>From 4e50cd59ec38d29ba6efc47b5420a47f656e74a9 Mon Sep 17 00:00:00 2001 From: Rowland Penny Date: Mon, 16 Nov 2015 15:57:23 +0000 Subject: [PATCH 3/4] group.py: update group with nis attributes Signed-off-by: Rowland Penny --- python/samba/netcmd/group.py | 94 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 94 insertions(+) diff --git a/python/samba/netcmd/group.py b/python/samba/netcmd/group.py index 722bcc4..efb819a 100644 --- a/python/samba/netcmd/group.py +++ b/python/samba/netcmd/group.py @@ -408,6 +408,99 @@ samba-tool group listmembers \"Domain Users\" -H ldap://samba.samdom.example.com raise CommandError('Failed to list members of "%s" group ' % groupname, e) +class cmd_group_nis_add(Command): + """Add NIS attributes to a group. + +This command adds NIS info to a group account in the Active Directory domain. +The groupname specified on the command is the sAMaccountName. + +Unix (RFC2307) attributes will be added to the group account. +Configure 'idmap_ldb:use rfc2307 = Yes' in smb.conf to use these GID mapping +attributes. + +The command may be run from the root userid or another authorized userid. +The -H or --URL= option can be used to execute the command against a remote +server. + +Example: +samba-tool group nisadd Group1 --nis-domain=samdom --gid-number=12345 + +The example shows how to add RFC2307/NIS attributes to a domain enabled group +account. The groups gidNumber will be set to '12345' + +""" + synopsis = "%prog [options]" + + takes_optiongroups = { + "sambaopts": options.SambaOptions, + "credopts": options.CredentialsOptions, + "versionopts": options.VersionOptions, + } + + takes_options = [ + Option("-H", "--URL", help="LDB URL for database or target server", + type=str, metavar="URL", dest="H"), + Option("--gid-number", help="Group's Unix/RFC2307 GID number", type=int), + Option("--nis-domain", help="Group's Unix/RFC2307 NIS domain", + type=str), + ] + + takes_args = ["groupname"] + + + def run(self, groupname, credopts=None, sambaopts=None, versionopts=None, + H=None, nis_domain=None, gid_number=None): + + lp = sambaopts.get_loadparm() + creds = credopts.get_credentials(lp) + + samdb = SamDB(url=H, session_info=system_session(), + credentials=creds, lp=lp) + + if (gid_number is None and nis_domain is not None) or \ + (gid_number is not None and nis_domain is None): + raise CommandError('Both --gid-number and --nis-domain' + ' have to be set for a RFC2307-enabled group.' + 'Operation cancelled.') + + domain_dn = samdb.domain_dn() + search_filter = "(samaccountname=%s)" % groupname + group_dn = samdb.get_object_dn(search_filter) + + # what if group already is a NIS group?? + res = samdb.search(group_dn, + scope=ldb.SCOPE_BASE, + attrs=["gidNumber"]) + if "gidNumber" in res[0]: + raise CommandError("Group %s already is a NIS group." % groupname) + + if not lp.get("idmap_ldb:use rfc2307"): + self.outf.write("You are setting a Unix/RFC2307 GID. \ +You may want to set 'idmap_ldb:use rfc2307 = Yes' in smb.conf to \ +use this attribute for XID/SID-mapping.\n") + + update_group = """ +dn: %s +changetype: modify +add: msSFU30NisDomain +msSFU30NisDomain: %s +- +add: msSFU30Name +msSFU30Name: %s +- +add: gidNumber +gidNumber: %s +- +""" % (group_dn, nis_domain, groupname, gid_number) + + try: + samdb.modify_ldif(update_group) + except Exception, e: + raise CommandError("Failed to update group '%s': " % groupname, e) + + self.outf.write("Group '%s' updated successfully\n" % groupname) + + class cmd_group(SuperCommand): """Group management.""" @@ -418,3 +511,4 @@ class cmd_group(SuperCommand): subcommands["removemembers"] = cmd_group_remove_members() subcommands["list"] = cmd_group_list() subcommands["listmembers"] = cmd_group_list_members() + subcommands["nisadd"] = cmd_group_nis_add() -- 1.7.10.4