summaryrefslogtreecommitdiff
path: root/python/samba/samdb.py
Commit message (Collapse)AuthorAgeFilesLines
* samba-tool group addmembers: add --member-base-dn option for group member searchBjörn Baumbach2020-01-211-2/+5
| | | | | Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Ralph Boehme <slow@samba.org>
* samba-tool group addmembers: add --member-dn optionBjörn Baumbach2020-01-211-26/+33
| | | | | | | | | | | The --member-dn option allows to specify an object by it's DN. This is required to select a specific object if there are more than one with the same name. Multiple contacts can exist with the same name in different OUs. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Ralph Boehme <slow@samba.org>
* python/samdb: validation of group member types for group member filterBjörn Baumbach2020-01-211-0/+6
| | | | | Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Ralph Boehme <slow@samba.org>
* python/samdb: add type "all" to search for all common types of group membersBjörn Baumbach2020-01-211-0/+10
| | | | | Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Ralph Boehme <slow@samba.org>
* python/samdb: adapt search filter for group object typeBjörn Baumbach2020-01-211-1/+3
| | | | | | | | | | Use a group search filter which is similar to the filter which is used by the basic MS Windows group membership management. The filter excludes the group type GROUP_TYPE_BUILTIN_LOCAL_GROUP. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Ralph Boehme <slow@samba.org>
* python/samdb: adapt search filter for user object typeBjörn Baumbach2020-01-211-2/+2
| | | | | | | | | | Use a user search filter which is similar to the filter which is used by the basic MS Windows group membership management. The filter filters for objects with the sAMAccountType ATYPE_NORMAL_ACCOUNT. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Ralph Boehme <slow@samba.org>
* python/samdb: add 'computer' to the default group member types for group ↵Björn Baumbach2020-01-211-1/+1
| | | | | | | | | | member filters Add the 'computer' type to the default member types, so that the next commit does not change the default behavior. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Ralph Boehme <slow@samba.org>
* python/samdb: fetch specific error if there are more than one search resultsBjörn Baumbach2020-01-211-0/+6
| | | | | | | There can be more than one contact with the same name. Signed-off-by: Björn Baumbach <bb@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* python/samdb: add more object types for adding/remove group membersBjörn Baumbach2020-01-211-0/+21
| | | | | | | | The filters are based on the MS Windows filter, which are used by the basic group member management dialog. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Ralph Boehme <slow@samba.org>
* python/samdb: add option to specify types of group membersBjörn Baumbach2020-01-211-3/+17
| | | | | | | | | The option can be used to specify the type of the object which have to be added to (or removed) from a group. The search filter for the objects will be created according to the types. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Ralph Boehme <slow@samba.org>
* samba-tool: implement contact management commandsBjörn Baumbach2019-07-041-0/+108
| | | | | | | | | | | | | | | | | Usage: samba-tool contact <subcommand> Contact management. Available subcommands: create - Create a new contact. delete - Delete a contact. edit - Modify a contact. list - List all contacts. move - Move a contact object to an organizational unit or container. show - Display a contact. Signed-off-by: Björn Baumbach <bb@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Spelling fix s/informations/information/Mathieu Parent2019-04-021-2/+2
| | | | | | Signed-off-by: Mathieu Parent <math.parent@gmail.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
* python/samba: PY3 fix failing py3 samba.tests.group_audit testNoel Power2018-12-101-3/+3
| | | | | | | Fix bytes being compared against ldb.bytes Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* python/samba: PY3 don't call str for bytes (or str)Noel Power2018-12-101-4/+9
| | | | | | | | | | | | | | | | | | | | | | | Note: Fix needed also for gpo.apply minPwdAge, maxPwdAge, minPwdLength & set_pwdProperties all have a line like value = str(value).encode('utf8') this is a generic type statement I guess to convert int, float etc to utf8 encoded bytes representing the string value for those. This worked fine in PY2 but in py3 some routine already are passing bytes into these methods, in these cases e.g. b'200' will get converted to "b'200'", this change only performs the conversion above for non bytes (or str) types by replacing the above with if not isinstance(value, binary_type): value = str(value).encode('utf8') Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* python: do not use "is" for string equalityDouglas Bagnall2018-10-291-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | This is not always going to work, and is not guaranteed to be consistent even between minor versions. Here is a simple counterexample: >>> a = 'hello' >>> a is 'hello' True >>> a is 'hello'.lower() False >>> a == a.lower() True Possibly it always works for the empty string, but we cannot rely on that. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Oct 29 23:13:36 CET 2018 on sn-devel-144
