netcmd: user: move user enable command

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
author: Rob van der Linde <rob@catalyst.net.nz> 2023-07-27 12:56:25 +1200
committer: Andrew Bartlett <abartlet@samba.org> 2023-08-04 04:31:37 +0000
commit: 970c2bcb8e768fafd7bb342171b7b778bcade89f (patch)
tree: 0646cccc43df7e45f7d5f0c49694dc0b42b29f44 /python/samba
parent: e85070b01d9301c072d4afd5fbea09be3a13645b (diff)
download: samba-970c2bcb8e768fafd7bb342171b7b778bcade89f.tar.gz
samba-970c2bcb8e768fafd7bb342171b7b778bcade89f.tar.bz2
samba-970c2bcb8e768fafd7bb342171b7b778bcade89f.zip
2 files changed, 95 insertions, 68 deletions
diff --git a/python/samba/netcmd/user/__init__.py b/python/samba/netcmd/user/__init__.py
index 7ff055cfec9..c525e8d3414 100644
--- a/python/samba/netcmd/user/__init__.py
+++ b/python/samba/netcmd/user/__init__.py
@@ -58,6 +58,7 @@ from samba.common import get_string
 
 from .add import cmd_user_add
 from .delete import cmd_user_delete
+from .enable import cmd_user_enable
 
 # python[3]-gpgme is abandoned since ubuntu 1804 and debian 9
 # have to use python[3]-gpg instead
@@ -279,74 +280,6 @@ class cmd_user_list(Command):
             self.outf.write("%s\n" % msg.get("samaccountname", idx=0))
 
 
-class cmd_user_enable(Command):
-    """Enable a user.
-
-This command enables a user account for logon to an Active Directory domain.  The username specified on the command is the sAMAccountName.  The username may also be specified using the --filter option.
-
-There are many reasons why an account may become disabled.  These include:
-- If a user exceeds the account policy for logon attempts
-- If an administrator disables the account
-- If the account expires
-
-The samba-tool user enable command allows an administrator to enable an account which has become disabled.
-
-Additionally, the enable function allows an administrator to have a set of created user accounts defined and setup with default permissions that can be easily enabled for use.
-
-The command may be run from the root userid or another authorized userid.  The -H or --URL= option can be used to execute the command against a remote server.
-
-Example1:
-samba-tool user enable Testuser1 --URL=ldap://samba.samdom.example.com --username=administrator --password=passw1rd
-
-Example1 shows how to enable a user in the domain against a remote LDAP server.  The --URL parameter is used to specify the remote target server.  The --username= and --password= options are used to pass the username and password of a user that exists on the remote server and is authorized to update that server.
-
-Example2:
-su samba-tool user enable Testuser2
-
-Example2 shows how to enable user Testuser2 for use in the domain on the local server. sudo is used so a user may run the command as root.
-
-Example3:
-samba-tool user enable --filter=samaccountname=Testuser3
-
-Example3 shows how to enable a user in the domain against a local LDAP server.  It uses the --filter=samaccountname to specify the username.
-
-"""
-    synopsis = "%prog (<username>|--filter <filter>) [options]"
-
-    takes_optiongroups = {
-        "sambaopts": options.SambaOptions,
-        "versionopts": options.VersionOptions,
-        "credopts": options.CredentialsOptions,
-    }
-
-    takes_options = [
-        Option("-H", "--URL", help="LDB URL for database or target server", type=str,
-               metavar="URL", dest="H"),
-        Option("--filter", help="LDAP Filter to set password on", type=str),
-    ]
-
-    takes_args = ["username?"]
-
-    def run(self, username=None, sambaopts=None, credopts=None,
-            versionopts=None, filter=None, H=None):
-        if username is None and filter is None:
-            raise CommandError("Either the username or '--filter' must be specified!")
-
-        if filter is None:
-            filter = "(&(objectClass=user)(sAMAccountName=%s))" % (ldb.binary_encode(username))
-
-        lp = sambaopts.get_loadparm()
-        creds = credopts.get_credentials(lp, fallback_machine=True)
-
-        samdb = SamDB(url=H, session_info=system_session(),
-                      credentials=creds, lp=lp)
-        try:
-            samdb.enable_account(filter)
-        except Exception as msg:
-            raise CommandError("Failed to enable user '%s': %s" % (username or filter, msg))
-        self.outf.write("Enabled user '%s'\n" % (username or filter))
-
-
 class cmd_user_disable(Command):
     """Disable a user."""
 
