From 62a8eecfbbb4b5fb9f37e454e444751ccf16f82f Mon Sep 17 00:00:00 2001 From: =?utf8?q?Bj=C3=B6rn=20Baumbach?= Date: Mon, 27 Nov 2017 20:40:49 +0100 Subject: [PATCH] samba-tool user: implement the user move command MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit This new command allows to move an user into an ou or container. Signed-off-by: Björn Baumbach Reviewed-by: Douglas Bagnall --- python/samba/netcmd/user.py | 80 +++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) diff --git a/python/samba/netcmd/user.py b/python/samba/netcmd/user.py index 7c30c6ed038..478e263a9bd 100644 --- a/python/samba/netcmd/user.py +++ b/python/samba/netcmd/user.py @@ -2497,6 +2497,85 @@ Example3 shows how to display a users objectSid and memberOf attributes. user_ldif = samdb.write_ldif(msg, ldb.CHANGETYPE_NONE) self.outf.write(user_ldif) +class cmd_user_move(Command): + """Move a user to an organizational unit/container. + + This command moves a user account into the specified organizational unit + or container. + The username specified on the command is the sAMAccountName. + The name of the organizational unit or container can be specified as a + full DN or without the domainDN component. + + The command may be run from the root userid or another authorized userid. + + The -H or --URL= option can be used to execute the command against a remote + server. + + Example1: + samba-tool user move User1 'OU=OrgUnit,DC=samdom.DC=example,DC=com' \ + -H ldap://samba.samdom.example.com -U administrator + + Example1 shows how to move a user User1 into the 'OrgUnit' organizational + unit on a remote LDAP server. + + The -H parameter is used to specify the remote target server. + + Example2: + samba-tool user move User1 CN=Users + + Example2 shows how to move a user User1 back into the CN=Users container + on the local server. + """ + + synopsis = "%prog [options]" + + takes_options = [ + Option("-H", "--URL", help="LDB URL for database or target server", + type=str, metavar="URL", dest="H"), + ] + + takes_args = [ "username", "new_parent_dn" ] + takes_optiongroups = { + "sambaopts": options.SambaOptions, + "credopts": options.CredentialsOptions, + "versionopts": options.VersionOptions, + } + + def run(self, username, new_parent_dn, credopts=None, sambaopts=None, + versionopts=None, H=None): + lp = sambaopts.get_loadparm() + creds = credopts.get_credentials(lp, fallback_machine=True) + samdb = SamDB(url=H, session_info=system_session(), + credentials=creds, lp=lp) + domain_dn = ldb.Dn(samdb, samdb.domain_dn()) + + filter = ("(&(sAMAccountType=%d)(sAMAccountName=%s))" % + (dsdb.ATYPE_NORMAL_ACCOUNT, ldb.binary_encode(username))) + try: + res = samdb.search(base=domain_dn, + expression=filter, + scope=ldb.SCOPE_SUBTREE) + user_dn = res[0].dn + except IndexError: + raise CommandError('Unable to find user "%s"' % (username)) + + try: + full_new_parent_dn = samdb.normalize_dn_in_domain(new_parent_dn) + except Exception, e: + raise CommandError('Invalid new_parent_dn "%s": %s' % + (new_parent_dn, e.message)) + + full_new_user_dn = ldb.Dn(samdb, str(user_dn)) + full_new_user_dn.remove_base_components(len(user_dn)-1) + full_new_user_dn.add_base(full_new_parent_dn) + + try: + samdb.rename(user_dn, full_new_user_dn) + except Exception, e: + raise CommandError('Failed to move user "%s"' % username, e) + self.outf.write('Moved user "%s" into "%s"\n' % + (username, full_new_parent_dn)) + class cmd_user(SuperCommand): """User management.""" @@ -2514,3 +2593,4 @@ class cmd_user(SuperCommand): subcommands["syncpasswords"] = cmd_user_syncpasswords() subcommands["edit"] = cmd_user_edit() subcommands["show"] = cmd_user_show() + subcommands["move"] = cmd_user_move() -- 2.47.3