* python/samdb: properly use property()Douglas Bagnall2018-10-291-2/+2
| | | | | | | | | | | | | Python's property() function works like this: property([getter[, setter[, delete[, doc]]]]) but we have been forgetting the delete function, or rather setting it to be a string. A string is not callable and is unlikely to succeed at deleting the property. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
* python/samba/netcmd: changes for samab.tests.samba_tool.computerNoel Power2018-09-031-1/+1
| | | | | Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* python/samba: port changes to allow samba.tests.dsdb_lock to work with PY3/PY2Noel Power2018-09-031-2/+2
| | | | | Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* PEP8: better formatting of (CONST1|CONST2)Douglas Bagnall2018-08-241-1/+2
| | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* PEP8: fix E713: test for membership should be 'not in'Joe Guo2018-08-241-4/+4
| | | | | | Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* PEP8: fix E303: too many blank lines (2)Joe Guo2018-08-241-4/+0
| | | | | | Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* PEP8: fix E302: expected 2 blank lines, found 1Joe Guo2018-08-241-0/+1
| | | | | | Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* PEP8: fix E227: missing whitespace around bitwise or shift operatorJoe Guo2018-08-241-1/+1
| | | | | | Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* PEP8: fix E225: missing whitespace around operatorJoe Guo2018-08-241-1/+1
| | | | | | Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* PEP8: fix E203: whitespace before ':'Joe Guo2018-08-241-1/+1
| | | | | | Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* PEP8: fix E128: continuation line under-indented for visual indentJoe Guo2018-08-241-33/+37
| | | | | | Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* PEP8: fix E127: continuation line over-indented for visual indentJoe Guo2018-08-241-9/+9
| | | | | | Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* PEP8: fix E121: continuation line under-indented for hanging indentJoe Guo2018-08-241-1/+1
| | | | | | Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* samdb: use int for get and set methods instead of digit strJoe Guo2018-07-131-4/+8
| | | | | | | | | | | | This will make the API work in a nature way. Also, because of a defect in ldb API, code like `res[0]["maxPwdAge"][0]` will return bytes even in Python3, which will cause trouble. By casting the value to int, we avoid the str/bytes issue. Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* python/samba/netcmd/schema.py: samdb schema update nowWilliam Brown2018-05-291-0/+9
| | | | | | | | | | | | | When we change schema values, we should trigger a schema update to refresh the changes applied. This is called after a change is made. A helper to samdb is added so that it's easier for other locations to call additionally. Signed-off-by: William Brown <william@blackhats.net.au> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue May 29 08:30:52 CEST 2018 on sn-devel-144
* python/samba/netcmd/schema.py: add schema query and management.William Brown2018-05-291-0/+4
| | | | | | | | | | Schema management in active directory is complex and dangerous. Having a tool that safely wraps administrative tasks as well as allowing query of the schema will make this complex topic more accessible to administrators. Signed-off-by: William Brown <william@blackhats.net.au> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* python/samba: Fix incorrect encode of passwordNoel Power2018-05-171-1/+5
| | | | | | | | | | | | | | In python2 you can encode a 'str' type which doesn't really make sense since it is already bytes (as such). In python3 this isn't possible you can't encode bytes or decode strings. Also because you can call encode on 'str' in python2 it tries to to what you wanted and it implicity calls decode('ascii') before performing the encode. This is why we get mention of ascii codec in the error. This patch should future proof for python3 also. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13435 Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samdb: fix wrong computer container dn for newcomputerJoe Guo2018-05-031-1/+1
| | | | | | | | CN=Users --> CN=Computers Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Rowland Penny <rpenny@samba.org>
* samba-tool: improve computer management commandsJoe Guo2018-04-061-3/+11
