# find the krbtgt link
print("checking samaccountname")
res = ctx.samdb.search(base=ctx.samdb.get_default_basedn(),
- expression='samAccountName=%s' % ctx.samname,
+ expression='samAccountName=%s' % ldb.binary_encode(ctx.samname),
attrs=["msDS-krbTgtLink"])
if res:
ctx.del_noerror(res[0].dn, recursive=True)
ctx.samdb.modify(m)
print "Setting account password for %s" % ctx.samname
- ctx.samdb.setpassword("(&(objectClass=user)(sAMAccountName=%s))" % ctx.samname,
+ ctx.samdb.setpassword("(&(objectClass=user)(sAMAccountName=%s))" % ldb.binary_encode(ctx.samname),
ctx.acct_pass,
force_change_at_next_login=False,
username=ctx.samname)
# to the correct domain
(cleanedaccount, realm, domain) = _get_user_realm_domain(accountname)
print "Searching for: %s" % (cleanedaccount)
- res = sam.search(expression="sAMAccountName=%s" % cleanedaccount,
+ res = sam.search(expression="sAMAccountName=%s" % ldb.binary_encode(cleanedaccount),
scope=ldb.SCOPE_SUBTREE,
attrs=["userAccountControl", "msDS-AllowedToDelegateTo"])
if len(res) != 1:
# to the correct domain
(cleanedaccount, realm, domain) = _get_user_realm_domain(accountname)
- search_filter = "sAMAccountName=%s" % cleanedaccount
+ search_filter = "sAMAccountName=%s" % ldb.binary_encode(cleanedaccount)
flag = dsdb.UF_TRUSTED_FOR_DELEGATION
try:
sam.toggle_userAccountFlags(search_filter, flag, on=on, strict=True)
# to the correct domain
(cleanedaccount, realm, domain) = _get_user_realm_domain(accountname)
- search_filter = "sAMAccountName=%s" % cleanedaccount
+ search_filter = "sAMAccountName=%s" % ldb.binary_encode(cleanedaccount)
flag = dsdb.UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
try:
sam.toggle_userAccountFlags(search_filter, flag, on=on, strict=True)
# to the correct domain
(cleanedaccount, realm, domain) = _get_user_realm_domain(accountname)
- res = sam.search(expression="sAMAccountName=%s" % cleanedaccount,
+ res = sam.search(expression="sAMAccountName=%s" % ldb.binary_encode(cleanedaccount),
scope=ldb.SCOPE_SUBTREE,
attrs=["msDS-AllowedToDelegateTo"])
if len(res) != 1:
# to the correct domain
(cleanedaccount, realm, domain) = _get_user_realm_domain(accountname)
- res = sam.search(expression="sAMAccountName=%s" % cleanedaccount,
+ res = sam.search(expression="sAMAccountName=%s" % ldb.binary_encode(cleanedaccount),
scope=ldb.SCOPE_SUBTREE,
attrs=["msDS-AllowedToDelegateTo"])
if len(res) != 1:
secretsdb = Ldb(url=url, session_info=system_session(),
credentials=creds, lp=lp)
result = secretsdb.search(attrs=["secret"],
- expression="(&(objectclass=primaryDomain)(samaccountname=%s))" % secret)
+ expression="(&(objectclass=primaryDomain)(samaccountname=%s))" % ldb.binary_encode(secret))
if len(result) != 1:
raise CommandError("search returned %d records, expected 1" % len(result))
# we need to find the NTDS GUID of the source DC
msg = self.samdb.search(base=self.samdb.get_config_basedn(),
- expression="(&(objectCategory=server)(|(name=%s)(dNSHostName=%s)))" % (SOURCE_DC,
- SOURCE_DC),
+ expression="(&(objectCategory=server)(|(name=%s)(dNSHostName=%s)))" % (
+ ldb.binary_encode(SOURCE_DC),
+ ldb.binary_encode(SOURCE_DC)),
attrs=[])
if len(msg) == 0:
raise CommandError("Failed to find source DC %s" % SOURCE_DC)
search_scope = ldb.SCOPE_ONELEVEL
if gpo is not None:
- search_expr = "(&(objectClass=groupPolicyContainer)(name=%s))" % gpo
+ search_expr = "(&(objectClass=groupPolicyContainer)(name=%s))" % ldb.binary_encode(gpo)
if displayname is not None:
- search_expr = "(&(objectClass=groupPolicyContainer)(displayname=%s))" % displayname
+ search_expr = "(&(objectClass=groupPolicyContainer)(displayname=%s))" % ldb.binary_encode(displayname)
if dn is not None:
base_dn = dn
try:
msg = self.samdb.search(expression='(&(|(samAccountName=%s)(samAccountName=%s$))(objectClass=User))' %
- (username,username))
+ (ldb.binary_encode(username),ldb.binary_encode(username)))
