diff options
-rw-r--r-- | docs-xml/manpages/samba-tool.8.xml | 5 | ||||
-rw-r--r-- | python/samba/netcmd/group.py | 81 | ||||
-rw-r--r-- | python/samba/tests/samba_tool/group.py | 10 |
3 files changed, 96 insertions, 0 deletions
diff --git a/docs-xml/manpages/samba-tool.8.xml b/docs-xml/manpages/samba-tool.8.xml index 72656d2d2a0..fd58b1b1941 100644 --- a/docs-xml/manpages/samba-tool.8.xml +++ b/docs-xml/manpages/samba-tool.8.xml @@ -610,6 +610,11 @@ <para>Remove members from the specified AD group.</para> </refsect3> +<refsect3> + <title>group show <replaceable>groupname</replaceable> [options]</title> + <para>Show group object and it's attributes.</para> +</refsect3> + <refsect2> <title>ldapcmp <replaceable>URL1</replaceable> <replaceable>URL2</replaceable> <replaceable>domain|configuration|schema|dnsdomain|dnsforest</replaceable> [options] </title> <para>Compare two LDAP databases.</para> diff --git a/python/samba/netcmd/group.py b/python/samba/netcmd/group.py index a4969cc6ba9..9e1e11071f4 100644 --- a/python/samba/netcmd/group.py +++ b/python/samba/netcmd/group.py @@ -26,6 +26,7 @@ from getpass import getpass from samba.auth import system_session from samba.samdb import SamDB from samba.dsdb import ( + ATYPE_SECURITY_GLOBAL_GROUP, GTYPE_SECURITY_BUILTIN_LOCAL_GROUP, GTYPE_SECURITY_DOMAIN_LOCAL_GROUP, GTYPE_SECURITY_GLOBAL_GROUP, @@ -500,6 +501,85 @@ class cmd_group_move(Command): self.outf.write('Moved group "%s" into "%s"\n' % (groupname, full_new_parent_dn)) +class cmd_group_show(Command): + """Display a group AD object. + +This command displays a group object and it's attributes in the Active +Directory domain. +The group name specified on the command is the sAMAccountName of the group. + +The command may be run from the root userid or another authorized userid. + +The -H or --URL= option can be used to execute the command against a remote +server. + +Example1: +samba-tool group show Group1 -H ldap://samba.samdom.example.com \ +-U administrator --password=passw1rd + +Example1 shows how to display a group's attributes in the domain against a remote +LDAP server. + +The -H parameter is used to specify the remote target server. + +Example2: +samba-tool group show Group2 + +Example2 shows how to display a group's attributes in the domain against a local +LDAP server. + +Example3: +samba-tool group show Group3 --attributes=member,objectGUID + +Example3 shows how to display a users objectGUID and member attributes. +""" + synopsis = "%prog <group name> [options]" + + takes_options = [ + Option("-H", "--URL", help="LDB URL for database or target server", + type=str, metavar="URL", dest="H"), + Option("--attributes", + help=("Comma separated list of attributes, " + "which will be printed."), + type=str, dest="group_attrs"), + ] + + takes_args = ["groupname"] + takes_optiongroups = { + "sambaopts": options.SambaOptions, + "credopts": options.CredentialsOptions, + "versionopts": options.VersionOptions, + } + + def run(self, groupname, credopts=None, sambaopts=None, versionopts=None, + H=None, group_attrs=None): + + lp = sambaopts.get_loadparm() + creds = credopts.get_credentials(lp, fallback_machine=True) + samdb = SamDB(url=H, session_info=system_session(), + credentials=creds, lp=lp) + + attrs = None + if group_attrs: + attrs = group_attrs.split(",") + + filter = ("(&(sAMAccountType=%d)(sAMAccountName=%s))" % + ( ATYPE_SECURITY_GLOBAL_GROUP, + ldb.binary_encode(groupname))) + + domaindn = samdb.domain_dn() + + try: + res = samdb.search(base=domaindn, expression=filter, + scope=ldb.SCOPE_SUBTREE, attrs=attrs) + user_dn = res[0].dn + except IndexError: + raise CommandError('Unable to find group "%s"' % (groupname)) + + for msg in res: + user_ldif = samdb.write_ldif(msg, ldb.CHANGETYPE_NONE) + self.outf.write(user_ldif) + class cmd_group(SuperCommand): """Group management.""" @@ -511,3 +591,4 @@ class cmd_group(SuperCommand): subcommands["list"] = cmd_group_list() subcommands["listmembers"] = cmd_group_list_members() subcommands["move"] = cmd_group_move() + subcommands["show"] = cmd_group_show() diff --git a/python/samba/tests/samba_tool/group.py b/python/samba/tests/samba_tool/group.py index 914b8175d15..06226717ab1 100644 --- a/python/samba/tests/samba_tool/group.py +++ b/python/samba/tests/samba_tool/group.py @@ -170,6 +170,16 @@ class GroupCmdTestCase(SambaToolCmdTest): self.assertCmdSuccess(result, out, err, "Failed to delete ou '%s'" % full_ou_dn) + def test_show(self): + """Assert that we can show a group correctly.""" + (result, out, err) = self.runsubcmd("group", "show", "Domain Users", + "-H", "ldap://%s" % os.environ["DC_SERVER"], + "-U%s%%%s" % (os.environ["DC_USERNAME"], + os.environ["DC_PASSWORD"])) + self.assertCmdSuccess(result, out, err) + self.assertEquals(err,"","Shouldn't be any error messages") + self.assertIn("dn: CN=Domain Users,CN=Users,DC=samba,DC=example,DC=com", out) + def _randomGroup(self, base={}): """create a group with random attribute values, you can specify base attributes""" group = { |