[Samba] [PATCH] allow to create Unix-UID/SID mapping in samba-tool user create

Alexander Wuerstlein snalwuer at cip.cs.fau.de
Mon Sep 24 16:19:27 MDT 2012 

From: Alexander Wuerstlein <arw at arw.name>

Reads Unix UID from NSS or commandline and creates a
UID/SID mapping when creating a new user.
---
 source4/scripting/python/samba/netcmd/user.py |   38 ++++++++++++++++++++----
 1 files changed, 31 insertions(+), 7 deletions(-)

diff --git a/source4/scripting/python/samba/netcmd/user.py b/source4/scripting/python/samba/netcmd/user.py
index 1172f4e..44a37fd 100644
--- a/source4/scripting/python/samba/netcmd/user.py
+++ b/source4/scripting/python/samba/netcmd/user.py
@@ -22,6 +22,8 @@ import ldb
 from getpass import getpass
 from samba.auth import system_session
 from samba.samdb import SamDB
+from samba.idmap import IDmapDB
+import pwd
 from samba import (
     dsdb,
     gensec,
@@ -48,6 +50,8 @@ A user account enables a user to logon to a computer and domain with an identity
 
 The command may be run from the root userid or another authorized userid.  The -H or --URL= option can be used to execute the command against a remote server.
 
+With --match-unix-uid a SID/UID-mapping is created for the new user which is used to map filesystem permissions from Unix filesystems to Windows. Optionally, a UID can be explicitly given via --unix-uid, without an explicit UID NSS is used to obtain the UID if possible. Creation of a SID/UID-mapping is not possible when running samba-tool on a remote server.
+
 Example1:
 samba-tool user add User1 passw0rd --given-name=John --surname=Smith --must-change-at-next-login -H ldap://samba.samdom.example.com -Uadministrator%passw1rd
 
@@ -63,6 +67,11 @@ samba-tool user add User3 passw3rd --userou=OrgUnit
 
 Example3 shows how to create a new user in the OrgUnit organizational unit.
 
+Example4:
+samba-tool user create unixgod passw4rd --match-unix-uid --unix-uid 31337
+
+Example4 shows how to create a new user and map his windows SID to his Unix UID 31337.
+
 """
     synopsis = "%prog <username> [<password>] [options]"
 
@@ -96,6 +105,8 @@ Example3 shows how to create a new user in the OrgUnit organizational unit.
         Option("--internet-address", help="User's home page", type=str),
         Option("--telephone-number", help="User's phone number", type=str),
         Option("--physical-delivery-office", help="User's office location", type=str),
+        Option("--match-unix-uid", help="Set User's Unix UID from NSS or from --unix-uid", action="store_true"),
+        Option("--unix-uid", help="Unix UID of the new user", type=str),
     ]
 
     takes_args = ["username", "password?"]
@@ -107,13 +118,12 @@ Example3 shows how to create a new user in the OrgUnit organizational unit.
         }
 
     def run(self, username, password=None, credopts=None, sambaopts=None,
-            versionopts=None, H=None, must_change_at_next_login=False,
-            random_password=False, use_username_as_cn=False, userou=None,
-            surname=None, given_name=None, initials=None, profile_path=None,
-            script_path=None, home_drive=None, home_directory=None,
+            versionopts=None, H=None, must_change_at_next_login=False, random_password=False,
+            use_username_as_cn=False, userou=None, surname=None, given_name=None, initials=None,
+            profile_path=None, script_path=None, home_drive=None, home_directory=None,
             job_title=None, department=None, company=None, description=None,
-            mail_address=None, internet_address=None, telephone_number=None,
-            physical_delivery_office=None):
+            mail_address=None, internet_address=None, telephone_number=None, physical_delivery_office=None,
+            match_unix_uid=False, unix_uid=None):
 
         if random_password:
             password = generate_random_password(128, 255)
@@ -133,12 +143,26 @@ Example3 shows how to create a new user in the OrgUnit organizational unit.
         try:
             samdb = SamDB(url=H, session_info=system_session(),
                           credentials=creds, lp=lp)
-            samdb.newuser(username, password, force_password_change_at_next_login_req=must_change_at_next_login,
+            samdb.newuser(username, password,
+                          force_password_change_at_next_login_req=must_change_at_next_login,
                           useusernameascn=use_username_as_cn, userou=userou, surname=surname, givenname=given_name, initials=initials,
                           profilepath=profile_path, homedrive=home_drive, scriptpath=script_path, homedirectory=home_directory,
                           jobtitle=job_title, department=department, company=company, description=description,
                           mailaddress=mail_address, internetaddress=internet_address,
                           telephonenumber=telephone_number, physicaldeliveryoffice=physical_delivery_office)
+            if match_unix_uid:
+		idmap = IDmapDB(lp=lp)
+		sids = samdb.search(samdb.get_default_basedn(), scope=ldb.SCOPE_SUBTREE,
+			expression=("(&(objectClass=user)(samaccountname=%s))" % username),
+			attrs=["objectSid"])
+		if (len(sids) != 1):
+			raise CommandError("Failed to set Unix UID for '%s'" % username, e)
+		if not unix_uid:
+			pwent = pwd.getpwnam(username)
+			unix_uid = pwent[2]
+		sid = samdb.schema_format_value("objectSid", sids[0]["objectSid"][0])
+		self.outf.write("User '%s' matched to UID '%u' and SID '%s'\n" % (username,unix_uid,sid))
+		idmap.setup_name_mapping(sid, idmap.TYPE_UID, unix_uid)
         except Exception, e:
             raise CommandError("Failed to add user '%s': " % username, e)
 
-- 
1.7.2.5

More information about the samba mailing list