samba-tool: add "samba-tool user list --locked-only"

Signed-off-by: Jule Anger <janger@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/docs-xml/manpages/samba-tool.8.xml b/docs-xml/manpages/samba-tool.8.xml
index 3471b0e199186351d5a026c70eee3e76b0cde685..e6c0c08c240aa036ef3092c6ffe926c7a0a48cd5 100644 (file)
--- a/docs-xml/manpages/samba-tool.8.xml
+++ b/docs-xml/manpages/samba-tool.8.xml
@@ -2598,6 +2598,12 @@
        Do not list disabled user accounts.
        </para></listitem>
        </varlistentry>
+       <varlistentry>
+       <term>--locked-only</term>
+       <listitem><para>
+       Only list locked user accounts.
+       </para></listitem>
+       </varlistentry>
        </variablelist>
 </refsect3>
 

diff --git a/python/samba/netcmd/user/list.py b/python/samba/netcmd/user/list.py
index 10605ca68f473ccc3194c3de72f1d4076f31f19e..3d16f0ef9d7a89ea737dc25b5564f4a366e9b4dd 100644 (file)
--- a/python/samba/netcmd/user/list.py
+++ b/python/samba/netcmd/user/list.py
@@ -42,6 +42,10 @@ class cmd_user_list(Command):
                default=False,
                action='store_true',
                help="Do not list disabled user accounts"),
+        Option("--locked-only",
+               help="Only list locked user accounts",
+               default=False,
+               action='store_true'),
         Option("-b", "--base-dn",
                help="Specify base DN to use",
                type=str),
@@ -64,6 +68,7 @@ class cmd_user_list(Command):
             H=None,
             hide_expired=False,
             hide_disabled=False,
+            locked_only=False,
             base_dn=None,
             full_dn=False):
         lp = sambaopts.get_loadparm()
@@ -87,10 +92,16 @@ class cmd_user_list(Command):
             filter_disabled = "(!(userAccountControl:%s:=%u))" % (
                 ldb.OID_COMPARATOR_AND, dsdb.UF_ACCOUNTDISABLE)
 
-        filter = "(&(objectClass=user)(userAccountControl:%s:=%u)%s%s)" % (
+        filter_locked = ""
+        if locked_only is True:
+            # use lockoutTime=* to filter out accounts without a set lockoutTime
+            filter_locked = "(&(lockoutTime=*)(!(lockoutTime=0)))"
+
+        filter = "(&(objectClass=user)(userAccountControl:%s:=%u)%s%s%s)" % (
             ldb.OID_COMPARATOR_AND,
             dsdb.UF_NORMAL_ACCOUNT,
             filter_disabled,
+            filter_locked,
             filter_expires)
 
         res = samdb.search(search_dn,