[Freeipa-users] How can I change my password from a python script?
Joe Linoff
jlinoff at tabula.com
Thu Jun 28 23:42:07 UTC 2012
Hi Petr:
I implemented what you suggested and everything worked pretty well but I
ran into three issues that you might be able to help me with.
ISSUE #1
The first issue (and the most important) is that the password is only
temporary. I am prompted to reset it the first time that I login. My
goal is to setup a working system quickly to test different
configurations in a batch fashion but having to reset the password for
each user makes that challenging. How can I disable the reset
requirement for my test environment?
ssh user5 at cuthbert
user5 at cuthbert's password:
Password expired. Change your password now.
Last login: Thu Jun 28 16:29:32 2012 from cuthbert.example.com
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user user5.
Current Password:
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
Connection to cuthbert closed.
ISSUE #2
The second issue is really more of a question. I need to add these users
to groups. My guess is that I need to setup a similar call using the
'group_add' command. Is that right? If so, do you have an example that I
could follow?
ISSUE #3
The third and final issue is that the I get traceback from what appears
to be the validation in the batch command. How can I correct that?
Traceback (most recent call last):
File "./u1.py", line 35, in <module>
result = api.Command['batch'](*add_cmds)
File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line
443, in __call__
self.validate_output(ret)
File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line
903, in validate_output
nice, o.name, o.type, type(value), value)
TypeError: batch.validate_output():
output['results']: need <type 'list'>; got <type 'tuple'>:
({'summary': u'Added user "user5"', 'result': {'dn':
u'uid=user5,cn=users,cn=accounts,dc=example,dc=com', 'has_keytab': True,
'displayname': (u'first last',), 'uid': (u'user5',), 'objectclass':
(u'top', u'person', u'organizationalperson', u'inetorgperson',
u'inetuser', u'posixaccount', u'krbprincipalaux', u'krbticketpolicyaux',
u'ipaobject'), 'loginshell': (u'/bin/bash',), 'uidnumber':
(u'785400029',), 'initials': (u'fl',), 'gidnumber': (u'785400029',),
'has_password': True, 'sn': (u'last',), 'homedirectory':
(u'/home/user5',), 'mail': (u'user5 at example.com',), 'krbprincipalname':
(u'user5 at EXAMPLE.COM',), 'givenname': (u'first',), 'cn': (u'first
last',), 'gecos': (u'first last',), 'ipauniqueid':
(u'dcc8845e-c178-11e1-b46e-5254006a7e38',)}, 'value': u'user5', 'error':
None},)
Regards,
Joe
-----Original Message-----
From: Petr Vobornik [mailto:pvoborni at redhat.com]
Sent: Thursday, June 28, 2012 1:32 AM
To: Joe Linoff
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] How can I change my password from a python
script?
On 06/28/2012 03:34 AM, Joe Linoff wrote:
> Hi Everybody:
>
>
>
> I need to add a lot of users to an LDAP system for testing and I would
> like to do it in batch mode. For my small tests have been doing
> something like this:
A batch command might be useful for this case.
Example (note that I'm not a python guy):
#!/usr/bin/env python
import pprint
from ipalib import api
# Bootstrap
api.bootstrap_with_global_options(context='cli')
api.finalize()
api.Backend.xmlclient.connect()
# Prepare request
users = [
(u'Foo', u'Bar', u'fbar at foo.baz', u'psw1', u'Sales guy'),
(u'John', u'Doe', u'jdoe at foo.baz', u'psw2', u'Tech guy'), ]
add_commands = []
for user in users:
(firstname, surname, email, psw, desc) = user
add_commands.append({
"method": 'user_add',
"params": [
[],
{
"givenname": firstname,
"sn": surname,
"mail": email,
"userpassword": psw,
"setattr": "description='"+desc+"'"
},
],
})
# Execute as batch
result = api.Command['batch'](*add_commands)
# Print
pp = pprint.PrettyPrinter()
pp.pprint(result)
>
>
>
> #!/bin/bash
>
> # Script to create a new user.
>
> ipa user-add bigbob \
>
> --email=bbob at BigBobsEmporium.com \
>
> --first=Bob \
>
> --last=Bigg \
>
> --password \
>
> --setattr=description='The sales guy.'<<-EOF
>
> b1gB0bsTmpPwd
>
> b1gB0bsTmpPwd
>
> EOF
>
>
>
> However, I am python guy and would like to use it instead. I am sure
> that I can do a similar thing using pexpect in python. Probably
> something like this:
>
>
>
> # This code has not been tested. It is only for a thought experiment.
>
> # Add a user and enter the password using pexpect.
>
> cmd = "ipa user-add bigbob --email='bbob at BigBobsEmporium."
>
> cmd += " --first=Bob --last=Bigg --password "
>
> cmd += "--setattr=description='The sales guy.'"
>
> rets = ['Password', 'Enter Password again to verify', pexpect.EOF,
> pexpect.TIMEOUT]
>
> c = pexpect.spawn(cmd,timeout=None)
>
> i = c.expect(rets)
>
> if i == 0: # Password
>
> child.sendline('b1gB0bsTmpPwd')
>
> i = c.expect(rets)
>
> if i == 1: # Enter Password again to verify
>
> child.sendline('b1gB0bsTmpPwd')
>
> i = c.expect(rets)
>
> if i == 2:
>
> print 'SUCCESS'
>
> else:
>
> sys.exit('ERROR: something bad happened #1')
>
> else:
>
> sys.exit('ERROR: something bad happened #2')
>
> else:
>
> sys.exit('ERROR: something bad happened #3')
>
>
>
> But I was wondering whether there was a better using the IPA API. Is
> there a way for me to do that?
>
>
>
> Any help or insights would be greatly appreciated.
>
>
> Thanks,
>
>
>
> Joe
>
--
Petr Vobornik
More information about the Freeipa-users
mailing list