diff --git a/python/samba/netcmd/user/enable.py b/python/samba/netcmd/user/enable.py
new file mode 100644
index 00000000000..158ddbeabec
--- /dev/null
+++ b/python/samba/netcmd/user/enable.py
@@ -0,0 +1,94 @@
+# user management
+#
+# enable user
+#
+# Copyright Jelmer Vernooij 2010 <jelmer@samba.org>
+# Copyright Theresa Halloran 2011 <theresahalloran@gmail.com>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+import samba.getopt as options
+from samba import ldb
+from samba.auth import system_session
+from samba.netcmd import Command, CommandError, Option
+from samba.samdb import SamDB
+
+
+class cmd_user_enable(Command):
+    """Enable a user.
+
+This command enables a user account for logon to an Active Directory domain.  The username specified on the command is the sAMAccountName.  The username may also be specified using the --filter option.
+
+There are many reasons why an account may become disabled.  These include:
+- If a user exceeds the account policy for logon attempts
+- If an administrator disables the account
+- If the account expires
+
+The samba-tool user enable command allows an administrator to enable an account which has become disabled.
+
+Additionally, the enable function allows an administrator to have a set of created user accounts defined and setup with default permissions that can be easily enabled for use.
+
+The command may be run from the root userid or another authorized userid.  The -H or --URL= option can be used to execute the command against a remote server.
+
+Example1:
+samba-tool user enable Testuser1 --URL=ldap://samba.samdom.example.com --username=administrator --password=passw1rd
+
+Example1 shows how to enable a user in the domain against a remote LDAP server.  The --URL parameter is used to specify the remote target server.  The --username= and --password= options are used to pass the username and password of a user that exists on the remote server and is authorized to update that server.
+
+Example2:
+su samba-tool user enable Testuser2
+
+Example2 shows how to enable user Testuser2 for use in the domain on the local server. sudo is used so a user may run the command as root.
+
+Example3:
+samba-tool user enable --filter=samaccountname=Testuser3
+
+Example3 shows how to enable a user in the domain against a local LDAP server.  It uses the --filter=samaccountname to specify the username.
+
+"""
+    synopsis = "%prog (<username>|--filter <filter>) [options]"
+
+    takes_optiongroups = {
+        "sambaopts": options.SambaOptions,
+        "versionopts": options.VersionOptions,
+        "credopts": options.CredentialsOptions,
+    }
+
+    takes_options = [
+        Option("-H", "--URL", help="LDB URL for database or target server", type=str,
+               metavar="URL", dest="H"),
+        Option("--filter", help="LDAP Filter to set password on", type=str),
+    ]
+
+    takes_args = ["username?"]
+
+    def run(self, username=None, sambaopts=None, credopts=None,
+            versionopts=None, filter=None, H=None):
+        if username is None and filter is None:
+            raise CommandError("Either the username or '--filter' must be specified!")
+
+        if filter is None:
+            filter = "(&(objectClass=user)(sAMAccountName=%s))" % (ldb.binary_encode(username))
+
+        lp = sambaopts.get_loadparm()
+        creds = credopts.get_credentials(lp, fallback_machine=True)
+
+        samdb = SamDB(url=H, session_info=system_session(),
+                      credentials=creds, lp=lp)
+        try:
+            samdb.enable_account(filter)
+        except Exception as msg:
+            raise CommandError("Failed to enable user '%s': %s" % (username or filter, msg))
+        self.outf.write("Enabled user '%s'\n" % (username or filter))
author	Rob van der Linde <rob@catalyst.net.nz>	2023-07-27 12:56:25 +1200
committer	Andrew Bartlett <abartlet@samba.org>	2023-08-04 04:31:37 +0000
commit	970c2bcb8e768fafd7bb342171b7b778bcade89f (patch)
tree	0646cccc43df7e45f7d5f0c49694dc0b42b29f44 /python/samba
parent	e85070b01d9301c072d4afd5fbea09be3a13645b (diff)
download	samba-970c2bcb8e768fafd7bb342171b7b778bcade89f.tar.gz samba-970c2bcb8e768fafd7bb342171b7b778bcade89f.tar.bz2 samba-970c2bcb8e768fafd7bb342171b7b778bcade89f.zip