From fa27253b503d37010286765abcfa18b770da4aa2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lauri=20V=C3=B5sandi?= Date: Fri, 1 Apr 2016 00:01:58 +0300 Subject: [PATCH] Add 'certidude users' command for listing user accounts --- certidude/cli.py | 11 +++++++++++ certidude/templates/certidude.conf | 2 +- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/certidude/cli.py b/certidude/cli.py index 9ba95ab..e7c8f52 100755 --- a/certidude/cli.py +++ b/certidude/cli.py @@ -914,6 +914,16 @@ def certidude_setup_authority(username, static_path, kerberos_keytab, nginx_conf click.echo(" certidude serve") +@click.command("users", help="List users") +def certidude_users(): + from certidude.user import User + admins = set(User.objects.filter_admins()) + for user in User.objects.all(): + print "%s;%s;%s;%s;%s" % ( + "admin" if user in admins else "user", + user.name, user.given_name, user.surname, user.mail) + + @click.command("list", help="List certificates") @click.option("--verbose", "-v", default=False, is_flag=True, help="Verbose output") @click.option("--show-key-type", "-k", default=False, is_flag=True, help="Show key type and length") @@ -1167,3 +1177,4 @@ entry_point.add_command(certidude_signer) entry_point.add_command(certidude_request) entry_point.add_command(certidude_sign) entry_point.add_command(certidude_list) +entry_point.add_command(certidude_users) diff --git a/certidude/templates/certidude.conf b/certidude/templates/certidude.conf index 8d54dd1..0e765c8 100644 --- a/certidude/templates/certidude.conf +++ b/certidude/templates/certidude.conf @@ -31,7 +31,7 @@ posix admin group = sudo ;backend = ldap ldap computer filter = (&(objectclass=user)(objectclass=computer)(samaccountname=%s)) -ldap user filter = (&(objectclass=user)(objectclass=person)(samaccountname=%s)) +ldap user filter = (&(objectclass=user)(objectcategory=person)(samaccountname=%s)) ldap admin filter = (&(memberOf=cn=Domain Admins,cn=Users,{% if base %}{{ base }}{% else %}dc=example,dc=com{% endif %})(samaccountname=%s)) # Users are allowed to log in from user subnets