git.samba.org / metze / samba / wip.git / blob
? search:


d2eb0e63ae57663fc470a743d763d2e6560785be
[metze/samba/wip.git] / python / samba / tests / samba_tool / user.py
1 # Unix SMB/CIFS implementation.
2 # Copyright (C) Sean Dague <sdague@linux.vnet.ibm.com> 2011
3 #
4 # This program is free software; you can redistribute it and/or modify
5 # it under the terms of the GNU General Public License as published by
6 # the Free Software Foundation; either version 3 of the License, or
7 # (at your option) any later version.
8 #
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12 # GNU General Public License for more details.
13 #
14 # You should have received a copy of the GNU General Public License
15 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
16 #
17
18 import os
19 import time
20 import base64
21 import ldb
22 from samba.tests.samba_tool.base import SambaToolCmdTest
23 from samba import (
24         credentials,
25         nttime2unix,
26         dsdb
27         )
28 from samba.ndr import ndr_unpack
29 from samba.dcerpc import drsblobs
30
31 class UserCmdTestCase(SambaToolCmdTest):
32     """Tests for samba-tool user subcommands"""
33     users = []
34     samdb = None
35
36     def setUp(self):
37         super(UserCmdTestCase, self).setUp()
38         self.samdb = self.getSamDB("-H", "ldap://%s" % os.environ["DC_SERVER"],
39             "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
40         self.users = []
41         self.users.append(self._randomUser({"name": "sambatool1", "company": "comp1"}))
42         self.users.append(self._randomUser({"name": "sambatool2", "company": "comp1"}))
43         self.users.append(self._randomUser({"name": "sambatool3", "company": "comp2"}))
44         self.users.append(self._randomUser({"name": "sambatool4", "company": "comp2"}))
45         self.users.append(self._randomPosixUser({"name": "posixuser1"}))
46         self.users.append(self._randomPosixUser({"name": "posixuser2"}))
47         self.users.append(self._randomPosixUser({"name": "posixuser3"}))
48         self.users.append(self._randomPosixUser({"name": "posixuser4"}))
49
50         # setup the 8 users and ensure they are correct
51         for user in self.users:
52             (result, out, err) = user["createUserFn"](user)
53
54             self.assertCmdSuccess(result, out, err)
55             self.assertEquals(err,"","Shouldn't be any error messages")
56             self.assertIn("User '%s' created successfully" % user["name"], out)
57
58             user["checkUserFn"](user)
59
60
61     def tearDown(self):
62         super(UserCmdTestCase, self).tearDown()
63         # clean up all the left over users, just in case
64         for user in self.users:
65             if self._find_user(user["name"]):
66                 self.runsubcmd("user", "delete", user["name"])
67
68
69     def test_newuser(self):
70         # try to add all the users again, this should fail
71         for user in self.users:
72             (result, out, err) = self._create_user(user)
73             self.assertCmdFail(result, "Ensure that create user fails")
74             self.assertIn("LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS", err)
75
76         # try to delete all the 4 users we just added
77         for user in self.users:
78             (result, out, err) = self.runsubcmd("user", "delete", user["name"])
79             self.assertCmdSuccess(result, out, err, "Can we delete users")
80             found = self._find_user(user["name"])
81             self.assertIsNone(found)
82
83         # test adding users with --use-username-as-cn
84         for user in self.users:
85             (result, out, err) =  self.runsubcmd("user", "add", user["name"], user["password"],
86                                                  "--use-username-as-cn",
87                                                  "--surname=%s" % user["surname"],
88                                                  "--given-name=%s" % user["given-name"],
89                                                  "--job-title=%s" % user["job-title"],
90                                                  "--department=%s" % user["department"],
91                                                  "--description=%s" % user["description"],
92                                                  "--company=%s" % user["company"],
93                                                  "-H", "ldap://%s" % os.environ["DC_SERVER"],
94                                                  "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
95
96             self.assertCmdSuccess(result, out, err)
97             self.assertEquals(err,"","Shouldn't be any error messages")
98             self.assertIn("User '%s' created successfully" % user["name"], out)
99
100             found = self._find_user(user["name"])
101
102             self.assertEquals("%s" % found.get("cn"), "%(name)s" % user)
103             self.assertEquals("%s" % found.get("name"), "%(name)s" % user)
104
105     def _verify_supplementalCredentials(self, ldif,
106                                         min_packages=3,
107                                         max_packages=6):
108         msgs = self.samdb.parse_ldif(ldif)
109         (changetype, obj) = next(msgs)
110
111         self.assertIn("supplementalCredentials", obj, "supplementalCredentials attribute required")
112         sc_blob = obj["supplementalCredentials"][0]
113         sc = ndr_unpack(drsblobs.supplementalCredentialsBlob, sc_blob)
114
115         self.assertGreaterEqual(sc.sub.num_packages,
116                                 min_packages, "min_packages check")
117         self.assertLessEqual(sc.sub.num_packages,
118                              max_packages, "max_packages check")
119
120         if max_packages == 0:
121             return
122
123         def find_package(packages, name, start_idx=0):
124             for i in xrange(start_idx, len(packages)):
125                 if packages[i].name == name:
126                     return (i, packages[i])
127             return (None, None)
128
129         # The ordering is this
130         #
131         # Primary:Kerberos-Newer-Keys (optional)
132         # Primary:Kerberos
133         # Primary:WDigest
134         # Primary:CLEARTEXT (optional)
135         # Primary:SambaGPG (optional)
136         #
137         # And the 'Packages' package is insert before the last
138         # other package.
