name=None, initials=None,
+profile_path=None, script_path=None, home_drive=None,
home_directory=None,
job_title=None, department=None, company=None, description=None,
-mail_address=None, internet_address=None, telephone_number=None,
-physical_delivery_office=None):
+mail_address=None, internet_address=None, telephone_number=None,
physical_delivery_office=None,
+match_unix_uid=False, unix_uid=None):
if random_password:
password = generate_random_password(128, 255)
@@ -133,12 +143,26 @@ Example3 shows how to create a new user in the OrgUnit
organizational unit.
try:
samdb = SamDB(url=H, session_info=system_session(),
credentials=creds, lp=lp)
-samdb.newuser(username, password,
force_password_change_at_next_login_req=must_change_at_next_login,
+samdb.newuser(username, password,
+
force_password_change_at_next_login_req=must_change_at_next_login,
useusernameascn=use_username_as_cn, userou=userou,
surname=surname, givenname=given_name, initials=initials,
profilepath=profile_path, homedrive=home_drive,
scriptpath=script_path, homedirectory=home_directory,
jobtitle=job_title, department=department,
company=company, description=description,
mailaddress=mail_address,
internetaddress=internet_address,
telephonenumber=telephone_number,
physicaldeliveryoffice=physical_delivery_office)
+if match_unix_uid:
+ idmap = IDmapDB(lp=lp)
+ sids = samdb.search(samdb.get_default_basedn(),
scope=ldb.SCOPE_SUBTREE,
+ expression=(((objectClass=user)(samaccountname=%s))