raise
self.transaction_commit()
- def setpassword(self, filter, password):
+ def setpassword(self, filter, password, must_change_at_next_login=False):
"""Set a password on a user record
:param filter: LDAP filter to find the user (eg samccountname=name)
self.modify_ldif(setpw)
+ if must_change_at_next_login:
+ mod = """
+dn: %s
+changetype: modify
+replace: pwdLastSet
+pwdLastSet: 0
+""" % (user_dn)
+ self.modify_ldif(mod)
+
# modify the userAccountControl to remove the disabled bit
self.enable_account(user_dn)
except:
glue.dsdb_set_ntds_invocation_id(self, invocation_id)
def setexpiry(self, user, expiry_seconds, noexpiry):
- """Set the password expiry for a user
+ """Set the account expiry for a user
:param expiry_seconds: expiry time from now in seconds
:param noexpiry: if set, then don't expire password
self.transaction_cancel()
raise
self.transaction_commit();
+
parser.add_option_group(credopts)
parser.add_option("--filter", help="LDAP Filter to set password on", type=str)
parser.add_option("--newpassword", help="Set password", type=str)
+parser.add_option("--must-change-at-next-login", help="Force password to be changed on next login", action="store_true")
opts, args = parser.parse_args()
samdb = SamDB(url=lp.get("sam database"), session_info=system_session(),
credentials=creds, lp=lp)
-samdb.setpassword(filter, password)
+samdb.setpassword(filter, password, must_change_at_next_login=opts.must_change_at_next_login)
+