diff --git a/app/alembic/versions/df4287898910_add_samaccountname_to_computers.py b/app/alembic/versions/df4287898910_add_samaccountname_to_computers.py new file mode 100644 index 000000000..c1635b6c0 --- /dev/null +++ b/app/alembic/versions/df4287898910_add_samaccountname_to_computers.py @@ -0,0 +1,88 @@ +"""Add sAMAccountName attribute to Computer directories. + +Revision ID: df4287898910 +Revises: 19d86e660cf2 +Create Date: 2026-03-10 07:33:43.493288 + +""" + +from alembic import op +from dishka import AsyncContainer, Scope +from sqlalchemy import delete, exists, select +from sqlalchemy.ext.asyncio import AsyncConnection, AsyncSession + +from entities import Attribute, Directory, EntityType +from enums import EntityTypeNames +from repo.pg.tables import queryable_attr as qa + +# revision identifiers, used by Alembic. +revision: None | str = "df4287898910" +down_revision: None | str = "19d86e660cf2" +branch_labels: None | list[str] = None +depends_on: None | list[str] = None + +_ATTR_NAME_SAMACCOUNTNAME = "sAMAccountName" + + +def upgrade(container: AsyncContainer) -> None: + """Upgrade.""" + + async def _add_samaccountname_attr_to_computers( + connection: AsyncConnection, # noqa: ARG001 + ) -> None: + async with container(scope=Scope.REQUEST) as cnt: + session = await cnt.get(AsyncSession) + + computer_dirs = await session.scalars( + select(Directory) + .join(qa(Directory.entity_type)) + .where( + qa(EntityType.name) == EntityTypeNames.COMPUTER, + ~exists( + select(qa(Attribute.id)) + .where( + qa(Attribute.directory_id) == qa(Directory.id), + qa(Attribute.name) == _ATTR_NAME_SAMACCOUNTNAME, + ), + ), + ), + ) # fmt: skip + + for directory in computer_dirs: + session.add( + Attribute( + name=_ATTR_NAME_SAMACCOUNTNAME, + value=directory.name, + directory_id=directory.id, + ), + ) + + await session.commit() + + op.run_async(_add_samaccountname_attr_to_computers) + + +def downgrade(container: AsyncContainer) -> None: + """Downgrade.""" + + async def _remove_samaccountname_attr_from_computers( + connection: AsyncConnection, # noqa: ARG001 + ) -> None: + async with container(scope=Scope.REQUEST) as cnt: + session = await cnt.get(AsyncSession) + + computer_dir_ids = ( + select(qa(Directory.id)) + .join(qa(Directory.entity_type)) + .where(qa(EntityType.name) == EntityTypeNames.COMPUTER) + ) + await session.execute( + delete(Attribute).where( + qa(Attribute.name) == _ATTR_NAME_SAMACCOUNTNAME, + qa(Attribute.directory_id).in_(computer_dir_ids), + ), + ) + + await session.commit() + + op.run_async(_remove_samaccountname_attr_from_computers) diff --git a/app/ldap_protocol/ldap_requests/modify.py b/app/ldap_protocol/ldap_requests/modify.py index 9b1b03edf..ce10596e9 100644 --- a/app/ldap_protocol/ldap_requests/modify.py +++ b/app/ldap_protocol/ldap_requests/modify.py @@ -938,6 +938,8 @@ async def _add( # noqa: C901 await kadmin.modify_princ( directory.user.sam_account_name, new_sam_account_name, + algorithms=None, + password=None, ) directory.user.user_principal_name = new_user_principal_name # noqa: E501 # fmt: skip @@ -1044,10 +1046,14 @@ async def _modify_computer_samaccountname( await kadmin.modify_princ( f"host/{old_sam_account_name}", f"host/{new_sam_account_name}", + algorithms=None, + password=None, ) await kadmin.modify_princ( f"host/{old_sam_account_name}.{base_dir.name}", f"host/{new_sam_account_name}.{base_dir.name}", + algorithms=None, + password=None, ) async def _get_base_dir( diff --git a/interface b/interface index 3732b6958..5d5a80ee7 160000 --- a/interface +++ b/interface @@ -1 +1 @@ -Subproject commit 3732b695844e95e1692ae83e1b2e1de70e68b380 +Subproject commit 5d5a80ee7e9ea073338cac26a57be5f91a8d47f7