user_dn = msg[0].dn
except Exception, e:
raise CommandError("Failed to find account %s" % username, e)
expression="objectclass=user",
scope=ldb.SCOPE_BASE, attrs=[])
else:
- res = samdb.search(expression="(&(samAccountName=%s)(objectclass=user))" % account,
+ res = samdb.search(expression="(&(samAccountName=%s)(objectclass=user))" % ldb.binary_encode(account),
scope=ldb.SCOPE_SUBTREE, attrs=[])
if len(res) != 1:
raise Exception("Failed to find account '%s'" % account)
# to the correct domain
(cleaneduser, realm, domain) = _get_user_realm_domain(user)
print cleaneduser
- res = sam.search(expression="samaccountname=%s" % cleaneduser,
+ res = sam.search(expression="samaccountname=%s" % ldb.binary_encode(cleaneduser),
scope=ldb.SCOPE_SUBTREE,
attrs=["servicePrincipalName"])
if len(res) >0:
paths = provision.provision_paths_from_lp(lp, lp.get("realm"))
sam = SamDB(paths.samdb, session_info=system_session(),
credentials=creds, lp=lp)
- res = sam.search(expression="servicePrincipalName=%s" % name,
+ res = sam.search(expression="servicePrincipalName=%s" % ldb.binary_encode(name),
scope=ldb.SCOPE_SUBTREE,
)
if len(res) != 0 and not force:
" affected to another user" % name)
(cleaneduser, realm, domain) = _get_user_realm_domain(user)
- res = sam.search(expression="samaccountname=%s" % cleaneduser,
+ res = sam.search(expression="samaccountname=%s" % ldb.binary_encode(cleaneduser),
scope=ldb.SCOPE_SUBTREE,
attrs=["servicePrincipalName"])
if len(res) >0:
paths = provision.provision_paths_from_lp(lp, lp.get("realm"))
sam = SamDB(paths.samdb, session_info=system_session(),
credentials=creds, lp=lp)
- res = sam.search(expression="servicePrincipalName=%s" % name,
+ res = sam.search(expression="servicePrincipalName=%s" % ldb.binary_encode(name),
scope=ldb.SCOPE_SUBTREE,
attrs=["servicePrincipalName", "samAccountName"])
if len(res) >0:
raise CommandError("Either the username or '--filter' must be specified!")
if filter is None:
- filter = "(&(objectClass=user)(sAMAccountName=%s))" % (username)
+ filter = "(&(objectClass=user)(sAMAccountName=%s))" % (ldb.binary_encode(username))
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp, fallback_machine=True)
raise CommandError("Either the username or '--filter' must be specified!")
if filter is None:
- filter = "(&(objectClass=user)(sAMAccountName=%s))" % (username)
+ filter = "(&(objectClass=user)(sAMAccountName=%s))" % (ldb.binary_encode(username))
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
:param groupname: Name of the target group
"""
- groupfilter = "(&(sAMAccountName=%s)(objectCategory=%s,%s))" % (groupname, "CN=Group,CN=Schema,CN=Configuration", self.domain_dn())
+ groupfilter = "(&(sAMAccountName=%s)(objectCategory=%s,%s))" % (ldb.binary_encode(groupname), "CN=Group,CN=Schema,CN=Configuration", self.domain_dn())
self.transaction_start()
try:
targetgroup = self.search(base=self.domain_dn(), scope=ldb.SCOPE_SUBTREE,
operation
"""
- groupfilter = "(&(sAMAccountName=%s)(objectCategory=%s,%s))" % (groupname, "CN=Group,CN=Schema,CN=Configuration", self.domain_dn())
+ groupfilter = "(&(sAMAccountName=%s)(objectCategory=%s,%s))" % (
+ ldb.binary_encode(groupname), "CN=Group,CN=Schema,CN=Configuration", self.domain_dn())
groupmembers = listofmembers.split(',')
self.transaction_start()
for member in groupmembers:
targetmember = self.search(base=self.domain_dn(), scope=ldb.SCOPE_SUBTREE,
- expression="(|(sAMAccountName=%s)(CN=%s))" % (member, member), attrs=[])
+ expression="(|(sAMAccountName=%s)(CN=%s))" % (
+ ldb.binary_encode(member), ldb.binary_encode(member)), attrs=[])
if len(targetmember) != 1:
continue
# Sets the password for it
if setpassword:
- self.setpassword("(samAccountName=%s)" % username, password,
+ self.setpassword("(samAccountName=%s)" % ldb.binary_encode(username), password,
force_password_change_at_next_login_req)
except Exception:
self.transaction_cancel()