| | | | | | | | | | | | | | This pathch is based on Björn Baumbach's work: 1. Add `--ip-address` option for create subcommand, to allow user set DNS A or AAAA records while creating the computer. 2. Delete above DNS records while deleting the computer. 3. Add `--service-principal-name` option for create command, to allow user set `servicePrincipalName` while creating the computer. 4. Tests. Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* samba-tool: implement computer management commandsBjörn Baumbach2018-04-061-0/+52
| | | | | | | | | | | | | | | | | Usage: samba-tool computer <subcommand> Computer management. Available subcommands: create - Create a new computer. delete - Delete a computer. list - List all computers. move - Move a computer to an organizational unit/container. show - Display a computer AD object Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* provision: allow provisioning of a different database backendGary Lockyer2018-04-061-0/+3
| | | | | | | | This sets the backendStore field in @PARTITION, depending on which argument you set in the provision. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba-tool: allow sid strings for 'group {add,remove}members'Stefan Metzmacher2018-03-191-4/+20
| | | | | | | | | This makes it possible to add foreign SIDS as group members. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* python: Port samdb module to Python 3 compatible formLumir Balhar2018-02-151-6/+7
| | | | | | Signed-off-by: Lumir Balhar <lbalhar@redhat.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* python: Convert base64 encoded password to utf-8Andreas Schneider2018-02-151-1/+1
| | | | | | | | | Pair-Programmed-With: Alexander Bokovoy <ab@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* python samdb.newuser(): use user DN not samaccountname to set passwordDouglas Bagnall2018-02-091-1/+3
| | | | | | | | | | | This is noticably faster in cases (e.g. tests) where the same user is added and deleted many times. The rreason is samaccountname is retained for deleted objects, so the search finds multiple objects that need to be filtered out internally. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* python/samdb: Improve function comment on normalize_dn_in_domain()Andrew Bartlett2018-02-081-2/+5
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* python/samdb: Allow samdb.normalize_dn_in_domain() to take an ldb.Dn()Andrew Bartlett2018-02-081-0/+4
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* python/samdb: add method normalize_dn_in_domain(): get full dn of an relative dnBjörn Baumbach2018-02-081-0/+11
| | | | | Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* python SamDB: init default flags to FLG_DONT_CREATE_DBGary Lockyer2018-02-071-1/+2
| | | | | | | | | | | | The current defaults for SamDB are to create the database file if it does not exist. Most of the uses of SamDB assume the database already exists, and so auto-creation is not the desired behaviour. TDB will overwrite an existing non TDB file with a newly created TDB file. This becomes an issue when using alternate database file formats i.e. lmdb. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* gpo: Initial commit for GPO workLuke Morrison2017-11-201-0/+18
| | | | | | | | | | | | Enclosed is my Summer of Code 2013 patch to have vital password GPO always applied to the Samba4 Domain Controller using a GPO update service. To try it out "make -j" your samba with the patch, apply a security password GPO and see the difference in ~20 seconds. It also takes GPO hierarchy into account. Split from "Initial commit for GPO work done by Luke Morrison" by David Mulder Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Luke Morrison <luke@hubtrek.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dns_server: clobber MNAME in the SOAAndrew Bartlett2017-06-101-1/+1
| | | | | | | | Otherwise, we always report the first server we created/provisioned the AD domain on which does not match AD behaviour. AD is multi-master so all RW servers are a master. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* pydsdb_dns: Allow the partition DN to be specified into py_dsdb_dns_lookupAndrew Bartlett2017-06-101-2/+6
| | | | | | | | | This allows lookups to be confined to one partition, which in turn avoids issues when running this against MS Windows, which does not match Samba behaviour for dns_common_zones() Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* samba-tool: You cannot add members to a group if the member exists as a ↵Rowland Penny2017-06-091-3/+6
| | | | | | | | | | sAMAccountName and a CN. Signed-off-by: Rowland Penny <rpenny@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Alexander Bokovoy <ab@samba.org> Autobuild-Date(master): Fri Jun 9 23:24:47 CEST 2017 on sn-devel-144
* python/samba: use an explicit .encode('utf-8') where we expect utf8 passwordsStefan Metzmacher2017-02-211-1/+1
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* dsdb: Add python hooks to allocate a RID set and allocate a RID poolAndrew Bartlett2016-11-041-0/+8
| | | | | | | | | This will help us to correct errors during dbcheck Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> BUG: https://bugzilla.samba.org/show_bug.cgi?id=9954
View Lorry Controller Status