[Freeipa-users] How can I change my password from a python script?

Joe Linoff jlinoff at tabula.com
Thu Jun 28 15:10:47 UTC 2012 

Hi Martin:

Thank you once again for your excellent insights. I really appreciate
your help. FreeIPA is really impressive.

Regards,

Joe

-----Original Message-----
From: Martin Kosek [mailto:mkosek at redhat.com] 
Sent: Thursday, June 28, 2012 1:46 AM
To: Joe Linoff
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] How can I change my password from a python
script?

On 06/28/2012 03:34 AM, Joe Linoff wrote:
> Hi Everybody:
> 
>  
> 
> I need to add a lot of users to an LDAP system for testing and I would

> like to do it in batch mode. For my small tests have been doing
something like this:
> 
>  
> 
> #!/bin/bash
> 
> # Script to create a new user.
> 
> ipa user-add bigbob  \
> 
>     --email=bbob at BigBobsEmporium.com <mailto:bbob at BigBobsEmporium.com>

> \
> 
>     --first=Bob \
> 
>     --last=Bigg \
> 
>     --password  \
> 
>     --setattr=description='The sales guy.' <<-EOF
> 
> b1gB0bsTmpPwd
> 
> b1gB0bsTmpPwd
> 
> EOF
> 
>  
> 
> However, I am python guy and would like to use it instead. I am sure 
> that I can do a similar thing using pexpect in python. Probably
something like this:
> 
>  
> 
> # This code has not been tested. It is only for a thought experiment.
> 
> # Add a user and enter the password using pexpect.
> 
> cmd = "ipa user-add bigbob --email='bbob at BigBobsEmporium."
> 
> cmd += " --first=Bob --last=Bigg --password "
> 
> cmd += "--setattr=description='The sales guy.'"
> 
> rets = ['Password', 'Enter Password again to verify', pexpect.EOF, 
> pexpect.TIMEOUT]
> 
> c = pexpect.spawn(cmd,timeout=None)
> 
> i = c.expect(rets)
> 
> if i == 0: # Password
> 
>     child.sendline('b1gB0bsTmpPwd')
> 
>     i = c.expect(rets)
> 
>    if i  == 1: # Enter Password again to verify
> 
>         child.sendline('b1gB0bsTmpPwd')
> 
>         i = c.expect(rets)
> 
>         if  i  == 2:
> 
>            print 'SUCCESS'
> 
>         else:
> 
>             sys.exit('ERROR: something bad happened #1')
> 
>     else:
> 
>         sys.exit('ERROR: something bad happened #2')
> 
> else:
> 
>     sys.exit('ERROR: something bad happened #3')
> 
>  
> 
> But I was wondering whether there was a better using the IPA API. Is 
> there a way for me to do that?
> 
>  
> 
> Any help or insights would be greatly appreciated.
> 
> 
> Thanks,
> 
>  
> 
> Joe
> 

Hello Joe,

if you don't want to use batch command as Petr suggested you can try the
following example. It also uses --random option available in recent
FreeIPA version to let FreeIPA handle the password generation:

# cat add-users.py
#!/usr/bin/env python

from ipalib import api

api.bootstrap_with_global_options(context='cli')
api.finalize()
api.Backend.xmlclient.connect()

for i in xrange(5):
    login = u'user%d' % i
    result = api.Command['user_add'](login, givenname=u'Test', \
        sn=u'User #%d' % i, random=True)
    password = result['result']['randompassword']
    print "Created user '%s' with password '%s'" % (login, password)


When I execute it:
# ./add-users.py
Created user 'user0' with password 'EvzY+Of5pk at +'
Created user 'user1' with password 'kyRHb9RMFzBO'
Created user 'user2' with password 'u2mt_oGU_UIX'
Created user 'user3' with password 'Lm6ONeErNFgz'
Created user 'user4' with password 'AS=EeFozvbE-'

HTH,
Martin

More information about the Freeipa-users mailing list