139
140         nidx = 0
141         (pidx, pp) = find_package(sc.sub.packages, "Packages", start_idx=nidx)
142         self.assertIsNotNone(pp, "Packages required")
143         self.assertEqual(pidx + 1, sc.sub.num_packages - 1,
144                          "Packages needs to be at num_packages - 1")
145
146         (knidx, knp) = find_package(sc.sub.packages, "Primary:Kerberos-Newer-Keys",
147                                     start_idx=nidx)
148         if knidx is not None:
149             self.assertEqual(knidx, nidx, "Primary:Kerberos-Newer-Keys at wrong position")
150             nidx = nidx + 1
151             if nidx == pidx:
152                 nidx = nidx + 1
153
154         (kidx, kp) = find_package(sc.sub.packages, "Primary:Kerberos",
155                                     start_idx=nidx)
156         self.assertIsNotNone(pp, "Primary:Kerberos required")
157         self.assertEqual(kidx, nidx, "Primary:Kerberos at wrong position")
158         nidx = nidx + 1
159         if nidx == pidx:
160             nidx = nidx + 1
161
162         (widx, wp) = find_package(sc.sub.packages, "Primary:WDigest",
163                                   start_idx=nidx)
164         self.assertIsNotNone(pp, "Primary:WDigest required")
165         self.assertEqual(widx, nidx, "Primary:WDigest at wrong position")
166         nidx = nidx + 1
167         if nidx == pidx:
168             nidx = nidx + 1
169
170         (cidx, cp) = find_package(sc.sub.packages, "Primary:CLEARTEXT",
171                                     start_idx=nidx)
172         if cidx is not None:
173             self.assertEqual(cidx, nidx, "Primary:CLEARTEXT at wrong position")
174             nidx = nidx + 1
175             if nidx == pidx:
176                 nidx = nidx + 1
177
178         (gidx, gp) = find_package(sc.sub.packages, "Primary:SambaGPG",
179                                   start_idx=nidx)
180         if gidx is not None:
181             self.assertEqual(gidx, nidx, "Primary:SambaGPG at wrong position")
182             nidx = nidx + 1
183             if nidx == pidx:
184                 nidx = nidx + 1
185
186         self.assertEqual(nidx, sc.sub.num_packages, "Unknown packages found")
187
188     def test_setpassword(self):
189         for user in self.users:
190             newpasswd = self.randomPass()
191             (result, out, err) = self.runsubcmd("user", "setpassword",
192                                                 user["name"],
193                                                 "--newpassword=%s" % newpasswd,
194                                                 "-H", "ldap://%s" % os.environ["DC_SERVER"],
195                                                 "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
196             self.assertCmdSuccess(result, out, err, "Ensure setpassword runs")
197             self.assertEquals(err,"","setpassword with url")
198             self.assertMatch(out, "Changed password OK", "setpassword with url")
199
200         attributes = "sAMAccountName,unicodePwd,supplementalCredentials,virtualClearTextUTF8,virtualClearTextUTF16,virtualSSHA,virtualSambaGPG"
201         (result, out, err) = self.runsubcmd("user", "syncpasswords",
202                                             "--cache-ldb-initialize",
203                                             "--attributes=%s" % attributes,
204                                             "--decrypt-samba-gpg")
205         self.assertCmdSuccess(result, out, err, "Ensure syncpasswords --cache-ldb-initialize runs")
206         self.assertEqual(err,"","getpassword without url")
207         cache_attrs = {
208             "objectClass": { "value": "userSyncPasswords" },
209             "samdbUrl": { },
210             "dirsyncFilter": { },
211             "dirsyncAttribute": { },
212             "dirsyncControl": { "value": "dirsync:1:0:0"},
213             "passwordAttribute": { },
214             "decryptSambaGPG": { },
215             "currentTime": { },
216         }
217         for a in cache_attrs.keys():
218             v = cache_attrs[a].get("value", "")
219             self.assertMatch(out, "%s: %s" % (a, v),
220                 "syncpasswords --cache-ldb-initialize: %s: %s out[%s]" % (a, v, out))
221
222         (result, out, err) = self.runsubcmd("user", "syncpasswords", "--no-wait")
223         self.assertCmdSuccess(result, out, err, "Ensure syncpasswords --no-wait runs")
224         self.assertEqual(err,"","syncpasswords --no-wait")
225         self.assertMatch(out, "dirsync_loop(): results 0",
226             "syncpasswords --no-wait: 'dirsync_loop(): results 0': out[%s]" % (out))
227         for user in self.users:
228             self.assertMatch(out, "sAMAccountName: %s" % (user["name"]),
