[Freeipa-users] How can I change my password from a python script?

Martin Kosek mkosek at redhat.com
Thu Jun 28 08:45:51 UTC 2012 

On 06/28/2012 03:34 AM, Joe Linoff wrote:
> Hi Everybody:
> 
>  
> 
> I need to add a lot of users to an LDAP system for testing and I would like to
> do it in batch mode. For my small tests have been doing something like this:
> 
>  
> 
> #!/bin/bash
> 
> # Script to create a new user.
> 
> ipa user-add bigbob  \
> 
>     --email=bbob at BigBobsEmporium.com <mailto:bbob at BigBobsEmporium.com> \
> 
>     --first=Bob \
> 
>     --last=Bigg \
> 
>     --password  \
> 
>     --setattr=description='The sales guy.' <<-EOF
> 
> b1gB0bsTmpPwd
> 
> b1gB0bsTmpPwd
> 
> EOF
> 
>  
> 
> However, I am python guy and would like to use it instead. I am sure that I can
> do a similar thing using pexpect in python. Probably something like this:
> 
>  
> 
> # This code has not been tested. It is only for a thought experiment.
> 
> # Add a user and enter the password using pexpect.
> 
> cmd = "ipa user-add bigbob --email='bbob at BigBobsEmporium."
> 
> cmd += " --first=Bob --last=Bigg --password "
> 
> cmd += "--setattr=description='The sales guy.'"
> 
> rets = ['Password', 'Enter Password again to verify', pexpect.EOF, pexpect.TIMEOUT]
> 
> c = pexpect.spawn(cmd,timeout=None)
> 
> i = c.expect(rets)
> 
> if i == 0: # Password
> 
>     child.sendline('b1gB0bsTmpPwd')
> 
>     i = c.expect(rets)
> 
>    if i  == 1: # Enter Password again to verify
> 
>         child.sendline('b1gB0bsTmpPwd')
> 
>         i = c.expect(rets)
> 
>         if  i  == 2:
> 
>            print 'SUCCESS'
> 
>         else:
> 
>             sys.exit('ERROR: something bad happened #1')
> 
>     else:
> 
>         sys.exit('ERROR: something bad happened #2')
> 
> else:
> 
>     sys.exit('ERROR: something bad happened #3')
> 
>  
> 
> But I was wondering whether there was a better using the IPA API. Is there a
> way for me to do that?
> 
>  
> 
> Any help or insights would be greatly appreciated.
> 
> 
> Thanks,
> 
>  
> 
> Joe
> 

Hello Joe,

if you don't want to use batch command as Petr suggested you can try the
following example. It also uses --random option available in recent FreeIPA
version to let FreeIPA handle the password generation:

# cat add-users.py
#!/usr/bin/env python

from ipalib import api

api.bootstrap_with_global_options(context='cli')
api.finalize()
api.Backend.xmlclient.connect()

for i in xrange(5):
    login = u'user%d' % i
    result = api.Command['user_add'](login, givenname=u'Test', \
        sn=u'User #%d' % i, random=True)
    password = result['result']['randompassword']
    print "Created user '%s' with password '%s'" % (login, password)


When I execute it:
# ./add-users.py
Created user 'user0' with password 'EvzY+Of5pk at +'
Created user 'user1' with password 'kyRHb9RMFzBO'
Created user 'user2' with password 'u2mt_oGU_UIX'
Created user 'user3' with password 'Lm6ONeErNFgz'
Created user 'user4' with password 'AS=EeFozvbE-'

HTH,
Martin

More information about the Freeipa-users mailing list