refactor
parent
1e666c572a
commit
bbc315af1d
|
@ -16,12 +16,13 @@ import string
|
|||
import shutil
|
||||
import logging
|
||||
|
||||
from ldap3 import Server, Connection, LEVEL
|
||||
from ldap3 import Server, Connection, LEVEL, MODIFY_REPLACE
|
||||
from ldap3.utils.conv import escape_filter_chars
|
||||
from ldap3.utils.dn import escape_rdn
|
||||
|
||||
import subprocess
|
||||
|
||||
from contextlib import contextmanager
|
||||
import smtplib
|
||||
from jinja2 import Template
|
||||
from email.message import EmailMessage
|
||||
|
@ -79,47 +80,68 @@ def main():
|
|||
user = input("User: ")
|
||||
p = k.get_principal(user)
|
||||
|
||||
with HsLdap.connect(args.admin, admin_pass) as ldap:
|
||||
|
||||
password = generage_password()
|
||||
if args.email_address is not FROM_LDAP:
|
||||
address = args.email_address
|
||||
else:
|
||||
address = get_email_address(args.admin, admin_pass, user)
|
||||
password = generage_password()
|
||||
if args.email_address is not FROM_LDAP:
|
||||
address = args.email_address
|
||||
else:
|
||||
address = ldap.get_email_address(user)
|
||||
|
||||
if args.show_password:
|
||||
print(f'password: "{password}"')
|
||||
if args.show_password:
|
||||
print(f'password: "{password}"')
|
||||
|
||||
action = 'reset' if p is not None else 'create'
|
||||
i = input(
|
||||
f"Type yes to {action} {user}'s password and send email to {address!r}\n"
|
||||
).strip()
|
||||
if i != "yes":
|
||||
print("Aborted")
|
||||
return
|
||||
action = 'reset' if p is not None else 'create'
|
||||
i = input(
|
||||
f"Type yes to {action} {user}'s password and send email to {address!r}\n"
|
||||
).strip()
|
||||
if i != "yes":
|
||||
print("Aborted")
|
||||
return
|
||||
|
||||
if p is None:
|
||||
k.add_principal(user, password)
|
||||
print("password created")
|
||||
else:
|
||||
p.change_password(password)
|
||||
print("password changed")
|
||||
if p is None:
|
||||
k.add_principal(user, password)
|
||||
print("password created")
|
||||
else:
|
||||
p.change_password(password)
|
||||
print("password changed")
|
||||
|
||||
send_mail(args.admin, admin_pass, password, user, address)
|
||||
print("email sent")
|
||||
send_mail(args.admin, admin_pass, password, user, address)
|
||||
print("email sent")
|
||||
|
||||
ldap.force_sasl(user)
|
||||
print('LDAP password scheme set to SASL')
|
||||
else:
|
||||
parser.print_help()
|
||||
|
||||
class HsLdap:
|
||||
def __init__(self, connection):
|
||||
self._c = connection
|
||||
|
||||
def get_email_address(admin, admin_pass, uid):
|
||||
logging.debug("fetching email address from LDAP")
|
||||
s = Server("ldap.hackerspace.pl", use_ssl=True)
|
||||
with Connection(
|
||||
s,
|
||||
user=f"uid={escape_rdn(admin)},ou=People,dc=hackerspace,dc=pl",
|
||||
password=admin_pass,
|
||||
raise_exceptions=True,
|
||||
) as c:
|
||||
logging.debug("connected to LDAP server")
|
||||
@classmethod
|
||||
@contextmanager
|
||||
def connect(cls, admin, admin_pass):
|
||||
s = Server("ldap.hackerspace.pl", use_ssl=True)
|
||||
with Connection(
|
||||
s,
|
||||
user=f"uid={escape_rdn(admin)},ou=People,dc=hackerspace,dc=pl",
|
||||
password=admin_pass,
|
||||
raise_exceptions=True,
|
||||
) as c:
|
||||
logging.debug("connected to LDAP server")
|
||||
yield cls(c)
|
||||
|
||||
def force_sasl(self, uid: str):
|
||||
logging.debug("setting LDAP password scheme to SASL")
|
||||
c = self._c
|
||||
c.modify(
|
||||
f'cn={escape_rdn(uid)},ou=People,dc=hackerspace,dc=pl',
|
||||
{'userPassword': [(MODIFY_REPLACE, ['{crypt}x', f'{uid}@HACKERSPACE.PL'])]}
|
||||
)
|
||||
|
||||
def get_email_address(self, uid):
|
||||
logging.debug("fetching email address from LDAP")
|
||||
c = self._c
|
||||
c.search(
|
||||
search_base="ou=People,dc=hackerspace,dc=pl",
|
||||
search_filter=f"(uid={escape_filter_chars(uid)})",
|
||||
|
|
Loading…
Reference in New Issue