229                 "syncpasswords --no-wait: 'sAMAccountName': %s out[%s]" % (user["name"], out))
230
231         for user in self.users:
232             newpasswd = self.randomPass()
233             creds = credentials.Credentials()
234             creds.set_anonymous()
235             creds.set_password(newpasswd)
236             nthash = creds.get_nt_hash()
237             unicodePwd = base64.b64encode(creds.get_nt_hash())
238             virtualClearTextUTF8 = base64.b64encode(newpasswd)
239             virtualClearTextUTF16 = base64.b64encode(unicode(newpasswd, 'utf-8').encode('utf-16-le'))
240
241             (result, out, err) = self.runsubcmd("user", "setpassword",
242                                                 user["name"],
243                                                 "--newpassword=%s" % newpasswd)
244             self.assertCmdSuccess(result, out, err, "Ensure setpassword runs")
245             self.assertEquals(err,"","setpassword without url")
246             self.assertMatch(out, "Changed password OK", "setpassword without url")
247
248             (result, out, err) = self.runsubcmd("user", "syncpasswords", "--no-wait")
249             self.assertCmdSuccess(result, out, err, "Ensure syncpasswords --no-wait runs")
250             self.assertEqual(err,"","syncpasswords --no-wait")
251             self.assertMatch(out, "dirsync_loop(): results 0",
252                 "syncpasswords --no-wait: 'dirsync_loop(): results 0': out[%s]" % (out))
253             self.assertMatch(out, "sAMAccountName: %s" % (user["name"]),
254                 "syncpasswords --no-wait: 'sAMAccountName': %s out[%s]" % (user["name"], out))
255             self.assertMatch(out, "# unicodePwd::: REDACTED SECRET ATTRIBUTE",
256                     "getpassword '# unicodePwd::: REDACTED SECRET ATTRIBUTE': out[%s]" % out)
257             self.assertMatch(out, "unicodePwd:: %s" % unicodePwd,
258                     "getpassword unicodePwd: out[%s]" % out)
259             self.assertMatch(out, "# supplementalCredentials::: REDACTED SECRET ATTRIBUTE",
260                     "getpassword '# supplementalCredentials::: REDACTED SECRET ATTRIBUTE': out[%s]" % out)
261             self.assertMatch(out, "supplementalCredentials:: ",
262                     "getpassword supplementalCredentials: out[%s]" % out)
263             if "virtualSambaGPG:: " in out:
264                 self.assertMatch(out, "virtualClearTextUTF8:: %s" % virtualClearTextUTF8,
265                     "getpassword virtualClearTextUTF8: out[%s]" % out)
266                 self.assertMatch(out, "virtualClearTextUTF16:: %s" % virtualClearTextUTF16,
267                     "getpassword virtualClearTextUTF16: out[%s]" % out)
268                 self.assertMatch(out, "virtualSSHA: ",
269                     "getpassword virtualSSHA: out[%s]" % out)
270
271             (result, out, err) = self.runsubcmd("user", "getpassword",
272                                                 user["name"],
273                                                 "--attributes=%s" % attributes,
274                                                 "--decrypt-samba-gpg")
275             self.assertCmdSuccess(result, out, err, "Ensure getpassword runs")
276             self.assertEqual(err,"","getpassword without url")
277             self.assertMatch(out, "Got password OK", "getpassword without url")
278             self.assertMatch(out, "sAMAccountName: %s" % (user["name"]),
279                     "getpassword: 'sAMAccountName': %s out[%s]" % (user["name"], out))
280             self.assertMatch(out, "unicodePwd:: %s" % unicodePwd,
281                     "getpassword unicodePwd: out[%s]" % out)
282             self.assertMatch(out, "supplementalCredentials:: ",
283                     "getpassword supplementalCredentials: out[%s]" % out)
284             self._verify_supplementalCredentials(out.replace("\nGot password OK\n", ""))
285             if "virtualSambaGPG:: " in out:
286                 self.assertMatch(out, "virtualClearTextUTF8:: %s" % virtualClearTextUTF8,
287                     "getpassword virtualClearTextUTF8: out[%s]" % out)
288                 self.assertMatch(out, "virtualClearTextUTF16:: %s" % virtualClearTextUTF16,
289                     "getpassword virtualClearTextUTF16: out[%s]" % out)
290                 self.assertMatch(out, "virtualSSHA: ",
291                     "getpassword virtualSSHA: out[%s]" % out)
292
293         for user in self.users:
294             newpasswd = self.randomPass()
295             (result, out, err) = self.runsubcmd("user", "setpassword",
296                                                 user["name"],
