Ability to force user to reset password + additional method

[dxniro]

Hi skelsec,

I played around with msldap and tried to force a user to reset his password. What I found out is, that the single_interval method from typeconversion.py does not have implemented a condition, if encode is set to True.

So I made a workaround for this issue and set the pwdLastSet Attribute with a single_int in the MSLDAP_BUILTIN_ATTRIBUTE_TYPES_ENC list. This way, I am able to make a change to the attribute with following two params:

0 (int) > forces the user to reset the password at next logon
-1 (int) > reverts the password change force and sets the timestamp to the actual time now

(this workflow is also used by the account option build-in "User must change password at next logon")

Another idea was to implement the missing part in the single_interval method but I am not sure, if or what else may not work correctly, if an condition for encoded=true is in place, to set integer values.

If this is an valid way for you to add this functionality, I would be happy if you approve or correct this PR.

Also inside this PR the method get_dn() in client.py is implemented, to be able to gather the distinguished name by samAccountName.

Best regards,
Daniel

[skelsec]

the get_dn logic is already implemented in the sam2dn and dn2sam functions.
In regards of the pwdLastSet attribute, I'll wait for the discussion in #63 to finish, as I'm not a fan of mixing up the builtin logic, but what I'm thinking of is that we could add a pwdLastSetInt attribute for encoding that will act as an integer.

[dxniro]

thank you, I missed that one about the dn!

[skelsec]

in the new commit I just made (main branch) there is now an option to define your own types! Will this be an acceptable solution for you?