From: Frank Brehm Date: Mon, 5 Sep 2022 16:24:37 +0000 (+0200) Subject: Defining commandline parameters for lib/pp_admintools/app/remove_ldap_user.py X-Git-Tag: 0.5.0^2~2^2~21 X-Git-Url: https://git.uhu-banane.org/?a=commitdiff_plain;h=a2e8a5a65409919f1488e78cf450054547ede787;p=pixelpark%2Fpp-admin-tools.git Defining commandline parameters for lib/pp_admintools/app/remove_ldap_user.py --- diff --git a/lib/pp_admintools/app/remove_ldap_user.py b/lib/pp_admintools/app/remove_ldap_user.py index 29670cc..7ea731d 100644 --- a/lib/pp_admintools/app/remove_ldap_user.py +++ b/lib/pp_admintools/app/remove_ldap_user.py @@ -13,12 +13,14 @@ import logging # Third party modules # Own modules +from fb_tools.common import to_bool + from ..xlate import XLATOR from ..app.ldap import LdapAppError from ..app.ldap import BaseLdapApplication -__version__ = '0.1.1' +__version__ = '0.2.0' LOG = logging.getLogger(__name__) _ = XLATOR.gettext @@ -36,7 +38,101 @@ class RemoveLdapUserError(LdapAppError): class RemoveLdapUserApplication(BaseLdapApplication): """Application class for disabling or removing a user from LDAP.""" - pass + default_nologin_shell = "/usr/sbin/nologin" + value_inactive = 'inactive' + + # ------------------------------------------------------------------------- + def __init__(self, appname=None, base_dir=None): + + self.ldap_instances = [] + self.given_users = [] + self.nologin_shell = self.default_nologin_shell + self._deactivate = False + + desc = _( + "Disables or removes the given users from LDAP. " + "If disabling, then the user will not be really removed, but disabled " + "by locking the password, setting all status flags to {inact!r}, " + "assigning {shell!r} as login shell und removing the user from all groups. " + "When removing (or purging) the user will be really removed from LDAP.") + desc = desc.format(inact=self.value_inactive, shell=self.nologin_shell) + + super(RemoveLdapUserApplication, self).__init__( + appname=appname, description=desc, base_dir=base_dir, initialized=False) + + self.initialized = True + + # ------------------------------------------- + @property + def deactivate(self): + """Defines, that the given users will not be removed, bur deactivated instaed.""" + + return self._deactivate + + @deactivate.setter + def deactivate(self, value): + self._deactivate = to_bool(value) + + # ------------------------------------------------------------------------- + def as_dict(self, short=True): + """ + Transforms the elements of the object into a dict + + @param short: don't include local properties in resulting dict. + @type short: bool + + @return: structure as dict + @rtype: dict + """ + + res = super(RemoveLdapUserApplication, self).as_dict(short=short) + + res['deactivate'] = self.deactivate + + return res + + # ------------------------------------------------------------------------- + def init_arg_parser(self): + + super(RemoveLdapUserApplication, self).init_arg_parser() + + remove_group = self.arg_parser.add_argument_group(_('Removing options')) + + remove_mode_group = remove_group.add_mutually_exclusive_group() + + remove_mode_group.add_argument( + '-d', '--deactivate', dest="deactivate", action='store_true', + help=_( + "Deactivating the user instead of removing it. " + "This is mutually exclusive to {!r}.").format('--remove'), + ) + + remove_mode_group.add_argument( + '-R', '--remove', dest="deactivate", action='store_false', + help=_( + "Removing the user from LDAP. This is the default and is " + "mutually exclusive to {!r}.").format('--deactivate'), + ) + + remove_group.add_argument( + '-I', '--instance', dest="instance", nargs='*', type=str, + metavar=_('INSTANCE'), + help=_( + "The LDAP instance (LDAP cluster) from configuration, where to remove the user. " + "Multiple instances may be given. It is possible to give here the value " + "{val_all!r}, the then all found LDAP instances except {default!r} are used. " + "If not given, the the instance {default!r} will be used.").format( + val_all='all', default='default'), + ) + + remove_group.add_argument( + 'users', nargs='+', metavar=_('USER'), + help=_( + "The user, which should be deactivated or removed. " + "They may be given by their Uid (the alphanumeric POSIX name), " + "their mail address or their LDAP DN (be aware, that this may be " + "different in the particular LDAP instances).") + ) # =============================================================================