297                                                 "--newpassword=%s" % newpasswd,
298                                                 "--must-change-at-next-login",
299                                                 "-H", "ldap://%s" % os.environ["DC_SERVER"],
300                                                 "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
301             self.assertCmdSuccess(result, out, err, "Ensure setpassword runs")
302             self.assertEquals(err,"","setpassword with forced change")
303             self.assertMatch(out, "Changed password OK", "setpassword with forced change")
304
305
306
307
308     def test_setexpiry(self):
309         twodays = time.time() + (2 * 24 * 60 * 60)
310
311         for user in self.users:
312             (result, out, err) = self.runsubcmd("user", "setexpiry", user["name"],
313                                                 "--days=2",
314                                                 "-H", "ldap://%s" % os.environ["DC_SERVER"],
315                                                 "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
316             self.assertCmdSuccess(result, out, err, "Can we run setexpiry with names")
317             self.assertIn("Expiry for user '%s' set to 2 days." % user["name"], out)
318
319         for user in self.users:
320             found = self._find_user(user["name"])
321
322             expires = nttime2unix(int("%s" % found.get("accountExpires")))
323             self.assertWithin(expires, twodays, 5, "Ensure account expires is within 5 seconds of the expected time")
324
325         # TODO: renable this after the filter case is sorted out
326         if "filters are broken, bail now":
327             return
328
329         # now run the expiration based on a filter
330         fourdays = time.time() + (4 * 24 * 60 * 60)
331         (result, out, err) = self.runsubcmd("user", "setexpiry",
332                                                 "--filter", "(&(objectClass=user)(company=comp2))",
333                                                 "--days=4",
334                                                 "-H", "ldap://%s" % os.environ["DC_SERVER"],
335                                                 "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
336         self.assertCmdSuccess(result, out, err, "Can we run setexpiry with a filter")
337
338         for user in self.users:
339             found = self._find_user(user["name"])
340             if ("%s" % found.get("company")) == "comp2":
341                 expires = nttime2unix(int("%s" % found.get("accountExpires")))
342                 self.assertWithin(expires, fourdays, 5, "Ensure account expires is within 5 seconds of the expected time")
343             else:
344                 expires = nttime2unix(int("%s" % found.get("accountExpires")))
345                 self.assertWithin(expires, twodays, 5, "Ensure account expires is within 5 seconds of the expected time")
346
347
348     def test_list(self):
349         (result, out, err) = self.runsubcmd("user", "list",
350                                             "-H", "ldap://%s" % os.environ["DC_SERVER"],
351                                             "-U%s%%%s" % (os.environ["DC_USERNAME"],
352                                                           os.environ["DC_PASSWORD"]))
353         self.assertCmdSuccess(result, out, err, "Error running list")
354
355         search_filter = ("(&(objectClass=user)(userAccountControl:%s:=%u))" %
356                          (ldb.OID_COMPARATOR_AND, dsdb.UF_NORMAL_ACCOUNT))
357
358         userlist = self.samdb.search(base=self.samdb.domain_dn(),
359                                      scope=ldb.SCOPE_SUBTREE,
360                                      expression=search_filter,
361                                      attrs=["samaccountname"])
362
363         self.assertTrue(len(userlist) > 0, "no users found in samdb")
364
365         for userobj in userlist:
366             name = userobj.get("samaccountname", idx=0)
367             found = self.assertMatch(out, name,
368                                      "user '%s' not found" % name)
369     def test_getpwent(self):
370         try:
371             import pwd
372         except ImportError:
373             self.skipTest("Skipping getpwent test, no 'pwd' module available")
374             return
375
376         # get the current user's data for the test
377         uid = os.geteuid()
378         try:
379             u = pwd.getpwuid(uid)
380         except KeyError:
381             self.skipTest("Skipping getpwent test, current EUID not found in NSS")
382             return
383
384
385 # samba-tool user add command didn't support users with empty gecos if none is
386 # specified on the command line and the user hasn't one in the passwd file it
387 # will fail, so let's add some contents
388
389         gecos = u[4]
390         if (gecos is None or len(gecos) == 0):
391             gecos = "Foo GECOS"
392         user = self._randomPosixUser({
393                         "name": u[0],
394                         "uid": u[0],
395                         "uidNumber": u[2],
396                         "gidNumber": u[3],
397                         "gecos": gecos,
398                         "loginShell": u[6],
399                         })
400         # check if --rfc2307-from-nss sets the same values as we got from pwd.getpwuid()
401         (result, out, err) = self.runsubcmd("user", "add", user["name"], user["password"],
402                                                 "--surname=%s" % user["surname"],
403                                                 "--given-name=%s" % user["given-name"],
404                                                 "--job-title=%s" % user["job-title"],
405                                                 "--department=%s" % user["department"],
406                                                 "--description=%s" % user["description"],
407                                                 "--company=%s" % user["company"],
408                                                 "--gecos=%s" % user["gecos"],
409                                                 "--rfc2307-from-nss",
410                                                 "-H", "ldap://%s" % os.environ["DC_SERVER"],
411                                                 "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
412
413         self.assertCmdSuccess(result, out, err)
414         self.assertEquals(err,"","Shouldn't be any error messages")
415         self.assertIn("User '%s' created successfully" % user["name"], out)
416
417         self._check_posix_user(user)
418         self.runsubcmd("user", "delete", user["name"])
419
420         # Check if overriding the attributes from NSS with explicit values works
421         #
422         # get a user with all random posix attributes
423         user = self._randomPosixUser({"name": u[0]})
424         # create a user with posix attributes from nss but override all of them with the
425         # random ones just obtained
426         (result, out, err) = self.runsubcmd("user", "add", user["name"], user["password"],
427                                                 "--surname=%s" % user["surname"],
428                                                 "--given-name=%s" % user["given-name"],
429                                                 "--job-title=%s" % user["job-title"],
430                                                 "--department=%s" % user["department"],
431                                                 "--description=%s" % user["description"],
432                                                 "--company=%s" % user["company"],
433                                                 "--rfc2307-from-nss",
434                                                 "--gecos=%s" % user["gecos"],
435                                                 "--login-shell=%s" % user["loginShell"],
436                                                 "--uid=%s" % user["uid"],
437                                                 "--uid-number=%s" % user["uidNumber"],
438                                                 "--gid-number=%s" % user["gidNumber"],
439                                                 "-H", "ldap://%s" % os.environ["DC_SERVER"],
440                                                 "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
441
442         self.assertCmdSuccess(result, out, err)
443         self.assertEquals(err,"","Shouldn't be any error messages")
444         self.assertIn("User '%s' created successfully" % user["name"], out)
445
446         self._check_posix_user(user)
447         self.runsubcmd("user", "delete", user["name"])
448
449     def _randomUser(self, base={}):
450         """create a user with random attribute values, you can specify base attributes"""
451         user = {
452             "name": self.randomName(),
453             "password": self.randomPass(),
454             "surname": self.randomName(),
455             "given-name": self.randomName(),
456             "job-title": self.randomName(),
457             "department": self.randomName(),
458             "company": self.randomName(),
459             "description": self.randomName(count=100),
460             "createUserFn": self._create_user,
461             "checkUserFn": self._check_user,
462             }
463         user.update(base)
464         return user
465
466     def _randomPosixUser(self, base={}):
467         """create a user with random attribute values and additional RFC2307
468         attributes, you can specify base attributes"""
469         user = self._randomUser({})
470         user.update(base)
471         posixAttributes = {
472             "uid": self.randomName(),
473             "loginShell": self.randomName(),
474             "gecos": self.randomName(),
475             "uidNumber": self.randomXid(),
476             "gidNumber": self.randomXid(),
477             "createUserFn": self._create_posix_user,
478             "checkUserFn": self._check_posix_user,
479         }
480         user.update(posixAttributes)
481         user.update(base)
482         return user
483
484     def _check_user(self, user):
485         """ check if a user from SamDB has the same attributes as its template """
486         found = self._find_user(user["name"])
487
488         self.assertEquals("%s" % found.get("name"), "%(given-name)s %(surname)s" % user)
489         self.assertEquals("%s" % found.get("title"), user["job-title"])
490         self.assertEquals("%s" % found.get("company"), user["company"])
491         self.assertEquals("%s" % found.get("description"), user["description"])
492         self.assertEquals("%s" % found.get("department"), user["department"])
493
494     def _check_posix_user(self, user):
495         """ check if a posix_user from SamDB has the same attributes as its template """
496         found = self._find_user(user["name"])
497
498         self.assertEquals("%s" % found.get("loginShell"), user["loginShell"])
499         self.assertEquals("%s" % found.get("gecos"), user["gecos"])
500         self.assertEquals("%s" % found.get("uidNumber"), "%s" % user["uidNumber"])
501         self.assertEquals("%s" % found.get("gidNumber"), "%s" % user["gidNumber"])
502         self.assertEquals("%s" % found.get("uid"), user["uid"])
503         self._check_user(user)
504
505     def _create_user(self, user):
506         return self.runsubcmd("user", "add", user["name"], user["password"],
507                                                 "--surname=%s" % user["surname"],
508                                                 "--given-name=%s" % user["given-name"],
509                                                 "--job-title=%s" % user["job-title"],
510                                                 "--department=%s" % user["department"],
511                                                 "--description=%s" % user["description"],
512                                                 "--company=%s" % user["company"],
513                                                 "-H", "ldap://%s" % os.environ["DC_SERVER"],
514                                                 "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
515     def _create_posix_user(self, user):
516         """ create a new user with RFC2307 attributes """
517         return self.runsubcmd("user", "create", user["name"], user["password"],
518                                                 "--surname=%s" % user["surname"],
519                                                 "--given-name=%s" % user["given-name"],
520                                                 "--job-title=%s" % user["job-title"],
521                                                 "--department=%s" % user["department"],
522                                                 "--description=%s" % user["description"],
523                                                 "--company=%s" % user["company"],
524                                                 "--gecos=%s" % user["gecos"],
525                                                 "--login-shell=%s" % user["loginShell"],
526                                                 "--uid=%s" % user["uid"],
527                                                 "--uid-number=%s" % user["uidNumber"],
528                                                 "--gid-number=%s" % user["gidNumber"],
529                                                 "-H", "ldap://%s" % os.environ["DC_SERVER"],
530                                                 "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
531
532     def _find_user(self, name):
533         search_filter = "(&(sAMAccountName=%s)(objectCategory=%s,%s))" % (ldb.binary_encode(name), "CN=Person,CN=Schema,CN=Configuration", self.samdb.domain_dn())
534         userlist = self.samdb.search(base=self.samdb.domain_dn(),
535                                   scope=ldb.SCOPE_SUBTREE,
536                                   expression=search_filter, attrs=[])
537         if userlist:
538             return userlist[0]
539         else:
540             return None
Work in progress branches